plumtast Posted October 29, 2012 Posted October 29, 2012 Using PC running XP SP3 with Thomson router wirless and had malware infection (related to live security platinum - forget exact name) while using Firefox. MS security essentials was already installed but not sure whether working properly. Previously had AVG and have since reinstalled it post-malware but showing driver problem. Malwarebytes and anvi smart defender have since been used to try to remove malware and seemed to have worked to some extent because PC no longer locked with ransom screen asking you to pay for the rogue security software. However, the most recent problem is inability to connect to our home wireless network. When trying 'repair', it tries to renew IP address but gets stuck and when ask for details, get error message about IP address, subnet mask, and default gateway (and in fact today, it's not even showing the wireless connections in range - i.e. no list - and just says cannot configure connection). I did an ipconfg command prompt and got the following info: Windows IP Configuration Host Name . . . . . . . . . . . . : mesh Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : NVIDIA nForce Networking Controller Physical Address. . . . . . . . . : 00-17-31-2F-AB-F7Ethernet adapter Local Area Connection 3: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Bluetooth PAN Network Adapter Physical Address. . . . . . . . . : 00-03-0D-00-00-01Ethernet adapter Wireless Network Connection 12: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : ADD-GWP110v4 PCI Wireless LAN Card Physical Address. . . . . . . . . : 00-A1-B0-25-29-C4 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 0.0.0.0 Subnet Mask . . . . . . . . . . . : 0.0.0.0 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 255.255.255.255 Any help much appreciated:confused: Quote
KenB Posted October 29, 2012 Posted October 29, 2012 Hi and welcome to ExTS Did you have help to get rid of the malware or did you just rely on MBAM and your AV ? ============= Please try an ethernet cable direct to the router and let me know if you can access the net this way ============= Please click on the orange Network Test in my signature ( bottom of this post ) You will need to save it to a memory stick (or run it from the wired connection) and run the software from there. Copy and post the result here please. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
plumtast Posted October 29, 2012 Author Posted October 29, 2012 Hi and welcome to ExTS Did you have help to get rid of the malware or did you just rely on MBAM and your AV ? ============= No help, just those. Not sure it's gone - how can I test? Please try an ethernet cable direct to the router and let me know if you can access the net this way ============= Yes that works Please click on the orange Network Test in my signature ( bottom of this post ) You will need to save it to a memory stick (or run it from the wired connection) and run the software from there. Copy and post the result here please. =============== I've run this - I'll PM results to you. Quote
KenB Posted October 29, 2012 Posted October 29, 2012 Post them here - there is nothing personal I will ask one of our security guys to advise you further if necessary regarding the malware issue. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
plumtast Posted October 29, 2012 Author Posted October 29, 2012 Ok - my name was on one of the files but I've asterisked that. Windows IP Configuration Host Name . . . . . . . . . . . . : mesh Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : lan Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : lan Description . . . . . . . . . . . : NVIDIA nForce Networking Controller Physical Address. . . . . . . . . : 00-17-31-2F-AB-F7 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.64 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DNS Servers . . . . . . . . . . . : 192.168.1.254 Lease Obtained. . . . . . . . . . : 29 October 2012 17:09:01 Lease Expires . . . . . . . . . . : 30 October 2012 17:09:01 Ethernet adapter Wireless Network Connection 13: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : ADD-GWP110v4 PCI Wireless LAN Card Physical Address. . . . . . . . . : 00-A1-B0-25-29-C4 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Autoconfiguration IP Address. . . : 169.254.118.97 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : Ethernet adapter Local Area Connection 3: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Bluetooth PAN Network Adapter Physical Address. . . . . . . . . : 00-03-0D-00-00-01 Pinging 194.119.131.66 with 32 bytes of data: Reply from 194.119.131.66: bytes=32 time=18ms TTL=55 Reply from 194.119.131.66: bytes=32 time=18ms TTL=55 Reply from 194.119.131.66: bytes=32 time=17ms TTL=55 Reply from 194.119.131.66: bytes=32 time=18ms TTL=55 Ping statistics for 194.119.131.66: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 17ms, Maximum = 18ms, Average = 17ms Pinging plus.net [212.159.8.2] with 32 bytes of data: Reply from 212.159.8.2: bytes=32 time=28ms TTL=248 Reply from 212.159.8.2: bytes=32 time=28ms TTL=248 Reply from 212.159.8.2: bytes=32 time=28ms TTL=248 Reply from 212.159.8.2: bytes=32 time=27ms TTL=248 Ping statistics for 212.159.8.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 27ms, Maximum = 28ms, Average = 27ms Tracing route to cns1.uk.vianw.net [194.119.131.66] over a maximum of 30 hops: 1 6 ms 99 ms 99 ms dsldevice.lan [192.168.1.254] 2 18 ms 23 ms 19 ms lo0-central10.ptw-ag03.plus.net [195.166.128.197] 3 20 ms 33 ms 19 ms link9-central10.ptw-gw01.plus.net [84.93.248.80] 4 64 ms 19 ms 19 ms xe-7-2-0.ptw-cr01.plus.net [212.159.1.20] 5 19 ms 18 ms 19 ms g1-1-1-t40-br3.router.uk.clara.net [195.66.224.66] 6 19 ms 19 ms 20 ms ten1-0-0-t40-cr1.router.uk.clara.net [195.8.68.85] 7 111 ms 55 ms 55 ms ten2-0-0-t6-cr2.router.uk.clara.net [195.8.68.118] 8 20 ms 19 ms 19 ms g6-1-t6-ar12.router.uk.clara.net [195.157.0.245] 9 18 ms 18 ms 18 ms cns1.uk.vianw.net [194.119.131.66] Trace complete. These Windows services are started: Akamai NetSession Interface Apple Mobile Device Ati HotKey Poller AVG WatchDog BlueSoleil Hid Service Bonjour Service COM+ Event System Cryptographic Services CyberLink Background Capture Service (CBCS) CyberLink Media Library Service CyberLink Task Scheduler (CTS) DCOM Server Process Launcher DHCP Client Distributed Link Tracking Client DNS Client Error Reporting Service Event Log Fast User Switching Compatibility Frontier Compute Engine Frontier Update Service Help and Support HTTP SSL Indexing Service IPSEC Services Java Quick Starter Network Connections Network Location Awareness (NLA) Plug and Play Pml Driver HPZ12 PnkBstrA Print Spooler Protected Storage Ralink Registry Writer Remote Access Connection Manager Remote Procedure Call (RPC) Secondary Logon Security Accounts Manager Server Shell Hardware Detection SSDP Discovery Service System Event Notification System Restore Service Task Scheduler TCP/IP NetBIOS Helper Telephony Terminal Services Themes Ulead Burning Helper Universal Plug and Play Device Host Viewpoint Manager Service vToolbarUpdater13.2.0 WebClient Windows Audio Windows Image Acquisition (WIA) Windows Installer Windows Management Instrumentation Windows Media Player Network Sharing Service Windows Time Workstation The command completed successfully. Microsoft Windows XP [Version 5.1.2600] The following command was not found: interface ipv4 show subinterfaces. =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 17 31 2f ab f7 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport 0x3 ...00 a1 b0 25 29 c4 ...... ADD-GWP110v4 PCI Wireless LAN Card - Packet Scheduler Miniport 0x4 ...00 03 0d 00 00 01 ...... Bluetooth PAN Network Adapter - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 169.254.0.0 255.255.0.0 169.254.118.97 169.254.118.97 20 169.254.118.97 255.255.255.255 127.0.0.1 127.0.0.1 25 169.254.255.255 255.255.255.255 169.254.118.97 169.254.118.97 25 192.168.1.0 255.255.255.0 192.168.1.64 192.168.1.64 20 192.168.1.64 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.1.255 255.255.255.255 192.168.1.64 192.168.1.64 20 224.0.0.0 240.0.0.0 169.254.118.97 169.254.118.97 25 224.0.0.0 240.0.0.0 192.168.1.64 192.168.1.64 20 255.255.255.255 255.255.255.255 169.254.118.97 169.254.118.97 1 255.255.255.255 255.255.255.255 192.168.1.64 192.168.1.64 1 255.255.255.255 255.255.255.255 192.168.1.64 4 1 Default Gateway: 192.168.1.254 =========================================================================== Persistent Routes: None Local Area Connection: Node IpAddress: [192.168.1.64] Scope Id: [] No Connections Wireless Network Connection 13: Node IpAddress: [169.254.118.97] Scope Id: [] No Connections Local Area Connection 3: Node IpAddress: [0.0.0.0] Scope Id: [] No Connections ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCMService REG_SZ "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" {1290A33C-85F5-4164-A1BE-7DD299D4986A} REG_SZ "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe" Ptipbmf REG_SZ rundll32.exe ptipbmf.dll,SetWriteCacheMode SoundMan REG_SZ SOUNDMAN.EXE ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" TkBellExe REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe boincmgr REG_SZ "C:\Program Files\BOINC\boincmgr.exe" /a /s boinctray REG_SZ "C:\Program Files\BOINC\boinctray.exe" QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime KeePass 2 PreLoad REG_SZ "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload My Web Search Bar Search Scope Monitor REG_SZ "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0 DivXUpdate REG_SZ "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW <NO NAME> REG_SZ ApnUpdater REG_SZ "C:\Program Files\Ask.com\Updater\Updater.exe" MSC REG_SZ "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey Regedit32 REG_SZ C:\WINDOWS\system32\regedit.exe Anvi Smart Defender REG_SZ C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe AVG_UI REG_SZ "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY vProt REG_SZ "C:\Program Files\AVG Secure Search\vprot.exe" ROC_roc_ssl_v12 REG_SZ "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe Power2GoExpress REG_SZ BullGuard REG_SZ "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe MyWebSearch Email Plugin REG_SZ C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe Akamai NetSession Interface REG_SZ "C:\Documents and Settings\**********\Local Settings\Application Data\Akamai\netsession_win.exe" ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Microsoft Windows XP [Version 5.1.2600] Quote
KenB Posted October 29, 2012 Posted October 29, 2012 Hi This was done with the wired connection by the looks of it. What does this look like if you do it wireless ( no wired connection ) Clicl on Wireless Test below. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
KenB Posted October 29, 2012 Posted October 29, 2012 Hi I have deleted the latest log that you posted as it was exactly the same as the first. I should have asked you to download the Wireless Test whilst connected with the cable then disconnect the cable and run the test software. I want to compare the two. =============== Also .....start > type in .....devmgmt.msc .....Enter Click the + next to Network Adapters. Please post what is listed. Are there any yellow exclamation marks or red Xs ? =============== If this is a laptop - is the wireless switch in the ON position ? Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
plumtast Posted October 29, 2012 Author Posted October 29, 2012 Hi I have deleted the latest log that you posted as it was exactly the same as the first. I should have asked you to download the Wireless Test whilst connected with the cable then disconnect the cable and run the test software. I want to compare the two. =============== Also .....start > type in .....devmgmt.msc .....Enter Click the + next to Network Adapters. Please post what is listed. Are there any yellow exclamation marks or red Xs ? =============== If this is a laptop - is the wireless switch in the ON position ? ======================= Not a laptop - PC =========== Yellow exclamation mark next to: virtualbox bridged networking driver miniport #10 There are others in list if needed but no marks against them. ================= Report as follows (though seemed to stall at one point - didn't automatically produce results though when exiting prompt it produced them!): Windows IP Configuration Host Name . . . . . . . . . . . . : mesh Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : NVIDIA nForce Networking Controller Physical Address. . . . . . . . . : 00-17-31-2F-AB-F7 Ethernet adapter Wireless Network Connection 13: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : ADD-GWP110v4 PCI Wireless LAN Card Physical Address. . . . . . . . . : 00-A1-B0-25-29-C4 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Autoconfiguration IP Address. . . : 169.254.118.97 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : 169.254.118.97 Ethernet adapter Local Area Connection 3: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Bluetooth PAN Network Adapter Physical Address. . . . . . . . . : 00-03-0D-00-00-01 The following command was not found: wlan show networks mode=bssid. The following command was not found: wlan show profile. Pinging 194.119.131.66 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 194.119.131.66: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Ping request could not find host plus.net. Please check the name and try again. Tracing route to 194.119.131.66 over a maximum of 30 hops 1 * * * Request timed out. 2 * * * Request timed out. 3 * * * Request timed out. 4 * * * Request timed out. 5 * * * Request timed out. 6 * * * Request timed out. 7 * * * Request timed out. 8 * * * Request timed out. 9 * * * Request timed out. 10 * * * Request timed out. 11 * * * Request timed out. 12 * * * Request timed out. 13 These Windows services are started: Akamai NetSession Interface Apple Mobile Device Ati HotKey Poller AVG WatchDog BlueSoleil Hid Service Bonjour Service COM+ Event System Cryptographic Services CyberLink Background Capture Service (CBCS) CyberLink Media Library Service CyberLink Task Scheduler (CTS) DCOM Server Process Launcher DHCP Client Distributed Link Tracking Client DNS Client Error Reporting Service Event Log Fast User Switching Compatibility Frontier Compute Engine Frontier Update Service Help and Support HTTP SSL Indexing Service IPSEC Services Java Quick Starter Network Connections Network Location Awareness (NLA) Plug and Play Pml Driver HPZ12 PnkBstrA Print Spooler Protected Storage Ralink Registry Writer Remote Access Connection Manager Remote Procedure Call (RPC) Secondary Logon Security Accounts Manager Server Shell Hardware Detection SSDP Discovery Service System Event Notification System Restore Service Task Scheduler TCP/IP NetBIOS Helper Telephony Terminal Services Themes Ulead Burning Helper Universal Plug and Play Device Host Viewpoint Manager Service vToolbarUpdater13.2.0 WebClient Windows Audio Windows Image Acquisition (WIA) Windows Management Instrumentation Windows Media Player Network Sharing Service Windows Time Workstation The command completed successfully. Microsoft Windows XP [Version 5.1.2600] The following command was not found: interface ipv4 show subinterfaces. The following command was not found: int tcp show globa. =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 17 31 2f ab f7 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport 0x3 ...00 a1 b0 25 29 c4 ...... ADD-GWP110v4 PCI Wireless LAN Card - Packet Scheduler Miniport 0x4 ...00 03 0d 00 00 01 ...... Bluetooth PAN Network Adapter - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 169.254.118.97 169.254.118.97 399 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 169.254.0.0 255.255.0.0 169.254.118.97 169.254.118.97 20 169.254.118.97 255.255.255.255 127.0.0.1 127.0.0.1 25 169.254.255.255 255.255.255.255 169.254.118.97 169.254.118.97 25 224.0.0.0 240.0.0.0 169.254.118.97 169.254.118.97 25 255.255.255.255 255.255.255.255 169.254.118.97 4 1 255.255.255.255 255.255.255.255 169.254.118.97 2 1 255.255.255.255 255.255.255.255 169.254.118.97 169.254.118.97 1 Default Gateway: 169.254.118.97 =========================================================================== Persistent Routes: None Local Area Connection: Node IpAddress: [0.0.0.0] Scope Id: [] No Connections Wireless Network Connection 13: Node IpAddress: [169.254.118.97] Scope Id: [] No Connections Local Area Connection 3: Node IpAddress: [0.0.0.0] Scope Id: [] No Connections Server: UnKnown Address: 127.0.0.1 ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCMService REG_SZ "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" {1290A33C-85F5-4164-A1BE-7DD299D4986A} REG_SZ "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe" Ptipbmf REG_SZ rundll32.exe ptipbmf.dll,SetWriteCacheMode SoundMan REG_SZ SOUNDMAN.EXE ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" TkBellExe REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe boincmgr REG_SZ "C:\Program Files\BOINC\boincmgr.exe" /a /s boinctray REG_SZ "C:\Program Files\BOINC\boinctray.exe" QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime KeePass 2 PreLoad REG_SZ "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload My Web Search Bar Search Scope Monitor REG_SZ "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0 DivXUpdate REG_SZ "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW <NO NAME> REG_SZ ApnUpdater REG_SZ "C:\Program Files\Ask.com\Updater\Updater.exe" MSC REG_SZ "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey Regedit32 REG_SZ C:\WINDOWS\system32\regedit.exe Anvi Smart Defender REG_SZ C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe AVG_UI REG_SZ "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY vProt REG_SZ "C:\Program Files\AVG Secure Search\vprot.exe" ROC_roc_ssl_v12 REG_SZ "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe Power2GoExpress REG_SZ BullGuard REG_SZ "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe MyWebSearch Email Plugin REG_SZ C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe Akamai NetSession Interface REG_SZ "C:\Documents and Settings\***********\Local Settings\Application Data\Akamai\netsession_win.exe" ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Quote
Starbuck Posted October 29, 2012 Posted October 29, 2012 (edited) Hi plumtast Let's make sure that the malware has been removed. Please follow these 3 steps for now. Step 1 Download RogueKiller and save it to your desktop. Close all the running processes Double click RogueKiller icon to run the program Vista/Win7 users should right click the icon and select Run as Administrator. When prompted, type 1 (SCAN) and then press Enter A report will open, please copy and paste this report in your next reply. A copy of the RKreport.txt can be found on your desktop. Note: If RogueKiller is blocked, do not hesitate to try running it again. If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again. Step 2 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Search. A logfile will automatically open after the scan has finished. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[R1].txt as well. Step 3 Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply. Please post the 3 reports in your next reply. Thanks Edited October 29, 2012 by Starbuck Quote Member of:UNITE
plumtast Posted October 29, 2012 Author Posted October 29, 2012 Hi plumtast Let's make sure that the malware has been removed. Please follow these 3 steps for now. Step 1 Download RogueKiller and save it to your desktop. Close all the running processes Double click RogueKiller icon to run the program Vista/Win7 users should right click the icon and select Run as Administrator. When prompted, type 1 (SCAN) and then press Enter A report will open, please copy and paste this report in your next reply. A copy of the RKreport.txt can be found on your desktop. Note: If RogueKiller is blocked, do not hesitate to try running it again. If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again. Step 2 Please download AdwCleaner by Xplode onto your desktop. Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Search. A logfile will automatically open after the scan has finished. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[R1].txt as well. Step 3 Please download Farbar Service Scanner and run it on the computer with the issue. Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply. Please post the 3 reports in your next reply. Thanks Rogue Killer RogueKiller V8.2.1 [10/29/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User :[Admin rights] Mode : Scan -- Date : 10/29/2012 21:44:59 ¤¤¤ Bad processes : 4 ¤¤¤ [sUSP PATH] wcg_faah_autodock_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_faah_autodock_6.40_windows_intelx86 -> KILLED [TermProc] [sUSP PATH] wcg_hpf2_rosetta_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86 -> KILLED [TermProc] [RESIDUE] wcg_faah_autodock_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_faah_autodock_6.40_windows_intelx86 -> KILLED [TermProc] [RESIDUE] wcg_hpf2_rosetta_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86 -> KILLED [TermProc] ¤¤¤ Registry Entries : 7 ¤¤¤ [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet003\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND [TASK][sUSP PATH] {35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job : C:\WINDOWS\Ssudea.exe -> FOUND [TASK][sUSP PATH] {22116563-108C-42c0-A7CE-60161B75E508}.job : C:\DOCUME~1\visitor\LOCALS~1\Temp\Sbx.exe -> FOUND [HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : C:\WINDOWS\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U --> FOUND [ZeroAccess][FOLDER] L : C:\WINDOWS\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Maxtor 6V250F0 +++++ --- User --- [MBR] 4d9f567356a1513974290e6595d0a1a0 [bSP] d119ba93793e2a02163436fbf2281b49 : Windows Vista/7 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 4502 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 9221310 | Size: 234864 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt ======================================================= Adwcleaner: # AdwCleaner v2.005 - Logfile created 10/29/2012 at 21:47:08 # Updated 14/10/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : - MESH # Boot Mode : Normal # Running from : C:\Documents and Settings\\My Documents\Downloads\AdwCleaner.exe # Option [search] ***** [services] ***** Found : MyWebSearchService Found : Viewpoint Manager Service ***** [Files / Folders] ***** File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml File Found : C:\WINDOWS\system32\conduitEngine.tmp File Found : C:\WINDOWS\system32\f3PSSavr.scr File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Folder Found : C:\Documents and Settings\All Users\Application Data\Ask Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Found : C:\Documents and Settings\\Application Data\PriceGong Folder Found : C:\Documents and Settings\\Local Settings\Application Data\APN Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AskToolbar Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Conduit Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Softonic-Eng7 Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Viewpoint Folder Found : C:\Documents and Settings\\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\\Application Data\PriceGong Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AskToolbar Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Conduit Folder Found : C:\Documents and Settings\\Local Settings\Application Data\ConduitEngine Folder Found : C:\Documents and Settingsz\\Local Settings\Application Data\Softonic-Eng7 Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Viewpoint Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AskToolbar Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Viewpoint Folder Found : C:\Documents and Settings\\Application Data\Viewpoint Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Viewpoint Folder Found : C:\Documents and Settings\\My Documents\I Want This Folder Found : C:\Documents and Settings\dfgs\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\dfgs\Local Settings\Application Data\AskToolbar Folder Found : C:\Documents and Settings\dfgs\Local Settings\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\dfgs\Local Settings\Application Data\Viewpoint Folder Found : C:\Documents and Settings\visitor\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\visitor\Application Data\Mozilla\Firefox\Profiles\psfyj4ez.default\Conduit Folder Found : C:\Documents and Settings\visitor\Application Data\Mozilla\Firefox\Profiles\psfyj4ez.default\ConduitEngine Folder Found : C:\Documents and Settings\visitor\Application Data\PriceGong Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\AskToolbar Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\Conduit Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\ConduitEngine Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\Softonic-Eng7 Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\Viewpoint Folder Found : C:\Program Files\Ask.com Folder Found : C:\Program Files\AVG Secure Search Folder Found : C:\Program Files\Common Files\AVG Secure Search Folder Found : C:\Program Files\Common Files\Viewpoint Folder Found : C:\Program Files\Conduit Folder Found : C:\Program Files\FunWebProducts Folder Found : C:\Program Files\MyWebSearch Folder Found : C:\Program Files\Softonic-Eng7 Folder Found : C:\Program Files\Viewpoint Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Found : HKCU\Software\APN Key Found : HKCU\Software\AskToolbar Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\conduitEngine Key Found : HKCU\Software\Fun Web Products Key Found : HKCU\Software\FunWebProducts Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\VWPT Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7327C09-B521-4EDB-8509-7D2660C9EC98} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8AD5AA5-D966-4667-9DAF-2561D68B2012} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7327C09-B521-4EDB-8509-7D2660C9EC98} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8AD5AA5-D966-4667-9DAF-2561D68B2012} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKCU\Software\MyWebSearch Key Found : HKCU\Software\PriceGong Key Found : HKCU\Software\Softonic-Eng7 Key Found : HKCU\Software\Viewpoint Key Found : HKCU\Toolbar Key Found : HKLM\Software\APN Key Found : HKLM\Software\AskToolbar Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Classes\CLSID\{0E2C3126-DDED-4A58-800E-9AEDE84EA31E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} Key Found : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} Key Found : HKLM\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} Key Found : HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A7327C09-B521-4EDB-8509-7D2660C9EC98} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD701DC7-7CEB-462E-B66E-935C7F50E57D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012} Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1 Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1 Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1 Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1 Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2 Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1 Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1 Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1 Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1 Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1 Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} Key Found : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} Key Found : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Found : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Found : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906} Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} Key Found : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Found : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1 Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1 Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1 Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1 Key Found : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin Key Found : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1 Key Found : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin Key Found : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1 Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\S Key Found : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller Key Found : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1 Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2405280 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\FocusInteractive Key Found : HKLM\Software\Freeze.com Key Found : HKLM\Software\Fun Web Products Key Found : HKLM\Software\FunWebProducts Key Found : HKLM\Software\MetaStream Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{180F80D4-6370-467D-8C82-E03E8746E177} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27E8D778-A556-472E-92E8-43689D58DC15} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0} Key Found : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss Key Found : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin Key Found : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic-Eng7 Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Manager Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AD701DC7-7CEB-462E-B66E-935C7F50E57D} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic-Eng7 Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Toolbar Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Found : HKLM\Software\MyWebSearch Key Found : HKLM\Software\Softonic-Eng7 Key Found : HKLM\Software\Viewpoint Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0} Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0} Key Found : HKU\S-1-5-21-1646635644-807565481-2889989635-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\S-1-5-21-1646635644-807565481-2889989635-1006\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0} Key Found : HKU\S-1-5-21-1646635644-807565481-2889989635-1006\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07B18EA9-A523-4961-B6BB-170DE4475CCA}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00A6FAF6-072E-44CF-8957-5838F569A31D}] Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F8AD5AA5-D966-4667-9DAF-2561D68B2012}] Value Found : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [My Web Search Bar Search Scope Monitor] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.1 (en-US) Profile name : default File : C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\lr2j7lup.default\prefs.js Found : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Found : user_pref("keyword.URL", "https://isearch.avg.com/search?cid={BF834818-53B8-4657-A041-7D8DCFD5FF69}&[...] Profile name : default File : C:\Documents and Settings\visitor\Application Data\Mozilla\Firefox\Profiles\psfyj4ez.default\prefs.js Found : user_pref("extensions.skipscreen.hostMatchStr", "http://www.shared.com/(get|audio|file|document|dir[...] Profile name : default File : C:\Documents and Settings\dfgs\Application Data\Mozilla\Firefox\Profiles\nr1xmfqf.default\prefs.js Found : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Found : user_pref("browser.search.selectedEngine", "AVG Secure Search"); Found : user_pref("keyword.URL", "https://isearch.avg.com/search?cid={BF834818-53B8-4657-A041-7D8DCFD5FF69}&[...] -\\ Google Chrome v [unable to get version] File : C:\Documents and Settings\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Documents and Settings\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Found [l.73] : icon_url = "https://isearch.avg.com/favicon.ico", Found [l.76] : keyword = "isearch.avg.com", Found [l.79] : search_url = "https://isearch.avg.com/search?cid={BF834818-53B8-4657-A041-7D8DCFD5FF69}&mid=f08d936c0f5547d0a362d15e77cb4204-77589c755422fbd30a9c627f198d6086968e183c&lang=en&ds=AVG&pr=fr&d=2012-10-18 19:15:41&v=13.2.0.1&sap=dsp&q={searchTerms}", File : C:\Documents and Settings\DLocal Settings\Application Data\Google\Chrome\User Data\Default\Preferences /!\ Cannot open file /!\ =================================================== Farbar Farbar Service Scanner Version: 27-10-2012 Ran by (administrator) on 29-10-2012 at 22:08:12 Running from "C:\Documents and Settings\\My Documents\Downloads" Microsoft Windows XP Home Edition Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist. Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist. Unable to retrieve ServiceDll of sharedaccess. The value does not exist. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Windows Update: ============ wuauserv Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. BITS Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Avgtdix(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) VBoxNetFlt(8) 0x0A000000040000000100000002000000030000005A0000000900000005000000060000000700000008000000 IpSec Tag value is correct. **** End of log **** Quote
Starbuck Posted October 29, 2012 Posted October 29, 2012 (edited) Hi plumtast You actually had a very serious infection there. Let's make a start with cleaning this system: Step 1 Close all the running processes Double click RogueKiller icon to run the program Vista/Win7 users should right click the icon and select Run as Administrator. When prompted, type 2 (DELETE) and then press Enter A report will open, please copy and paste this report in your next reply. A copy of the RKreport.txt can be found on your desktop. Step 2 Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Delete. Confirm each time with Ok. You will be prompted to restart your computer. A text file will open after the restart. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[s1].txt as well. Please post the reports and then we'll take it from there. I'll move this to the Malware Removal forum until we have finished the cleaning process. Edited October 29, 2012 by Starbuck Quote Member of:UNITE
plumtast Posted October 30, 2012 Author Posted October 30, 2012 (step 1) Ran program- no prompt appeared, tried to delete using delete button on right hand side - something happened (green activity bar flashed), but files still there ... Quote
KenB Posted October 30, 2012 Posted October 30, 2012 I am adding this - more as a note to myself ..... The Wireless Zero Service is not running ( wireless connection will not be available without this ) Stay with starbuck and get the all clear before we continue. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Starbuck Posted October 30, 2012 Posted October 30, 2012 Ran program- no prompt appeared, tried to delete using delete button on right hand side - something happened (green activity bar flashed), but files still there ... Sorry i hadn't noticed that Tigzy had updated the interface. There is no prompt now.... just the buttons on the right. Did you allow a little time for everything to load? This will show in the main window. Once this has finished, you can click the delete button. Did you try step 2? It doesn't matter which order you perform the 2 steps. Quote Member of:UNITE
plumtast Posted October 30, 2012 Author Posted October 30, 2012 Sorry i hadn't noticed that Tigzy had updated the interface. There is no prompt now.... just the buttons on the right. Did you allow a little time for everything to load? This will show in the main window. Once this has finished, you can click the delete button. Did you try step 2? It doesn't matter which order you perform the 2 steps. ======================================== There are several roguekiller logs which are all quite similar but with slight differences. This one is one of the 7: RogueKiller V8.2.1 [10/29/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : [Admin rights] Mode : Scan -- Date : 10/30/2012 08:58:41 ¤¤¤ Bad processes : 4 ¤¤¤ [sUSP PATH] wcg_faah_autodock_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_faah_autodock_6.40_windows_intelx86 -> KILLED [TermProc] [sUSP PATH] wcg_hpf2_rosetta_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86 -> KILLED [TermProc] [RESIDUE] wcg_faah_autodock_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_faah_autodock_6.40_windows_intelx86 -> KILLED [TermProc] [RESIDUE] wcg_hpf2_rosetta_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86 -> KILLED [TermProc] ¤¤¤ Registry Entries : 7 ¤¤¤ [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet003\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND [TASK][sUSP PATH] {35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job : C:\WINDOWS\Ssudea.exe -> FOUND [TASK][sUSP PATH] {22116563-108C-42c0-A7CE-60161B75E508}.job : C:\DOCUME~1\visitor\LOCALS~1\Temp\Sbx.exe -> FOUND [HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : C:\WINDOWS\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U --> FOUND [ZeroAccess][FOLDER] L : C:\WINDOWS\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\L --> FOUND ========================================== Here is the adware log: # AdwCleaner v2.005 - Logfile created 10/29/2012 at 21:47:08 # Updated 14/10/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : - MESH # Boot Mode : Normal # Running from : C:\Documents and Settings\\My Documents\Downloads\AdwCleaner.exe # Option [search] ***** [services] ***** Found : MyWebSearchService Found : Viewpoint Manager Service ***** [Files / Folders] ***** File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml File Found : C:\WINDOWS\system32\conduitEngine.tmp File Found : C:\WINDOWS\system32\f3PSSavr.scr File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Folder Found : C:\Documents and Settings\All Users\Application Data\Ask Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Found : C:\Documents and Settings\\Application Data\PriceGong Folder Found : C:\Documents and Settings\\Local Settings\Application Data\APN Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AskToolbar Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Conduit Folder Found : C:\Documents and Settings\Local Settings\Application Data\Softonic-Eng7 Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Viewpoint Folder Found : C:\Documents and Settings\\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\\Application Data\PriceGong Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AskToolbar Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Conduit Folder Found : C:\Documents and Settings\\Local Settings\Application Data\ConduitEngine Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Softonic-Eng7 Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Viewpoint Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AskToolbar Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Viewpoint Folder Found : C:\Documents and Settings\\Application Data\Viewpoint Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Viewpoint Folder Found : C:\Documents and Settings\\My Documents\I Want This Folder Found : C:\Documents and Settings\dfgs\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\dfgs\Local Settings\Application Data\AskToolbar Folder Found : C:\Documents and Settings\dfgs\Local Settings\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\dfgs\Local Settings\Application Data\Viewpoint Folder Found : C:\Documents and Settings\visitor\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\visitor\Application Data\Mozilla\Firefox\Profiles\psfyj4ez.default\Conduit Folder Found : C:\Documents and Settings\visitor\Application Data\Mozilla\Firefox\Profiles\psfyj4ez.default\ConduitEngine Folder Found : C:\Documents and Settings\visitor\Application Data\PriceGong Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\AskToolbar Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\Conduit Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\ConduitEngine Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\Softonic-Eng7 Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\Viewpoint Folder Found : C:\Program Files\Ask.com Folder Found : C:\Program Files\AVG Secure Search Folder Found : C:\Program Files\Common Files\AVG Secure Search Folder Found : C:\Program Files\Common Files\Viewpoint Folder Found : C:\Program Files\Conduit Folder Found : C:\Program Files\FunWebProducts Folder Found : C:\Program Files\MyWebSearch Folder Found : C:\Program Files\Softonic-Eng7 Folder Found : C:\Program Files\Viewpoint Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Found : HKCU\Software\APN Key Found : HKCU\Software\AskToolbar Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\conduitEngine Key Found : HKCU\Software\Fun Web Products Key Found : HKCU\Software\FunWebProducts Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\VWPT Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7327C09-B521-4EDB-8509-7D2660C9EC98} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8AD5AA5-D966-4667-9DAF-2561D68B2012} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7327C09-B521-4EDB-8509-7D2660C9EC98} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8AD5AA5-D966-4667-9DAF-2561D68B2012} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKCU\Software\MyWebSearch Key Found : HKCU\Software\PriceGong Key Found : HKCU\Software\Softonic-Eng7 Key Found : HKCU\Software\Viewpoint Key Found : HKCU\Toolbar Key Found : HKLM\Software\APN Key Found : HKLM\Software\AskToolbar Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Classes\CLSID\{0E2C3126-DDED-4A58-800E-9AEDE84EA31E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} Key Found : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} Key Found : HKLM\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} Key Found : HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A7327C09-B521-4EDB-8509-7D2660C9EC98} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD701DC7-7CEB-462E-B66E-935C7F50E57D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012} Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1 Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1 Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1 Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1 Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2 Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1 Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1 Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1 Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1 Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1 Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} Key Found : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} Key Found : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Found : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Found : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906} Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} Key Found : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Found : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1 Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1 Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1 Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1 Key Found : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin Key Found : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1 Key Found : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin Key Found : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1 Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\S Key Found : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller Key Found : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1 Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2405280 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\FocusInteractive Key Found : HKLM\Software\Freeze.com Key Found : HKLM\Software\Fun Web Products Key Found : HKLM\Software\FunWebProducts Key Found : HKLM\Software\MetaStream Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{180F80D4-6370-467D-8C82-E03E8746E177} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27E8D778-A556-472E-92E8-43689D58DC15} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0} Key Found : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss Key Found : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin Key Found : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic-Eng7 Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Manager Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AD701DC7-7CEB-462E-B66E-935C7F50E57D} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic-Eng7 Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Toolbar Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Found : HKLM\Software\MyWebSearch Key Found : HKLM\Software\Softonic-Eng7 Key Found : HKLM\Software\Viewpoint Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0} Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0} Key Found : HKU\S-1-5-21-1646635644-807565481-2889989635-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\S-1-5-21-1646635644-807565481-2889989635-1006\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0} Key Found : HKU\S-1-5-21-1646635644-807565481-2889989635-1006\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07B18EA9-A523-4961-B6BB-170DE4475CCA}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00A6FAF6-072E-44CF-8957-5838F569A31D}] Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F8AD5AA5-D966-4667-9DAF-2561D68B2012}] Value Found : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [My Web Search Bar Search Scope Monitor] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.1 (en-US) Profile name : default File : C:\Documents and Settings\\Application Data\Mozilla\Firefox\Profiles\lr2j7lup.default\prefs.js Found : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Found : user_pref("keyword.URL", "https://isearch.avg.com/search?cid={BF834818-53B8-4657-A041-7D8DCFD5FF69}&[...] Profile name : default File : C:\Documents and Settings\visitor\Application Data\Mozilla\Firefox\Profiles\psfyj4ez.default\prefs.js Found : user_pref("extensions.skipscreen.hostMatchStr", "http://www.4shared.com/(get|audio|file|document|dir[...] Profile name : default File : C:\Documents and Settings\dfgs\Application Data\Mozilla\Firefox\Profiles\nr1xmfqf.default\prefs.js Found : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Found : user_pref("browser.search.selectedEngine", "AVG Secure Search"); Found : user_pref("keyword.URL", "https://isearch.avg.com/search?cid={BF834818-53B8-4657-A041-7D8DCFD5FF69}&[...] -\\ Google Chrome v [unable to get version] File : C:\Documents and Settings\\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Documents and Settings\\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Found [l.73] : icon_url = "https://isearch.avg.com/favicon.ico", Found [l.76] : keyword = "isearch.avg.com", Found [l.79] : search_url = "https://isearch.avg.com/search?cid={BF834818-53B8-4657-A041-7D8DCFD5FF69}&mid=f08d936c0f5547d0a362d15e77cb4204-77589c755422fbd30a9c627f198d6086968e183c&lang=en&ds=AVG&pr=fr&d=2012-10-18 19:15:41&v=13.2.0.1&sap=dsp&q={searchTerms}", File : C:\Documents and Settings\\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences /!\ Cannot open file /!\ Quote
Starbuck Posted October 30, 2012 Posted October 30, 2012 Hi Both of those reports were created using either the 'Search' or the 'Scan' buttons. Have you clicked the delete buttons? Here's an updated RogueKiller delete speech to try. Close all the running processes Double click RogueKiller icon to run the program Vista/Win7 users should right click the icon and select Run as Administrator. Wait for the Prescan to finish. Then click the Scan button. When the scan has finished .... click the Delete button. A report will open, please copy and paste this report in your next reply. A copy of the RKreport.txt can be found on your desktop. and the AdwCleaner delete speech again: Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Delete. Confirm each time with Ok. You will be prompted to restart your computer. A text file will open after the restart. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[s1].txt as well. It's the 2 'delete' reports i need before we can continue. Thanks Quote Member of:UNITE
plumtast Posted October 30, 2012 Author Posted October 30, 2012 Hi Both of those reports were created using either the 'Search' or the 'Scan' buttons. Have you clicked the delete buttons? Here's an updated RogueKiller delete speech to try. Close all the running processes Double click RogueKiller icon to run the program Vista/Win7 users should right click the icon and select Run as Administrator. Wait for the Prescan to finish. Then click the Scan button. When the scan has finished .... click the Delete button. A report will open, please copy and paste this report in your next reply. A copy of the RKreport.txt can be found on your desktop. and the AdwCleaner delete speech again: Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Delete. Confirm each time with Ok. You will be prompted to restart your computer. A text file will open after the restart. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[s1].txt as well. It's the 2 'delete' reports i need before we can continue. Thanks ================== RogueKiller: RogueKiller V8.2.1 [10/29/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : [Admin rights] Mode : Remove -- Date : 10/30/2012 21:06:22 ¤¤¤ Bad processes : 6 ¤¤¤ [sUSP PATH] wcg_hpf2_rosetta_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86 -> KILLED [TermProc] [sUSP PATH] wcg_hfcc_autodock_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_hfcc_autodock_6.40_windows_intelx86 -> KILLED [TermProc] [RESIDUE] wcg_hpf2_rosetta_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86 -> KILLED [TermProc] [RESIDUE] wcg_hfcc_autodock_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_hfcc_autodock_6.40_windows_intelx86 -> KILLED [TermProc] [RESIDUE] wcg_hpf2_rosetta_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86 -> KILLED [TermProc] [RESIDUE] wcg_hfcc_autodock_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_hfcc_autodock_6.40_windows_intelx86 -> KILLED [TermProc] ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Maxtor 6V250F0 +++++ --- User --- [MBR] 4d9f567356a1513974290e6595d0a1a0 [bSP] d119ba93793e2a02163436fbf2281b49 : Windows Vista/7 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 4502 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 9221310 | Size: 234864 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[9].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt ====================== adwCleaner - clicking delete or search - with both the green bar starts working but then after a second or two, the whole thing completely disappears off screen and can't be found. Tried a number of times and same thing each time. So never got to ok or restart prompts ... Quote
Starbuck Posted October 30, 2012 Posted October 30, 2012 Ok, no problem. Let's move on to something a bit more powerful. Please follow these steps in order. Step 1 Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. Vista/Win7 users should right click on the icon and select Run as Administrator. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista/Win7, you will not see the recovery console screens as they are Win XP related Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Step 2 You mentioned that you have Malwarebytes Antimalware installed: Please update MBAM and run another scan: Start MBAM Click on the Update tab http://img.photobucket.com/albums/v708/starbuck50/new/mbamnew.png Click Check for Updates The latest Database Version is: v2012.10.30.09 If it says that MBAM needs to close to update it... let it close and then restart. Then click the Scan button. Don't forget: When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Step 3 Download OTL to your desktop. If using Firefox ..right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. in your next reply, please submit: Combofix.txt New MBAM report and both reports from OTL. Note: because of the size of the reports you may have to split them over 2 or 3 posts. Thanks Quote Member of:UNITE
plumtast Posted October 31, 2012 Author Posted October 31, 2012 Combofix displayed the 1st screen but stopped after displaying the text 'creating system restore point'. The other logs are as follows (one split in half - others to follow): ============================================= OTL Log: OTL logfile created on: 31/10/2012 12:15:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1023.48 Mb Total Physical Memory | 486.04 Mb Available Physical Memory | 47.49% Memory free 2.40 Gb Paging File | 1.98 Gb Available in Paging File | 82.18% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229.36 Gb Total Space | 84.97 Gb Free Space | 37.05% Space Free | Partition Type: NTFS Drive D: | 33.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: MESH | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () PRC - C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_hcc1_img_6.56_windows_intelx86 () PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Documents and Settings\\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierMon.exe (Parabon Computation, Inc.) PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierIM.exe (Parabon Computation, Inc.) PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontier.exe (Parabon Computation, Inc.) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierUpdate.exe (Parabon Computation, Inc.) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Addon\Common\RaUI.exe (Addon Technology Ltd.) PRC - C:\Program Files\Addon\Common\RaRegistry.exe (Ralink Technology, Corp.) PRC - C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) PRC - C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory) PRC - C:\Program Files\BOINC\boinc.exe (Space Sciences Laboratory) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin) PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe () PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink) PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink) PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe () PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe () PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.) PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () MOD - C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_hcc1_img_6.56_windows_intelx86 () MOD - C:\Program Files\Parabon\Frontier Compute Engine\bin\psens.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c1de8e1c\system.drawing.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_353abf6a\system.windows.forms.dll () MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fe8bae91\mscorlib.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_6c105c62\system.xml.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_157634b6\system.dll () MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll () MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll () MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\WINDOWS\system32\cpwmon2k.dll () MOD - C:\WINDOWS\system32\DiagFunc.dll () MOD - C:\Program Files\BOINC\cudart.dll () MOD - C:\Program Files\BOINC\zlib1.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll () MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll () MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll () MOD - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinwcuiDLL.dll () MOD - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinHWStatus.dll () MOD - C:\WINDOWS\system32\vmcmidiport.dll () MOD - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe () MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe () MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe () MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll () MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll () MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll () MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\HomeNetWorking\CLNetMedia.dll () ========== Services (SafeList) ========== SRV - (PEVSystemStart) -- C:\32788R22FWJFW\pev.3XE EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 C:\32788R22FWJFW\KNetSvcs.vbs File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_5891ae0.dll () SRV - (Frontier Compute Engine) -- C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierMon.exe (Parabon Computation, Inc.) SRV - (asdsrv) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft) SRV - (Frontier Update Service) -- C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierUpdate.exe (Parabon Computation, Inc.) SRV - (RalinkRegistryWriter) -- C:\Program Files\Addon\Common\RaRegistry.exe (Ralink Technology, Corp.) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (BlueSoleil Hid Service) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe () SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink) SRV - (CLSched) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe () SRV - (CLCapSvc) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe () SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe () ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (asdrs) -- C:\WINDOWS\system32\drivers\asdrs.sys (Anvisoft) DRV - (asdrm) -- C:\WINDOWS\system32\drivers\asdrm.sys (Anvisoft) DRV - (asdws) -- C:\WINDOWS\system32\drivers\asdws.sys () DRV - (VBoxDrv) -- C:\Program Files\Sun\VirtualBox OSE\VBoxDrv.sys () DRV - (VBoxNetFlt) -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys () DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.) DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology, Corp.) DRV - (Scutum50) -- C:\WINDOWS\system32\drivers\Scutum50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (wdmaud) -- C:\WINDOWS\system32\drivers\wdmaud.sys () DRV - (Wanarp) -- C:\WINDOWS\system32\drivers\wanarp.sys () DRV - (usbprint) -- C:\WINDOWS\system32\drivers\usbprint.sys () DRV - (WSTCODEC) -- C:\WINDOWS\system32\drivers\wstcodec.sys () DRV - (usbccgp) -- C:\WINDOWS\system32\drivers\usbccgp.sys () DRV - (USBSTOR) -- C:\WINDOWS\system32\drivers\usbstor.sys () DRV - (usbhub) -- C:\WINDOWS\system32\drivers\usbhub.sys () DRV - (usbehci) -- C:\WINDOWS\system32\drivers\usbehci.sys () DRV - (usbohci) -- C:\WINDOWS\system32\drivers\usbohci.sys () DRV - (usbscan) -- C:\WINDOWS\system32\drivers\usbscan.sys () DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (VgaSave) -- C:\WINDOWS\system32\drivers\vga.sys () DRV - (VolSnap) -- C:\WINDOWS\System32\drivers\volsnap.sys () DRV - (Update) -- C:\WINDOWS\system32\drivers\update.sys () DRV - (viaagp) -- C:\WINDOWS\system32\drivers\viaagp.sys () DRV - (WudfRd) -- C:\WINDOWS\system32\drivers\WudfRd.sys () DRV - (WudfPf) -- C:\WINDOWS\system32\drivers\WudfPf.sys () DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys () DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (BT) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys (IVT Corporation) DRV - (BLKWGU(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation) DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation) DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys () DRV - (nvnforce) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation) DRV - (nvax) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation) DRV - (BTHidMgr) -- C:\WINDOWS\system32\drivers\BTHidMgr.sys (IVT Corporation) DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.) DRV - (m5287) -- C:\WINDOWS\system32\drivers\m5287.sys (ULi Electronics Inc.) DRV - (m5289) -- C:\WINDOWS\system32\drivers\m5289.sys (ULi Electronics Inc.) DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys () DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys () DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys () DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (iComp) -- C:\WINDOWS\system32\drivers\p2usbwdm.sys (Conexant Systems Inc.) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (WS2IFSL) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys () DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys (Promise Technology, Inc.) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (Politecnico di Torino) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (USBIO) -- C:\WINDOWS\system32\drivers\usbio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=-2sDKcDEApIF3bXpdzZjJfrBHrc?q={searchTerms} IE - HKCU\..\SearchScopes\{C2353BDA-19DB-4F7E-936F-2EAA9D89C0AB}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=10: C:\Program Files\Google\Google Updater\2.1.810.31257\npCIDetect10.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/25 18:12:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/17 20:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\\Application Data\Mozilla\Extensions [2012/10/30 08:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\\Application Data\Mozilla\Firefox\Profiles\lr2j7lup.default\extensions [2012/10/25 18:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/10/25 18:12:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012/10/25 18:12:28 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/10/07 07:29:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/25 18:12:27 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.1.810.31257\npCIDetect10.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.) O3 - HKLM\..\Toolbar: (Net Snippets) - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\Program Files\NetSnippets\NetSnip.DLL (Net Snippets LTD.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe (CyberLink Corp.) O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.) O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [bullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" File not found O4 - HKCU..\Run: [Power2GoExpress] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Addon Wireless Utility.lnk = C:\Program Files\Addon\Common\RaUI.exe (Addon Technology Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin) O4 - Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O9 - Extra Button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\Program Files\NetSnippets\NetSnip.DLL (Net Snippets LTD.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: internet ([]about in Internet) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156003235671 (MUWebControl Class) O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave.com/content/ghostfrenzy/sis/axhost.cab (WildfireActiveXHost Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://cloverleafgames.com/igloader.CAB (igLoader Content on Demand) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Virtools WebPlayer Class) O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} http://www.candystand.com/assets/activex/virtools/CacheManager.CAB (CacheManager.CacheManagerCtrl) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://msnuk.oberon-media.com/online2/MSN_INTL_UK/insaniquarium_non_zylom/popcaploader_v6.cab (PopCapLoader Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29AF84D6-C5B5-4117-B363-6E563C03BE00}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5472BD3-8BB9-4176-9B87-A8C28AB2C5CC}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/11/25 09:00:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - File not found MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Nimbuzz - hkey= - key= - C:\Program Files\Nimbuzz\Nimbuzz.exe () MsConfig - StartUpReg: NVMixerTray - hkey= - key= - C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/10/31 12:13:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe [2012/10/31 10:00:12 | 000,000,000 | --SD | C] -- C:\ComboFi [2012/10/31 09:56:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\\Start Menu\Programs\Administrative Tools [2012/10/31 09:54:53 | 004,991,925 | R--- | C] (Swearware) -- C:\Documents and Settings\\Desktop\ComboFi.exe [2012/10/31 09:51:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/10/31 09:51:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/10/31 09:51:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/10/31 09:51:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/10/30 11:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Unity [2012/10/29 21:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Desktop\RK_Quarantine [2012/10/28 16:18:56 | 001,085,440 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll [2012/10/28 16:18:56 | 000,757,852 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll [2012/10/28 16:18:56 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll [2012/10/28 16:18:56 | 000,180,224 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll [2012/10/28 16:18:56 | 000,143,459 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll [2012/10/28 16:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Addon Wireless [2012/10/28 16:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Addon Driver [2012/10/28 16:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Addon [2012/10/28 11:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Sun [2012/10/26 17:54:42 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/10/26 17:54:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/10/26 17:54:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/10/26 17:54:22 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/10/25 18:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/10/22 20:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HideAnyWindow [2012/10/22 20:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\HideAnyWindow [2012/10/18 18:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\AVG2013 [2012/10/18 18:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG [2012/10/18 18:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\TuneUp Software [2012/10/18 18:15:37 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys [2012/10/18 18:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012/10/18 18:13:35 | 000,000,000 | -H-D | C] -- C:\$AVG [2012/10/18 18:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013 [2012/10/18 18:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012/10/18 18:07:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/10/18 18:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\MFAData [2012/10/18 18:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData [2012/10/18 18:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Avg2013 [2012/10/18 17:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\Malwarebytes [2012/10/18 17:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/10/18 17:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/10/18 17:27:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/10/18 17:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/10/18 17:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\Anvisoft [2012/10/18 17:01:15 | 000,022,864 | ---- | C] (Anvisoft) -- C:\WINDOWS\System32\drivers\asdrs.sys [2012/10/18 17:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Anvisoft [2012/10/18 17:01:14 | 000,016,208 | ---- | C] (Anvisoft) -- C:\WINDOWS\System32\drivers\asdrm.sys [2012/10/18 17:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anvisoft [2012/10/18 17:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft [2012/10/17 21:17:35 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/10/17 21:17:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012/10/17 20:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\PCHealth [2012/10/17 20:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Mozilla [2012/10/17 19:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs [2012/10/17 18:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\386C33D85747E24000B1386B834FC480 [2012/10/05 02:26:22 | 000,093,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2012/10/02 02:30:38 | 000,159,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2006/06/18 16:26:36 | 000,518,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB884020-x86-enu.exe [2006/06/18 16:24:55 | 000,163,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\pfbackup.exe [2006/06/18 16:18:39 | 005,566,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vviewer.exe [2006/06/18 16:15:53 | 002,176,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Windows-KB890830-V1.17.exe [2006/06/18 16:15:10 | 004,659,000 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB908531-v2-x86-ENU.exe [2006/06/18 16:14:04 | 001,002,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\JournalViewer1.5_KB886179_ENU.exe [2006/06/18 16:13:17 | 002,931,992 | ---- | C] (Microsoft Corporation) -- C:\Program Files\LEO_Setup.EXE [2006/06/18 16:11:13 | 001,389,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ppttmpl3.exe [2006/06/18 16:10:43 | 000,480,816 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Sounds.EXE [2006/06/18 16:09:50 | 000,330,024 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ppttpwiz.exe [2006/06/17 17:56:41 | 002,053,688 | ---- | C] (Google) -- C:\Program Files\GoogleDesktopSetup.exe [2006/06/15 16:29:11 | 024,070,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe [2006/06/15 15:37:21 | 017,357,552 | ---- | C] (The LEGO Group) -- C:\Program Files\Lego Designer.exe [2006/06/15 15:29:04 | 037,311,488 | ---- | C] (Apple Computer, Inc. ) -- C:\Program Files\iTunesSetup.exe [7 C:\*.tmp files -> C:\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [17 C:\Documents and Settings\ \My Documents\*.tmp files -> C:\Documents and Settings\\My Documents\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/10/31 12:19:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/10/31 12:16:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D665C24D-DAD0-4076-8D6C-97D8FCC394E5}.job [2012/10/31 12:13:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe [2012/10/31 12:11:08 | 000,012,664 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/10/31 12:11:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/10/31 12:06:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/10/31 10:09:04 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\\Desktop\Shortcut to mbam.lnk [2012/10/31 09:55:07 | 004,991,925 | R--- | M] (Swearware) -- C:\Documents and Settings\\Desktop\ComboFi.exe [2012/10/30 22:28:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/10/30 21:16:09 | 000,000,678 | ---- | M] () -- C:\WINDOWS\DeleteOnReboot.bat [2012/10/30 21:13:30 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\\Desktop\Shortcut to AdwCleaner.lnk [2012/10/30 19:27:41 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6B9DDA16-430C-4C97-BD40-7A58000A54AD}.job [2012/10/29 19:00:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job [2012/10/28 16:18:53 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Addon Wireless Utility.lnk [2012/10/28 10:13:15 | 000,427,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/10/28 10:13:15 | 000,069,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/10/26 17:54:00 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/10/26 17:53:58 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll [2012/10/26 17:53:58 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012/10/26 17:53:58 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/10/26 17:53:58 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/10/26 17:53:58 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/10/26 17:53:58 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012/10/20 17:27:27 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2012/10/18 18:16:14 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk [2012/10/18 18:15:14 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys [2012/10/18 17:01:15 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Anvi Smart Defender.lnk [2012/10/17 20:03:32 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2012/10/17 19:36:18 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/10/17 19:31:55 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/10/08 20:45:06 | 000,059,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\8b780ee2e5d8e336.sys [2012/10/08 18:19:42 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/10/08 18:19:41 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/10/05 02:26:22 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2012/10/02 02:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [7 C:\*.tmp files -> C:\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [17 C:\Documents and Settings\\My Documents\*.tmp files -> C:\Documents and Settings\\My Documents\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/10/31 10:09:04 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\\Desktop\Shortcut to mbam.lnk [2012/10/31 09:51:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/10/31 09:51:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/10/31 09:51:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/10/31 09:51:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/10/31 09:51:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/10/30 21:13:30 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\\Desktop\Shortcut to AdwCleaner.lnk [2012/10/30 21:11:19 | 000,000,678 | ---- | C] () -- C:\WINDOWS\DeleteOnReboot.bat [2012/10/28 16:18:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll [2012/10/28 16:18:56 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI [2012/10/28 16:18:56 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini [2012/10/28 16:18:53 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Addon Wireless Utility.lnk [2012/10/28 16:18:38 | 000,500,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt61.sys [2012/10/20 17:27:27 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk [2012/10/20 17:27:27 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2012/10/18 18:16:14 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk [2012/10/18 17:01:15 | 000,014,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\asdws.sys [2012/10/18 17:01:15 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Anvi Smart Defender.lnk [2012/10/08 20:45:06 | 000,059,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\8b780ee2e5d8e336.sys [2012/09/12 09:58:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/04/20 11:31:59 | 000,019,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\Scutum50.sys [2012/02/26 11:28:58 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2012/02/15 08:38:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/06/16 13:19:09 | 000,829,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2870.sys [2011/01/30 17:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI [2006/09/12 17:39:15 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\\Application Data\wklnhst.dat [2006/08/19 15:54:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\n\Application Data\dm.ini [2006/08/13 13:08:20 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/06/18 16:42:53 | 000,299,078 | ---- | C] () -- C:\Program Files\10131610.cab [2006/06/18 16:23:42 | 006,571,008 | ---- | C] () -- C:\Program Files\Nile_Theme_EN.msi [2006/06/18 16:22:33 | 001,638,400 | ---- | C] () -- C:\Program Files\Nature Theme 1 - Animal_EN.msi [2006/06/18 16:19:32 | 003,830,526 | ---- | C] () -- C:\Program Files\WM Components 2.0.2.dmg [2006/06/18 16:01:09 | 007,914,851 | ---- | C] () -- C:\Program Files\Christmas Pinball.exe [2006/06/18 15:56:03 | 000,863,616 | ---- | C] () -- C:\Program Files\Epic Pinball.zip [2006/06/17 16:21:23 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/06/15 16:12:17 | 001,062,523 | ---- | C] () -- C:\Program Files\Peps Football Pinball Game.zip [2006/05/27 10:53:46 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat [2006/05/19 18:59:33 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\fusioncache.dat ========== ZeroAccess Check ========== [2012/10/17 19:40:46 | 000,002,048 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\@ [2010/12/09 15:15:09 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\n [2010/12/09 15:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\L [2012/10/30 19:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U [2012/10/24 16:41:23 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\00000001.@ [2012/10/30 19:17:40 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\80000000.@ [2012/10/21 09:35:06 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\800000cb.@ [2005/11/25 09:10:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/10/17 18:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\386C33D85747E24000B1386B834FC480 [2012/10/28 16:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Addon Driver [2012/10/18 17:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anvisoft [2012/10/18 18:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013 [2009/07/25 17:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7 [2008/04/18 18:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth [2012/10/31 12:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC [2012/10/18 18:07:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2010/05/21 01:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElectricSheep [2012/06/15 15:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4D561F0001130CA00002367D151FC84 [2012/06/28 17:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\foldit [2010/08/22 01:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon [2010/07/15 23:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software [2009/03/29 14:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\intermorphic [2006/09/09 12:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lucasarts [2008/02/01 19:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX [2007/10/05 09:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2012/10/31 10:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2007/10/15 17:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2008/12/22 18:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2008/09/20 17:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon [2006/05/25 17:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norbyte [2008/02/24 16:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks [2006/06/13 18:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst [2010/07/18 23:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files [2006/10/03 15:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2006/11/15 17:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft [2011/06/16 13:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver [2006/06/13 17:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games [2012/02/29 09:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2010/10/07 04:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock [2011/04/07 09:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2006/05/27 09:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2010/10/03 22:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valve [2010/07/06 00:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames [2009/02/19 14:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2010/10/07 04:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4CC9FFD0-2293-494C-9203-C26692235753} [2012/10/18 17:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Anvisoft [2012/10/18 18:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\AVG2013 [2006/05/21 14:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\AVG7 [2006/05/19 18:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\BullGuard [2009/03/29 13:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\com.zipeg [2008/07/03 16:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Cycling '74 [2009/03/29 14:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\data [2006/09/24 18:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Ice Age 2 Demo [2008/01/27 14:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\ImageBadger [2008/04/17 07:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Leadertech [2008/07/04 15:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\MAGIX [2007/12/27 17:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Mattel [2008/12/22 18:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\NCH Swift Sound [2009/10/15 08:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\SuperDonate [2006/09/12 17:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Template [2012/10/18 18:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\TuneUp Software [2006/05/27 10:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\Ulead Systems ========== Purity Check ========== Quote
plumtast Posted October 31, 2012 Author Posted October 31, 2012 ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/07/28 15:35:12 | 005,922,952 | ---- | M] (Hewlett Packard) -- C:\640-enu-xpinfu.exe [2009/01/01 13:23:39 | 000,000,035 | ---- | M] () -- C:\aa.txt [2012/10/29 21:47:23 | 000,031,739 | ---- | M] () -- C:\AdwCleaner[R1].txt [2012/10/30 19:34:48 | 000,031,739 | ---- | M] () -- C:\AdwCleaner[R2].txt [2012/10/30 21:09:00 | 000,031,739 | ---- | M] () -- C:\AdwCleaner[R3].txt [2012/10/30 21:15:56 | 000,002,072 | ---- | M] () -- C:\AdwCleaner[R4].txt [2012/10/30 21:16:33 | 000,002,072 | ---- | M] () -- C:\AdwCleaner[R5].txt [2012/10/30 21:11:47 | 000,031,779 | ---- | M] () -- C:\AdwCleaner[s1].txt [2012/10/30 21:14:05 | 000,002,093 | ---- | M] () -- C:\AdwCleaner[s2].txt [2012/10/30 21:15:13 | 000,002,093 | ---- | M] () -- C:\AdwCleaner[s3].txt [2012/10/30 21:16:19 | 000,002,093 | ---- | M] () -- C:\AdwCleaner[s4].txt [2005/11/25 09:00:41 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2006/06/19 16:48:58 | 012,242,639 | ---- | M] () -- C:\AVG7QT.DAT [2010/08/01 00:39:14 | 000,000,223 | RHS- | M] () -- C:\boot.ini [2005/11/25 09:00:41 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2006/10/17 14:52:45 | 000,002,956 | ---- | M] () -- C:\dd.jpg [2010/10/29 17:14:05 | 000,000,144 | ---- | M] () -- C:\error.log [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2006/07/28 14:04:40 | 000,024,576 | ---- | M] () -- C:\igBrowse.exe [2006/09/19 16:19:16 | 000,000,486 | ---- | M] () -- C:\igLoader_Log.txt [2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2005/11/25 09:00:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007/10/05 16:46:03 | 000,000,846 | ---- | M] () -- C:\LogFile.log [2010/10/29 17:14:05 | 000,015,843 | ---- | M] () -- C:\menu.log [2005/11/25 09:00:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2006/08/10 12:41:52 | 000,026,624 | ---- | M] (Indiepath Ltd) -- C:\npigl.dll [2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/10/30 22:49:32 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/10/31 12:06:21 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2008/02/14 16:35:37 | 000,051,891 | ---- | M] () -- C:\playground.log [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI [2012/10/17 19:21:08 | 000,001,064 | ---- | M] () -- C:\VETlog.txt [2006/07/28 15:23:39 | 013,706,152 | ---- | M] () -- C:\zlsSetup_65_731_000_en.exe [7 C:\*.tmp files -> C:\*.tmp -> ] < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2006/04/10 13:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpzpp054.dll [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [17 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > [2012/10/08 20:45:06 | 000,059,776 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\8b780ee2e5d8e336.sys [2006/04/13 00:04:39 | 000,021,568 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\HPZius12.sys [2004/08/03 21:41:48 | 000,220,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys [2004/08/03 21:41:50 | 000,685,056 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hsfcxts2.sys [2004/08/03 21:41:56 | 001,041,536 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys [2004/09/29 22:35:30 | 000,219,136 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys [2004/09/29 22:34:24 | 000,702,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys [2004/09/29 22:33:50 | 001,036,928 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\HSF_DP.sys [2009/10/20 16:20:16 | 000,265,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\http.sys [2008/04/13 18:41:22 | 000,008,576 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\i2omgmt.sys [2008/04/13 18:41:22 | 000,018,560 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\i2omp.sys [2008/04/13 19:18:00 | 000,052,480 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\i8042prt.sys [2004/04/20 10:13:00 | 000,472,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\iaStor.sys [2008/04/13 18:40:58 | 000,042,112 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\imapi.sys [2001/08/17 13:52:08 | 000,016,000 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ini910u.sys [2008/04/13 18:40:29 | 000,005,504 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\intelide.sys [2008/04/13 18:31:32 | 000,036,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\intelppm.sys [2008/04/13 18:53:34 | 000,036,608 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ip6fw.sys [2004/08/04 12:00:00 | 000,032,896 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipfltdrv.sys [2008/04/13 18:57:07 | 000,020,864 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipinip.sys [2008/04/13 18:57:15 | 000,152,832 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipnat.sys [2008/04/13 19:19:42 | 000,075,264 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipsec.sys [2008/04/13 18:54:28 | 000,011,264 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\irenum.sys [2008/04/13 18:36:41 | 000,037,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\isapnp.sys [2008/04/13 18:39:47 | 000,024,576 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kbdclass.sys [2008/04/13 18:45:09 | 000,172,416 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kmixer.sys [2008/04/13 19:16:36 | 000,141,056 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ks.sys [2009/06/24 11:18:41 | 000,092,928 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ksecdd.sys [2005/02/05 07:00:00 | 000,085,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\m5287.sys [2004/12/01 10:49:00 | 000,051,840 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\m5289.sys [2004/08/04 12:00:00 | 000,007,680 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mcd.sys [2004/03/17 19:04:14 | 000,013,059 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mdmxsdk.sys [2008/04/13 18:36:41 | 000,063,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mf.sys [2004/08/04 12:00:00 | 000,004,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mnmdd.sys [2008/04/13 19:00:19 | 000,030,080 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\modem.sys [2001/08/17 12:57:38 | 000,016,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\MODEMCSA.sys [2008/04/13 18:39:47 | 000,023,040 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mouclass.sys [2001/08/17 12:48:00 | 000,012,160 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mouhid.sys [2008/04/13 18:39:46 | 000,042,368 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mountmgr.sys [2001/08/17 13:52:12 | 000,017,280 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mraid35x.sys [2008/04/13 18:32:44 | 000,180,608 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mrxdav.sys [2011/07/15 13:29:31 | 000,456,320 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mrxsmb.sys [2008/04/13 18:46:09 | 000,051,200 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\msdv.sys [2008/04/13 18:32:39 | 000,019,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\msfs.sys [2008/04/13 18:56:32 | 000,035,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\msgpc.sys [2008/04/13 18:39:52 | 000,007,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mskssrv.sys [2001/08/17 13:00:04 | 000,002,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\msmpu401.sys [2008/04/13 18:39:50 | 000,005,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mspclock.sys [2008/04/13 18:39:51 | 000,004,992 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mspqm.sys [2008/04/13 18:36:46 | 000,015,488 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mssmbios.sys [2008/04/13 18:39:50 | 000,005,504 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mstee.sys [2004/08/03 21:41:40 | 000,126,686 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mtlmnt5.sys [2004/08/03 21:41:38 | 001,309,184 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mtlstrm.sys [2004/08/03 21:29:38 | 000,452,736 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mtxparhm.sys [2011/04/21 13:37:43 | 000,105,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mup.sys [2008/04/13 18:43:55 | 000,012,672 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mutohpen.sys [2008/04/13 18:46:25 | 000,085,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nabtsfec.sys [2008/04/13 19:20:37 | 000,182,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndis.sys [2008/04/13 18:46:22 | 000,010,880 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndisip.sys [2011/07/08 14:02:00 | 000,010,496 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndistapi.sys [2008/04/13 18:55:58 | 000,014,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndisuio.sys [2008/04/13 19:20:42 | 000,091,520 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndiswan.sys [2010/11/02 15:17:02 | 000,040,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndproxy.sys [2008/04/13 18:56:02 | 000,034,688 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\netbios.sys [2008/04/13 19:21:00 | 000,162,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\netbt.sys [2008/04/13 18:51:25 | 000,061,824 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nic1394.sys [2004/08/04 12:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nikedrv.sys [2008/04/13 18:53:09 | 000,040,320 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nmnt.sys [2003/04/04 14:07:20 | 000,030,336 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\npf.sys [2008/04/13 18:32:39 | 000,030,848 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\npfs.sys [2008/04/13 19:15:53 | 000,574,976 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ntfs.sys [2004/08/03 21:41:40 | 000,180,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ntmtlfax.sys [2004/08/04 12:00:00 | 000,002,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\null.sys [2004/08/03 21:29:56 | 001,897,408 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nv4_mini.sys [2005/07/26 06:01:56 | 000,415,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvapu.sys [2005/07/26 06:02:36 | 000,066,688 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvarm.sys [2005/07/26 05:58:30 | 000,053,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvax.sys [2006/04/14 19:09:04 | 000,034,176 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\NVENETFD.sys [2005/07/26 06:02:38 | 000,923,520 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvmcp.sys [2006/04/14 19:09:06 | 000,013,056 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvnetbus.sys [2006/04/14 19:08:46 | 000,305,152 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvnrm.sys [2006/04/14 19:08:32 | 000,222,720 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvsnpu.sys [2004/08/04 12:00:00 | 000,012,416 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnkflt.sys [2004/08/04 12:00:00 | 000,032,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys [2008/04/13 18:56:06 | 000,088,320 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnkipx.sys [2004/08/04 12:00:00 | 000,063,232 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnknb.sys [2004/08/04 12:00:00 | 000,055,936 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnkspx.sys [2008/04/13 18:46:18 | 000,061,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ohci1394.sys [2004/08/04 12:00:00 | 000,003,456 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\oprghdlr.sys [2003/04/29 00:31:18 | 000,051,169 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\OXSER.SYS [2004/09/02 09:02:44 | 001,475,328 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\p2usbwdm.sys [2008/04/13 18:31:31 | 000,042,752 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\p3.sys [2008/04/13 18:40:10 | 000,080,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\parport.sys [2008/04/13 18:40:49 | 000,019,712 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\partmgr.sys [2004/08/04 12:00:00 | 000,006,784 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\parvdm.sys [2008/04/13 18:36:44 | 000,068,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pci.sys [2001/08/17 13:51:52 | 000,003,328 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pciide.sys [2008/04/13 18:40:29 | 000,024,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pciidex.sys [2008/04/13 18:36:43 | 000,120,192 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pcmcia.sys [2001/08/17 14:07:40 | 000,027,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\perc2.sys [2001/08/17 14:07:42 | 000,005,504 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\perc2hib.sys [2010/07/17 02:34:34 | 000,137,544 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\PnkBstrK.sys [2008/04/13 19:19:41 | 000,146,048 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\portcls.sys [2008/04/13 18:31:30 | 000,035,840 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\processr.sys [2008/04/13 18:56:38 | 000,069,120 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\psched.sys [2004/08/04 12:00:00 | 000,017,792 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ptilink.sys [2010/03/31 01:58:04 | 000,044,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\PxHelp20.sys [2001/08/17 13:52:20 | 000,040,320 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ql1080.sys [2001/08/17 13:52:16 | 000,033,152 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ql10wnt.sys [2001/08/17 13:52:20 | 000,045,312 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ql12160.sys [2001/08/17 13:52:16 | 000,040,448 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ql1240.sys [2001/08/17 13:52:18 | 000,049,024 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ql1280.sys [2004/08/04 12:00:00 | 000,008,832 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rasacd.sys [2008/04/13 19:19:43 | 000,051,328 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rasl2tp.sys [2008/04/13 18:57:32 | 000,041,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\raspppoe.sys [2008/04/13 19:19:48 | 000,048,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\raspptp.sys [2004/08/04 12:00:00 | 000,016,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\raspti.sys [2004/08/04 12:00:00 | 000,034,432 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rawwan.sys [2008/04/13 19:28:39 | 000,175,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rdbss.sys [2004/08/04 12:00:00 | 000,004,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rdpcdd.sys [2008/04/13 18:32:51 | 000,196,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rdpdr.sys [2012/05/02 13:46:36 | 000,139,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rdpwd.sys [2004/08/03 21:41:40 | 000,013,776 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\recagent.sys [2008/04/13 18:40:27 | 000,057,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\redbook.sys [2008/04/13 18:46:32 | 000,059,136 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rfcomm.sys [2004/08/04 12:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rio8drv.sys [2004/08/04 12:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\riodrv.sys [2008/05/08 14:02:52 | 000,203,136 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rmcast.sys [2008/04/13 18:56:49 | 000,030,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rndismp.sys [2008/04/13 18:56:49 | 000,030,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rndismpx.sys [2004/08/04 12:00:00 | 000,005,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rootmdm.sys [2010/05/27 13:52:12 | 000,829,792 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rt2870.sys [2009/06/12 17:21:40 | 000,500,096 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rt61.sys [2004/08/03 21:29:52 | 000,166,912 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\s3gnbm.sys [2008/04/13 18:40:30 | 000,096,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\scsiport.sys [2009/04/21 14:31:10 | 000,019,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Scutum50.sys [2008/04/13 18:36:44 | 000,079,232 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sdbus.sys [2007/11/13 10:25:53 | 000,020,480 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\secdrv.sys [2008/04/13 18:40:12 | 000,015,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\serenum.sys [2008/04/13 19:15:45 | 000,064,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\serial.sys [2008/04/13 18:40:47 | 000,011,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sffdisk.sys [2008/04/13 18:40:48 | 000,010,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sffp_mmc.sys [2008/04/13 18:40:47 | 000,011,008 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sffp_sd.sys [2008/04/13 18:40:48 | 000,011,392 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sfloppy.sys [2004/02/11 12:29:34 | 000,048,076 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Sio9502k.sys [2008/04/13 18:36:39 | 000,040,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sisagp.sys [2004/03/23 09:26:22 | 000,048,556 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SktBt2k.sys [2008/04/13 18:46:23 | 000,011,136 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\slip.sys [2004/08/03 21:41:42 | 000,129,535 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\slnt7554.sys [2004/08/03 21:41:44 | 000,404,990 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\slntamr.sys [2004/08/03 21:41:46 | 000,095,424 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\slnthal.sys [2004/08/03 21:41:46 | 000,013,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\slwdmsup.sys [2008/04/13 18:36:34 | 000,005,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\smbali.sys [2004/08/04 12:00:00 | 000,014,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\smclib.sys [2008/04/13 18:46:07 | 000,025,344 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonydcam.sys [2001/11/05 08:23:14 | 000,006,097 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonyhcb.sys [2001/11/05 08:23:20 | 000,038,739 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonyhcc.sys [2001/11/05 08:23:52 | 000,299,923 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonyhcs.sys [2002/10/15 21:41:06 | 000,102,220 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonypvs1.sys [2001/08/17 12:56:16 | 000,007,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS [2001/08/17 14:07:44 | 000,019,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sparrow.sys [2008/04/13 18:45:07 | 000,006,272 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\splitter.sys [2008/04/13 18:36:52 | 000,073,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sr.sys [2011/02/17 13:18:03 | 000,357,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\srv.sys [2008/04/13 18:45:15 | 000,049,408 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\stream.sys [2008/04/13 18:46:21 | 000,015,232 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\streamip.sys [2008/04/13 18:39:53 | 000,004,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\swenum.sys [2008/04/13 18:45:09 | 000,056,576 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\swmidi.sys [2001/08/17 14:07:34 | 000,016,256 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\symc810.sys [2001/08/17 14:07:36 | 000,032,640 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\symc8xx.sys [2001/08/17 14:07:40 | 000,028,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sym_hi.sys [2001/08/17 14:07:42 | 000,030,688 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sym_u3.sys [2008/04/13 19:15:55 | 000,060,800 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sysaudio.sys [2008/04/13 18:40:50 | 000,014,976 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tape.sys [2008/06/20 11:51:12 | 000,361,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tcpip.sys [2010/02/11 12:02:15 | 000,226,880 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tcpip6.sys [2008/04/13 19:00:05 | 000,019,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tdi.sys [2008/04/14 00:13:20 | 000,012,040 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tdpipe.sys [2008/04/14 00:13:21 | 000,021,896 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tdtcp.sys [2008/04/14 00:13:20 | 000,040,840 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\termdd.sys [2004/08/04 12:00:00 | 000,051,712 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tosdvd.sys [2001/08/17 13:51:56 | 000,004,992 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\toside.sys [2004/08/04 12:00:00 | 000,021,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tsbvcap.sys [2008/04/13 18:56:01 | 000,012,288 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tunmp.sys [2008/04/13 18:36:40 | 000,044,672 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\uagp35.sys [2008/04/13 18:32:36 | 000,066,048 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\udfs.sys [2001/08/17 13:52:22 | 000,036,736 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ultra.sys [2008/04/13 18:39:46 | 000,384,768 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\update.sys [2008/04/13 18:56:49 | 000,012,800 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usb8023.sys [2008/04/13 18:56:49 | 000,012,800 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usb8023x.sys [2008/04/13 18:45:40 | 000,025,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbcamd.sys [2008/04/13 18:45:41 | 000,025,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbcamd2.sys [2008/04/13 18:45:39 | 000,032,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbccgp.sys [2001/08/17 13:03:02 | 000,004,736 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbd.sys [2008/04/13 18:45:35 | 000,030,208 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbehci.sys [2008/04/13 18:45:37 | 000,059,520 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbhub.sys [2008/04/13 18:45:43 | 000,015,872 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbintel.sys [2001/05/07 10:56:02 | 000,019,805 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbio.sys [2008/04/13 18:45:35 | 000,017,152 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbohci.sys [2008/04/13 18:45:36 | 000,143,872 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbport.sys [2008/04/13 18:47:37 | 000,025,856 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbprint.sys [2008/04/13 18:45:34 | 000,015,104 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbscan.sys [2008/04/13 18:45:38 | 000,026,368 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbstor.sys [2008/04/13 18:46:20 | 000,121,984 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbvideo.sys [2010/06/26 12:43:26 | 000,102,080 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys [2005/07/30 06:21:32 | 000,011,988 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\vbtenum.sys [2004/10/19 12:37:38 | 000,061,312 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\VComm.sys [2006/02/28 15:57:22 | 000,084,836 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\VcommMgr.sys [2004/08/04 12:00:00 | 000,058,112 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\vdmindvd.sys [2008/04/13 18:44:40 | 000,020,992 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\vga.sys [2005/07/29 15:21:48 | 000,011,736 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\VHIDMini.sys [2008/04/13 18:36:40 | 000,042,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\viaagp.sys [2008/04/13 18:40:31 | 000,005,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\viaide.sys [2004/03/29 12:45:00 | 000,073,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\viamraid.sys [2008/04/13 18:44:40 | 000,081,664 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\videoprt.sys [2008/04/13 18:41:01 | 000,052,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\volsnap.sys [2008/04/13 18:43:55 | 000,014,208 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wacompen.sys [2004/08/03 21:29:40 | 000,011,807 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wadv07nt.sys [2004/08/03 21:29:40 | 000,011,295 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wadv08nt.sys [2004/08/03 21:29:42 | 000,011,871 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wadv09nt.sys [2004/08/03 21:29:42 | 000,011,935 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wadv11nt.sys [2008/04/13 18:57:21 | 000,034,560 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wanarp.sys [2004/08/03 21:29:46 | 000,022,271 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\watv06nt.sys [2004/08/03 21:29:46 | 000,025,471 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\watv10nt.sys [2008/04/13 19:17:18 | 000,083,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wdmaud.sys [2004/08/04 12:00:00 | 000,004,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wmilib.sys [2004/08/04 12:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys [2003/07/04 01:58:34 | 000,063,488 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wssbtr1f.sys [2008/04/13 18:46:24 | 000,019,200 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wstcodec.sys [2006/09/28 18:55:50 | 000,077,568 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WudfPf.sys [2006/09/28 19:00:34 | 000,082,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WudfRd.sys [2005/08/17 13:43:26 | 000,329,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ZD1211BU.SYS [2004/10/25 12:40:58 | 000,017,664 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ZDPSp50.sys [1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ] < %systemroot%\system32\*.exe /lockedfiles > [2012/05/04 12:32:19 | 002,026,496 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ntkrnlpa.exe [17 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2005/11/25 08:53:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2005/11/25 08:53:37 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2005/11/25 08:53:37 | 000,868,352 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > [2006/06/18 16:42:58 | 000,299,078 | ---- | M] () -- C:\Program Files\10131610.cab [2006/06/18 16:01:15 | 007,914,851 | ---- | M] () -- C:\Program Files\Christmas Pinball.exe [2006/06/18 15:56:12 | 000,863,616 | ---- | M] () -- C:\Program Files\Epic Pinball.zip [2006/06/17 17:56:55 | 002,053,688 | ---- | M] (Google) -- C:\Program Files\GoogleDesktopSetup.exe [2006/06/15 15:29:32 | 037,311,488 | ---- | M] (Apple Computer, Inc. ) -- C:\Program Files\iTunesSetup.exe [2006/06/18 16:14:10 | 001,002,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\JournalViewer1.5_KB886179_ENU.exe [2006/06/15 15:37:24 | 017,357,552 | ---- | M] (The LEGO Group) -- C:\Program Files\Lego Designer.exe [2006/06/18 16:13:20 | 002,931,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\LEO_Setup.EXE [2006/06/18 16:22:42 | 001,638,400 | ---- | M] () -- C:\Program Files\Nature Theme 1 - Animal_EN.msi [2006/06/18 16:23:47 | 006,571,008 | ---- | M] () -- C:\Program Files\Nile_Theme_EN.msi [2006/06/15 16:12:21 | 001,062,523 | ---- | M] () -- C:\Program Files\Peps Football Pinball Game.zip [2006/06/18 16:24:58 | 000,163,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\pfbackup.exe [2006/06/18 16:11:19 | 001,389,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\ppttmpl3.exe [2006/06/18 16:09:55 | 000,330,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\ppttpwiz.exe [2006/06/18 16:10:48 | 000,480,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sounds.EXE [2006/06/18 16:18:42 | 005,566,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\vviewer.exe [2006/06/18 16:16:00 | 002,176,928 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows-KB890830-V1.17.exe [2006/06/18 16:26:51 | 000,518,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB884020-x86-enu.exe [2006/06/18 16:15:14 | 004,659,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB908531-v2-x86-ENU.exe [2006/06/18 16:19:59 | 003,830,526 | ---- | M] () -- C:\Program Files\WM Components 2.0.2.dmg [2006/06/15 16:29:15 | 024,070,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/10/25 18:12:27 | 000,889,848 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/10/25 18:12:27 | 000,889,848 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/10/25 18:12:27 | 000,889,848 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/10/25 18:12:28 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/10/25 18:12:28 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/10/25 18:12:28 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 11:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 11:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 11:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/01/29 14:08:38 | 003,583,272 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/01/29 14:08:38 | 003,583,272 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/01/29 14:08:38 | 003,583,272 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/01/29 14:08:38 | 003,583,272 | ---- | M] (Apple Inc.) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/10/25 18:12:27 | 000,889,848 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/10/25 18:12:27 | 000,889,848 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/10/25 18:12:27 | 000,889,848 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/10/25 18:12:28 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/10/25 18:12:28 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/10/25 18:12:28 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 11:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 11:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 11:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/01/29 14:08:38 | 003,583,272 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/01/29 14:08:38 | 003,583,272 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/01/29 14:08:38 | 003,583,272 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/01/29 14:08:38 | 003,583,272 | ---- | M] (Apple Inc.) ========== Alternate Data Streams ========== @Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:029666E0 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 < End of report > Quote
plumtast Posted October 31, 2012 Author Posted October 31, 2012 ================================================= Extras Log: OTL Extras logfile created on: 31/10/2012 12:15:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1023.48 Mb Total Physical Memory | 486.04 Mb Available Physical Memory | 47.49% Memory free 2.40 Gb Paging File | 1.98 Gb Available in Paging File | 82.18% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229.36 Gb Total Space | 84.97 Gb Free Space | 37.05% Space Free | Partition Type: NTFS Drive D: | 33.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: MESH | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}" = AVG 2013 "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead DVD MovieFactory 3 "{07FFDC2A-DDCB-4E5E-A3C4-D1B46CF1BF4F}" = Virtual Midi Controller Demo "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client "{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds "{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}" = Sony ACID Music Studio 5.0 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1446A30C-6DAF-461E-96B1-31C554870082}_is1" = Tag - IGF Professional 2008 "{150FEA49-4039-4458-B9D0-F19CC17229FE}" = LEGO Star Wars 2 DEMO "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig "{160F1966-21BA-4FF9-9856-714E0A45DFEF}_is1" = gdTunes "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}" = c5100_Help "{1E61538A-D482-4252-BBB7-D892FD52FC50}" = Grabster AV 400 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress "{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 35 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{295C07FB-4CB7-4060-BDA8-01964D748955}" = WinPOD "{2B8151AE-7D9A-4A1C-8C94-CBCC7A45BB23}" = AVG 2013 "{2C1A70C0-6E4B-4177-8CF7-0B941B268794}" = Serif 3DPlus 3.0 "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK "{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh "{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7 "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale "{39B1915D-3CBA-42F8-8A58-2AB5587BF863}" = Microsoft Office PowerPoint 2003 Template Creation Wizard "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth "{3DFA5FC6-C241-4B42-87DF-8AEB0FE975C2}" = Nature Theme 1 Animal "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1 "{42151323-36EA-4578-B10C-540CDEE18423}_is1" = XtenDS 8 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant "{4F0B76FF-2033-47F2-922B-BF62C366B6C9}" = BlueTunes "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{543A5E2A-FEE5-4DA5-AE2C-4668C8652A24}" = WiiMedia Savegame Manager "{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{620797B0-A022-4B57-A95E-DD7DD0341016}" = HideAnyWindow "{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ED4F0D8-E36B-4B33-ACCB-713734897A43}" = Inspyder Finder Trial "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme "{74E03281-FA64-11D3-B8D7-0080C8FCA09C}" = Enemy Engaged RAH66 Comanche Vs KA52 Hokum "{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7989FC0E-85EC-4C8D-AD5C-3FD1398261A7}" = ATI Catalyst Control Center "{7A98F3A8-5702-4395-950B-5F7C2151CD9B}" = O-Generator Demo "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status "{839911F0-D9CB-400F-AE78-5D8264F38C42}" = OutRun2006 Coast 2 Coast "{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{87E8AD7D-31B2-4C09-8D96-30D9128C7C40}" = Pacific Combat Pilot "{8874FD36-7C9D-4573-8956-E368D6753D90}" = Worms Blast "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English) "{90AD0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3 "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy "{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}" = BlueSoleil "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B94BE6F-7CA3-4C40-A266-62667FF746CC}" = ATI Drivers "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility "{A79A4843-DDCD-489B-AAEC-5A7FB4E905C9}" = Google Desktop TimeWarp Plugin "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup 1.0 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B19C841C-D60A-462F-AB86-4FDD51A77FA3}" = NILE THEME "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig "{B3B9BC18-2A09-4728-9B46-12E85FF3F628}" = C5100 "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A "{BE9B7A3D-BB08-427D-9B3E-508568EE90D9}" = gdShutdown "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1BC3E6F-B77B-46D9-A2D4-6849DFE139AF}" = VRC_Demo_v323_English "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA "{C9BFF8C0-2698-4E07-A808-5971E573D257}_is1" = Quintessence - The Blighted Venom [Chapter 1 - 11] "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{D55D7EE6-3013-47AC-BE71-51AA35A221AB}" = Quake Live Internet Explorer Plugin "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0 "{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer "{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari "{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton Security Scan "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database "{DF3ABC1A-CA26-460C-944B-7C9E2C55CB73}" = Google Desktop Plugin - DigiWatch "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E397F6F0-AEE4-4236-BB05-1351350F8365}" = War Rock "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy 1.0 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse "{EAC6915F-7AD3-4247-9CD5-204B2A0C3AC4}" = Pure Motion EditStudio 4 "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1 "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC "{F1A36967-8AF5-4BDB-90BB-F6B2750839E1}" = SynthEdit "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan "{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F7C6D087-D5D6-46F8-857D-BBD6D26289D3}" = Safester "{F7D767EF-0AA7-4F0B-809D-1E021893811A}" = VirtualBox OSE "{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Addon RT6x Wireless LAN Card "{FAC5A618-C41C-485F-826C-3589BDA34CE7}" = BOINC "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard "{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "7-Zip" = 7-Zip 4.65 "A9CD4C7D-6D93-4B56-A226-1D28DB060A87_is1" = Test Tone Generator 4.2 "Adobe AIR" = Adobe AIR "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AIMars" = Kids Cam Sticker Factory "Akamai" = Akamai NetSession Interface Service "Alien Arena 2010_is1" = Alien Arena 2010 "All ATI Software" = ATI - Software Uninstall Utility "Alpha 3" = Alpha 3 "AnalogX SayIt" = AnalogX SayIt "Anvi Smart Defender" = Anvi Smart Defender 1.6 "Apache Havoc" = Apache Havoc "Apache Havoc Patch 1.1" = Apache Havoc Patch 1.1 "Artillery2 CM Edition" = Artillery2 CM Edition "ASIO4ALL" = ASIO4ALL "ATI Display Driver" = ATI Display Driver "Audacity_is1" = Audacity 1.2.6 "AVG" = AVG 2013 "AviSynth" = AviSynth 2.5 "Battleships Forever_is1" = Battleships Forever v0.90d "BRACX2_is1" = Bratz Activity Centre "Build Your Own Net Dream" = Build Your Own Net Dream (remove only) "CCleaner" = CCleaner "CE Launcher_is1" = 1.0 "Chain Reaction Demo" = Chain Reaction Demo (remove only) "CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1" = PCI SoftV92 Modem "Collab" = Collab "Combat Flight Simulator 1.00" = Microsoft Combat Flight Simulator "Cool Edit Pro 2.0" = Cool Edit Pro 2.0 "CopernicDesktopSearch2" = Copernic Desktop Search - Home "CutePDF Writer Installation" = CutePDF Writer 2.8 "Defraggler" = Defraggler "DivX Content Uploader" = DivX Content Uploader "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX Setup "DJ Mix Pro" = DJ Mix Pro "DLDIrc" = DLDIrc "Doctor.scr" = Doctor ScreenSaver "dreamDeals Plugin_is1" = dreamDeals Plugin 1.0 "Electric Sheep" = Electric Sheep 2.7b26 "eMule" = eMule "Ewisoft Website Builder (include eCommerce Builder)_is1" = Ewisoft Website Builder (include eCommerce Builder) "Expression Tone Generator" = Expression Tone Generator "Eyewitness History of the World 2.0" = Eyewitness History of the World 2.0 "Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition "FL Studio 8" = FL Studio 8 "FlightGear_is1" = FlightGear v1.0.0 "foldit" = foldit "Frets on Fire" = Frets On Fire "Frontier Compute Engine" = Frontier Compute Engine "GamersFirst LIVE!" = GamersFirst LIVE! "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "Google Updater" = Google Updater "HammerHead Rhythm Station" = HammerHead Rhythm Station "HF_screensaver" = HF_screensaver "HP Document Viewer" = HP Document Viewer 7.0 "HP Imaging Device Functions" = HP Imaging Device Functions 7.0 "HP Photo & Imaging" = HP Photosmart Premier Software 6.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0 "HPExtendedCapabilities" = HP Customer Participation Program 7.0 "HPOCR" = OCR Software by I.R.I.S 7.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "iF/A-18" = iF/A-18 Carrier Strike Fighter "igLoader" = igLoader "IL Download Manager" = IL Download Manager "Impulse" = Impulse "InstallShield_{150FEA49-4039-4458-B9D0-F19CC17229FE}" = LEGO Star Wars 2 DEMO "InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility "InterActual Player" = InterActual Player "Intermorphic Noatikl_is1" = Intermorphic Noatikl 1.5 "IrfanView" = IrfanView (remove only) "KartRider" = ????? "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.14 "LETHAL JUDGMENT 2 - Orbital Apocalypse_is1" = Version 1.0 "Lethal Judgment 3 End Game_is1" = Lethal Judgment 3 1.0 "MAGIX Music Maker 14 silver UK" = MAGIX Music Maker 14 silver 13.0.1.10 (UK) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "Mnemosyne_is1" = Mnemosyne 1.2.2 "Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "Muddle Earth" = Muddle Earth Screen Saver "MultiGen" = MultiGen "Music Editing System" = Music Editing System "Net Snippets" = Net Snippets "NetBattle_is1" = NetBattle "Nimbuzz" = Nimbuzz 1.5.0 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "oggcodecs" = oggcodecs 0.71.0946 "Onelog_Client_1.0" = MultiResource Client 2.8.0.11 "OpenAL" = OpenAL "Orb" = Orb "PoiZone" = PoiZone "Pokémon Reader 2_is1" = Pokémon Reader 2 (Build 53) "POL Map editor" = POL Map editor "Polychromatic Funk Monkey_is1" = Polychromatic Funk Monkey 1.4 "PunkBusterSvc" = PunkBuster Services "Puzzle Pirates" = Puzzle Pirates "Reaktor Demo" = Reaktor Demo "RealPlayer 6.0" = RealPlayer "ReCycle Demo_is1" = ReCycle Demo 2.1.2 "RiseOfNationsExpansion 1.0" = Rise of Nations "Sandlot Games Client Services_is1" = Sandlot Games Client Services "ST6UNST #1" = Bedfordshire Prime "ST6UNST #2" = ER- 0 Drum Synth "Starsiege TRIBES" = Starsiege TRIBES 1.8 "Steam App 11910" = Lumines Demo "Steam App 13140" = America's Army 3 "Steam App 1502" = Darwinia Demo "Steam App 18610" = Mayhem Intergalactic Demo "Steam App 18710" = And Yet it Moves - Demo "Steam App 18800" = Zero Gear Demo "Steam App 20720" = Starscape Demo "Steam App 21510" = Pyroblazer Demo "Steam App 219" = Half-Life 2: Demo "Steam App 22220" = Zeno Clash Demo "Steam App 22620" = Alien Breed: Impact Demo "Steam App 23480" = Ceville - Demo "Steam App 26810" = Braid Demo "Steam App 2730" = ThreadSpace: Hyperbol Demo "Steam App 29110" = Retro/Grade IGF Demo "Steam App 29140" = Between IGF Demo "Steam App 29170" = Blueberry Garden Demo "Steam App 29200" = Osmos Demo "Steam App 32159" = Everyday Genius: SquareLogic Demo "Steam App 3412" = Heavy Weapon Deluxe Demo "Steam App 3483" = Peggle Extreme "Steam App 34930" = Razor2: Hidden Skies - Demo "Steam App 35710" = Trine Demo "Steam App 36920" = All Aspects of Warfare - Demo "Steam App 37510" = Magnetis Demo "Steam App 37810" = QuantZ Demo "Steam App 3840" = Psychonauts Demo "Steam App 38910" = Rhythm Zone - Demo "Steam App 40430" = Tidalis Demo "Steam App 40710" = Machinarium Demo "Steam App 410" = Portal: First Slice "Steam App 41010" = Serious Sam HD: The Second Encounter "Steam App 41020" = Serious Sam HD: The First Encounter Demo "Steam App 41220" = Eufloria - Demo "Steam App 42510" = Dogfighter Demo "Steam App 4330" = Star Trek: D·A·C - Demo "Steam App 44205" = Galcon Fusion Demo "Steam App 45430" = Fortix - Demo "Steam App 46010" = Bob Came in Pieces Demo "Steam App 4610" = Full Pipe Demo "Steam App 46610" = Swarm Arena Demo "Steam App 480" = Spacewar "Steam App 57210" = Puzzle Dimension Demo "Steam App 58220" = Jolly Rover Demo "Steam App 58410" = Turba Demo "Steam App 6110" = Eets Demo "Steam App 70310" = VVVVVV Demo "Steam App 70410" = Recettear: An Item Shop's Tale - Demo "Steam App 70910" = Star Ruler - Demo "Steam App 8900" = Freedom Force - Demo "Steam App 8910" = Freedom Force vs. the 3rd Reich - Demo "Steam App 92" = Codename Gordon "Steam App 9950" = Blade Kitten Demo "Synaesthete_is1" = Synaesthete (v1.0) "SystemRequirementsLab" = System Requirements Lab "Tremulous" = Tremulous 1.1.0 "Tribes 2" = Tribes 2 "Ultrafighters" = Ultrafighters "UnityWebPlayer" = Unity Web Player "uTorrent" = µTorrent "Vimidi_is1" = Vimidi 1.0 "Virtools3DLifePlayer" = Virtools 3D Life Player "Warp Pipe" = Warp Pipe Beta "WarZone Client v1.0.44" = WarZone Client v1.0.44 "WavePad" = WavePad Sound Editor "WFCStatus" = WFCStatus 1.5.0.10 "Wii Video 9" = Wii Video 9 2.25 "WildSnake Pinball: Christmas Tree_is1" = WildSnake Pinball: Christmas Tree 1.34 "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 3.0 "WinZip" = WinZip "WMCSetup" = Windows Media Connect "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Pokemon - Den of Ages" = Pokemon - Den of Ages ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 29/10/2012 08:24:23 | Computer Name = MESH | Source = PerfNet | ID = 2006 Description = Unable to read Server Queue performance data from the Server service. No Server Queue performance data will be returned in this sample. Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2. Error - 29/10/2012 13:09:28 | Computer Name = MESH | Source = PerfNet | ID = 2004 Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error - 30/10/2012 04:47:16 | Computer Name = MESH | Source = PerfNet | ID = 2004 Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error - 30/10/2012 04:49:54 | Computer Name = MESH | Source = BOINC | ID = 1 Description = Error - 30/10/2012 15:16:50 | Computer Name = MESH | Source = PerfNet | ID = 2004 Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error - 30/10/2012 15:22:21 | Computer Name = MESH | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x456713e8. Error - 30/10/2012 15:22:29 | Computer Name = MESH | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Error - 30/10/2012 15:25:08 | Computer Name = MESH | Source = PerfNet | ID = 2004 Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error - 31/10/2012 05:43:12 | Computer Name = MESH | Source = PerfNet | ID = 2004 Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error - 31/10/2012 06:18:14 | Computer Name = MESH | Source = Ci | ID = 4118 Description = A content scan could not be completed on c:\. [ System Events ] Error - 31/10/2012 05:45:15 | Computer Name = MESH | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSDriver AVGIDSShim MpFilter Error - 31/10/2012 05:51:08 | Computer Name = MESH | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 31/10/2012 06:09:12 | Computer Name = MESH | Source = Service Control Manager | ID = 7000 Description = The MBAMSwissArmy service failed to start due to the following error: %%31 Error - 31/10/2012 06:09:34 | Computer Name = MESH | Source = Service Control Manager | ID = 7000 Description = The MBAMSwissArmy service failed to start due to the following error: %%31 Error - 31/10/2012 08:07:05 | Computer Name = MESH | Source = Service Control Manager | ID = 7000 Description = The AntiMalware Host-based Intrusion Prevention System service failed to start due to the following error: %%31 Error - 31/10/2012 08:07:05 | Computer Name = MESH | Source = Service Control Manager | ID = 7000 Description = The AnviSmartDefender Web Guard service failed to start due to the following error: %%31 Error - 31/10/2012 08:07:05 | Computer Name = MESH | Source = Service Control Manager | ID = 7001 Description = The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: %%31 Error - 31/10/2012 08:07:05 | Computer Name = MESH | Source = Service Control Manager | ID = 7023 Description = The Anvi Smart Defender Realtime Guard Service service terminated with the following error: %%2 Error - 31/10/2012 08:07:05 | Computer Name = MESH | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 31/10/2012 08:07:05 | Computer Name = MESH | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSDriver AVGIDSShim MpFilter < End of report > ====================================== mbam log: Malwarebytes Anti-Malware 1.65.1.1000 http://www.malwarebytes.org Database version: v2012.10.31.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 :: MESH [administrator] 31/10/2012 10:11:57 mbam-log-2012-10-31 (10-11-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 421519 Time elapsed: 1 hour(s), 35 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3EA4FD1-CADE-4AE5-84F7-086EEE888BE4} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\WINDOWS\system32\regedit.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 8 C:\Documents and Settings\All Users\Application Data\386C33D85747E24000B1386B834FC480\386C33D85747E24000B1386B834FC480.exe (Trojan.LameShield.SIN) -> Quarantined and deleted successfully. C:\Documents and Settings\visitor\My Documents\Downloads\installer_gravity_bone.exe (PUP.BundleInstaller.PHP) -> Quarantined and deleted successfully. C:\Documents and Settings\visitor\My Documents\Downloads\SkipScreen-Setup.exe (PUP.Zugo) -> Quarantined and deleted successfully. C:\Program Files\Internet Explorer\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mstsrate.dll (Trojan.Fakeroot) -> Quarantined and deleted successfully. C:\Documents and Settings\visitor\Local Settings\Temp\3575359.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\visitor\kedxalekcyfy.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\visitor\Local Settings\Temp\ms0cfg32.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully. (end) Quote
Starbuck Posted October 31, 2012 Posted October 31, 2012 (edited) Hi plumtast I've removed my last post about running Combofix in Safe Mode. We need to address something else first: The following programs Must be removed: J2SE Runtime Environment 5.0 Update 1 J2SE Runtime Environment 5.0 Update 7 J2SE Runtime Environment 5.0 Update 9 J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 Java SE Runtime Environment 6 Update 1 Java 6 Update 2 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Java 6 Update 35 Reboot the system when these have been removed. Do NOT remove: Java 7 Update 9 Also please remove: Anvi Smart Defender We all like getting something for free, but relying on Anvi Smart Defender for antivirus could be an expensive proposition. In testing, it proved almost wholly unable to cleanup malware threats and also did a very poor job preventing malware attacks on a clean system. Worse, it repeatedly identified perfectly valid Windows files as malware. You've been warned; stay away. It also contains an Anti Virus... so it needs to be removed to stop conflicts. It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause: 1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time. Therefore please go to add/remove in the control panel and remove either AVG 2013 or Microsoft Security Essentials. Entirely up to you which you remove. But if you do need a recommendation.... get rid of AVG and keep MSSE. When all this is done.... try running Combofix again. Edited October 31, 2012 by Starbuck Quote Member of:UNITE
plumtast Posted November 1, 2012 Author Posted November 1, 2012 Hi plumtast I've removed my last post about running Combofix in Safe Mode. We need to address something else first: The following programs Must be removed: J2SE Runtime Environment 5.0 Update 1 J2SE Runtime Environment 5.0 Update 7 J2SE Runtime Environment 5.0 Update 9 J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 Java SE Runtime Environment 6 Update 1 Java 6 Update 2 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Java 6 Update 35 Reboot the system when these have been removed. Do NOT remove: Java 7 Update 9 Also please remove: Anvi Smart Defender It also contains an Anti Virus... so it needs to be removed to stop conflicts. It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause: 1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time. Therefore please go to add/remove in the control panel and remove either AVG 2013 or Microsoft Security Essentials. Entirely up to you which you remove. But if you do need a recommendation.... get rid of AVG and keep MSSE. When all this is done.... try running Combofix again. ===================================== Ok, many thanks for that. Combofix log: ComboFix 12-10-31.03 - 31/10/2012 21:02:29.1.2 - x86 NETWORKMicrosoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.753 [GMT 0:00] Running from: c:\documents and settings\\Desktop\ComboFi.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\n\My Documents\~WRL1282.tmp c:\documents and settings\n\My Documents\~WRL1422.tmp c:\documents and settings\\My Documents\~WRL1425.tmp c:\documents and settings\\My Documents\~WRL1477.tmp c:\documents and settings\\My Documents\~WRL1743.tmp c:\documents and settings\\My Documents\~WRL1894.tmp c:\documents and settings\\My Documents\~WRL1962.tmp c:\documents and settings\\My Documents\~WRL2216.tmp c:\documents and settings\\My Documents\~WRL2388.tmp c:\documents and settings\\My Documents\~WRL2511.tmp c:\documents and settings\\My Documents\~WRL2614.tmp c:\documents and settings\\My Documents\~WRL2733.tmp c:\documents and settings\\My Documents\~WRL2833.tmp c:\documents and settings\\My Documents\~WRL3051.tmp c:\documents and settings\\My Documents\~WRL3286.tmp c:\documents and settings\\My Documents\~WRL3645.tmp c:\documents and settings\\My Documents\~WRL3979.tmp c:\documents and settings\\WINDOWS c:\documents and settings\\WINDOWS c:\documents and settings\\WINDOWS C:\install.exe c:\program files\JournalViewer1.5_KB886179_ENU.exe c:\program files\Windows-KB890830-V1.17.exe c:\program files\WindowsXP-KB884020-x86-enu.exe c:\program files\WindowsXP-KB908531-v2-x86-ENU.exe c:\program files\WinPCap c:\program files\WinPCap\daemon_mgm.exe c:\program files\WinPCap\INSTALL.LOG c:\program files\WinPCap\npf_mgm.exe c:\program files\WinPCap\rpcapd.exe c:\program files\WinPCap\Uninstall.exe C:\VDM1AC.tmp C:\VDM1AD.tmp C:\VDM1B0.tmp C:\VDM1B1.tmp C:\VDM1B4.tmp C:\VDM1B5.tmp c:\windows\apppatch\AppLoc.exe c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf c:\windows\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\@ c:\windows\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\n c:\windows\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\00000001.@ c:\windows\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\80000000.@ c:\windows\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\800000cb.@ c:\windows\pthreadGC2.dll c:\windows\system32\drivers\8b780ee2e5d8e336.sys c:\windows\system32\html c:\windows\system32\html\blank.htm c:\windows\system32\html\bot.htm c:\windows\system32\html\innerframeset.htm c:\windows\system32\html\left.htm c:\windows\system32\html\main.htm c:\windows\system32\html\middle.htm c:\windows\system32\html\rightframeset.htm c:\windows\system32\html\top.htm c:\windows\system32\html\website.htm c:\windows\system32\images c:\windows\system32\images\3models.gif c:\windows\system32\images\but3_off.gif c:\windows\system32\images\but3_on.gif c:\windows\system32\images\main_bot.gif c:\windows\system32\images\main_mid.gif c:\windows\system32\images\main_top.gif c:\windows\system32\images\model1.gif c:\windows\system32\images\panel_bot.gif c:\windows\system32\images\panel_top.gif c:\windows\system32\images\pc.gif c:\windows\system32\images\pcw_award_cover.gif c:\windows\system32\images\pcwcover.gif c:\windows\system32\images\Thumbs.db c:\windows\system32\images\topoff.gif c:\windows\system32\images\topon.gif c:\windows\system32\images\webscreen.gif c:\windows\system32\logs c:\windows\system32\logs\PBIMC c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\SET1B0.tmp c:\windows\system32\SET1CB.tmp c:\windows\system32\SET1CD.tmp c:\windows\system32\SET1DB.tmp c:\windows\system32\SET32.tmp c:\windows\system32\SET3D.tmp c:\windows\system32\SET3E.tmp c:\windows\system32\SET4A.tmp c:\windows\system32\SET4C.tmp c:\windows\system32\SET54.tmp c:\windows\system32\SET56.tmp c:\windows\system32\SET57.tmp c:\windows\system32\SET59.tmp c:\windows\system32\SET5C.tmp c:\windows\system32\SET5E.tmp c:\windows\system32\SET6D.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe c:\windows\system32\wpcap.dll c:\windows\unin0411.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF -------\Legacy_8b780ee2e5d8e336 -------\Service_8b780ee2e5d8e336 . . ((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-31 ))))))))))))))))))))))))))))))) . . 2012-10-31 20:16 . 2012-10-31 20:16 -------- d-----w- c:\documents and settings\visitor\Year Of The Dragon - Busta Rhymes 2012-10-31 20:14 . 2012-10-31 20:14 -------- d-----w- c:\documents and settings\n\Local Settings\Application Data\Zipeg 2012-10-30 21:11 . 2012-10-30 21:16 678 ----a-w- c:\windows\DeleteOnReboot.bat 2012-10-30 11:15 . 2012-10-30 11:15 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\Unity 2012-10-28 16:18 . 2009-08-14 10:20 757852 ----a-w- c:\windows\system32\Scutum.dll 2012-10-28 16:18 . 2009-07-21 10:50 180224 ----a-w- c:\windows\system32\W32N55.dll 2012-10-28 16:18 . 2009-05-11 11:45 147456 ----a-w- c:\windows\system32\DiagFunc.dll 2012-10-28 16:18 . 2008-12-30 16:55 143459 ----a-w- c:\windows\system32\RalinkGina.dll 2012-10-28 16:18 . 2008-09-10 15:55 200704 ----a-w- c:\windows\system32\ssleay32.dll 2012-10-28 16:18 . 2008-09-10 15:55 1085440 ----a-w- c:\windows\system32\libeay32.dll 2012-10-28 16:18 . 2009-06-12 17:21 500096 ----a-w- c:\windows\system32\drivers\rt61.sys 2012-10-28 16:18 . 2012-10-28 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Addon Driver 2012-10-28 16:18 . 2012-10-28 16:18 -------- d-----w- c:\program files\Addon 2012-10-28 11:17 . 2012-10-28 11:17 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\Sun 2012-10-26 17:54 . 2012-10-26 17:54 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-22 20:10 . 2012-10-23 07:09 -------- d-----w- c:\program files\HideAnyWindow 2012-10-18 18:20 . 2012-10-18 18:20 -------- d-----w- c:\documents and settings\\Application Data\AVG2013 2012-10-18 18:16 . 2012-10-18 18:16 -------- d-----w- c:\documents and settings\\Application Data\TuneUp Software 2012-10-18 18:15 . 2012-10-18 18:15 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-10-18 18:15 . 2012-10-30 21:11 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-10-18 18:13 . 2012-10-18 18:13 -------- d-----w- C:\$AVG 2012-10-18 18:13 . 2012-10-18 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013 2012-10-18 18:12 . 2012-10-18 18:12 -------- d-----w- c:\program files\AVG 2012-10-18 18:07 . 2012-10-31 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2012-10-18 18:07 . 2012-10-18 18:07 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2012-10-18 18:07 . 2012-10-18 18:07 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\MFAData 2012-10-18 18:07 . 2012-10-18 18:07 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\Avg2013 2012-10-18 17:28 . 2012-10-18 17:28 -------- d-----w- c:\documents and settings\\Application Data\Malwarebytes 2012-10-18 17:27 . 2012-10-18 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-10-18 17:27 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-18 17:27 . 2012-10-18 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-18 17:02 . 2012-10-18 17:02 -------- d-----w- c:\documents and settings\\Application Data\Anvisoft 2012-10-18 17:01 . 2012-08-20 09:23 22864 ----a-w- c:\windows\system32\drivers\asdrs.sys 2012-10-18 17:01 . 2012-08-20 09:23 14160 ----a-w- c:\windows\system32\drivers\asdws.sys 2012-10-18 17:01 . 2012-10-18 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Anvisoft 2012-10-18 17:01 . 2012-08-20 09:23 16208 ----a-w- c:\windows\system32\drivers\asdrm.sys 2012-10-18 17:01 . 2012-10-18 17:01 -------- d-----w- c:\program files\Anvisoft 2012-10-17 20:50 . 2012-10-17 20:50 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\PCHealth 2012-10-17 20:11 . 2012-10-17 20:11 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\Mozilla 2012-10-17 19:55 . 2012-10-17 19:55 -------- d-----w- c:\program files\Zone Labs 2012-10-17 19:17 . 2012-10-17 21:04 -------- d-----w- c:\documents and settings\dfgs 2012-10-17 18:04 . 2012-10-17 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\386C33D85747E24000B1386B834FC480 2012-10-13 19:42 . 2012-10-13 20:00 -------- d-----w- c:\documents and settings\visitor\safester_temp 2012-10-13 19:38 . 2012-10-13 19:38 -------- d-----w- c:\documents and settings\visitor\.awake 2012-10-13 19:34 . 2012-10-13 19:38 -------- d-----w- c:\documents and settings\visitor\safester_log 2012-10-05 02:26 . 2012-10-05 02:26 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2012-10-02 02:30 . 2012-10-02 02:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-26 17:53 . 2012-05-24 15:46 821736 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-10-26 17:53 . 2012-05-24 15:26 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-10-26 17:53 . 2010-10-17 15:41 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-08 18:19 . 2012-07-02 18:20 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-08 18:19 . 2012-07-02 18:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-21 02:46 . 2012-09-21 02:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-09-21 02:46 . 2012-09-21 02:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys 2012-09-21 02:45 . 2012-09-21 02:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2012-09-21 02:45 . 2012-09-21 02:45 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-09-14 02:05 . 2012-09-14 02:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2012-09-13 02:11 . 2012-09-13 02:11 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2006-06-18 16:24 . 2006-06-18 16:24 163712 ----a-w- c:\program files\pfbackup.exe 2006-06-18 16:23 . 2006-06-18 16:23 6571008 ----a-w- c:\program files\Nile_Theme_EN.msi 2006-06-18 16:22 . 2006-06-18 16:22 1638400 ----a-w- c:\program files\Nature Theme 1 - Animal_EN.msi 2006-06-18 16:18 . 2006-06-18 16:18 5566656 ----a-w- c:\program files\vviewer.exe 2006-06-18 16:13 . 2006-06-18 16:13 2931992 ----a-w- c:\program files\LEO_Setup.EXE 2006-06-18 16:11 . 2006-06-18 16:11 1389120 ----a-w- c:\program files\ppttmpl3.exe 2006-06-18 16:10 . 2006-06-18 16:10 480816 ----a-w- c:\program files\Sounds.EXE 2006-06-18 16:09 . 2006-06-18 16:09 330024 ----a-w- c:\program files\ppttpwiz.exe 2006-06-18 16:01 . 2006-06-18 16:01 7914851 ----a-w- c:\program files\Christmas Pinball.exe 2006-06-17 17:56 . 2006-06-17 17:56 2053688 ----a-w- c:\program files\GoogleDesktopSetup.exe 2006-06-15 16:29 . 2006-06-15 16:29 24070456 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe 2006-06-15 15:37 . 2006-06-15 15:37 17357552 ----a-w- c:\program files\Lego Designer.exe 2006-06-15 15:29 . 2006-06-15 15:29 37311488 ----a-w- c:\program files\iTunesSetup.exe 2012-10-25 18:12 . 2012-10-25 18:12 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288] "Akamai NetSession Interface"="c:\documents and settings\\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2005-01-14 110744] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="c:\program files\CyberLink\PowerBackup\PBKScheduler.exe" [2004-06-08 69721] "Ptipbmf"="ptipbmf.dll" [2003-06-20 118784] "SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-10 185896] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-06-10 4182784] "boinctray"="c:\program files\BOINC\boinctray.exe" [2009-06-10 58112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2011-01-02 1670656] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-08-23 1229104] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-10-10 3116152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\documents and settings\\Start Menu\Programs\Startup\ Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-8-13 155648] WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-6-24 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Addon Wireless Utility.lnk - c:\program files\Addon\Common\RaUI.exe [2012-10-28 1556480] Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"=myokent.dll "midi4"=vmcmidiport.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-06-20 00:32 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-01-06 13:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nimbuzz] 2011-03-01 21:43 7970816 ----a-w- c:\program files\Nimbuzz\Nimbuzz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray] 2004-12-20 16:12 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-12-03 16:46 14944136 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-11-18 12:01 1242448 ----a-w- c:\program files\Steam\Steam.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1265:TCP"= 1265:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASDRM *NewlyCreated* - AVGIDSHX *NewlyCreated* - AVGLDX86 *NewlyCreated* - AVGLOGX *NewlyCreated* - AVGMFX86 *NewlyCreated* - AVGRKX86 *NewlyCreated* - AVGTDIX *NewlyCreated* - AVGTP *NewlyCreated* - WUAUSERV . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 18:19] . 2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-17 17:13] . 2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-17 17:13] . 2012-10-31 c:\windows\Tasks\User_Feed_Synchronization-{6B9DDA16-430C-4C97-BD40-7A58000A54AD}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . 2012-10-31 c:\windows\Tasks\User_Feed_Synchronization-{D665C24D-DAD0-4076-8D6C-97D8FCC394E5}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . 2010-10-03 c:\windows\Tasks\{A8A3D621-80EA-4CA3-B111-70DC422BCB12}_MESH_.job - c:\windows\system32\mobsync.exe [2005-09-09 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{7130DF06-BBC1-4e16-83D4-1F875E65B695} - {F9C00EF7-B192-4609-B2B8-D705ACE341FF} - c:\progra~1\NETSNI~1\NetSnip.dll TCP: DhcpNameServer = 192.168.1.254 DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/ghostfrenzy/sis/axhost.cab FF - ProfilePath - c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\lr2j7lup.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - ExtSQL: 2012-09-23 17:03; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Power2GoExpress - (no file) HKCU-Run-BullGuard - c:\program files\BullGuard Software\BullGuard\bullguard.exe HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe SafeBoot-MsMpSvc MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe AddRemove-SystemRequirementsLab - c:\program files\SystemRequirementsLab\Uninstall.exe AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-31 21:37 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1444) c:\windows\system32\myokent.dll c:\windows\system32\vmcmidiport.dll c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'lsass.exe'(1508) c:\windows\system32\myokent.dll c:\windows\system32\vmcmidiport.dll . - - - - - - - > 'explorer.exe'(3884) c:\windows\system32\WININET.dll c:\windows\system32\myokent.dll c:\windows\system32\vmcmidiport.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\program files\Parabon\Frontier Compute Engine\bin\frontierMon.exe c:\program files\Parabon\Frontier Compute Engine\bin\frontierUpdate.exe c:\program files\Parabon\Frontier Compute Engine\bin\frontier.exe c:\program files\Java\jre7\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\program files\Addon\Common\RaRegistry.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\wscntfy.exe c:\windows\SOUNDMAN.EXE c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\program files\BOINC\boinc.exe c:\documents and settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcgrid_dsfl_vina_6.25_windows_intelx86 c:\documents and settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcgrid_sn2s_vina_6.20_windows_intelx86 c:\documents and settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcgrid_dsfl_vina_prod_x86.exe.6.25 c:\program files\ATI Technologies\ATI.ACE\cli.exe c:\program files\ATI Technologies\ATI.ACE\cli.exe c:\documents and settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcgrid_sn2s_vina_prod_x86.exe.6.20 . ************************************************************************** . Completion time: 2012-10-31 22:00:37 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-31 21:59 . Pre-Run: 91,074,031,616 bytes free Post-Run: 99,897,307,136 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer . - - End Of File - - 11942751D064EA5AF2EFB5E8236BE6D8 Quote
Starbuck Posted November 1, 2012 Posted November 1, 2012 Hi plumtast Thanks for that. Now that those items have been removed and Combofix has been run.... Let's get a fresh Otl report and deal with what is left: Double click on OTL to run it. Under Extra Registry section, select Use SafeList. Don't check the boxes beside 'LOP Check' and 'Purity Check' this time. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. Thanks Quote Member of:UNITE
plumtast Posted November 8, 2012 Author Posted November 8, 2012 Sorry, not been well hence delay in reply. Two posts to follow - 1 with each log. Many thanks! OTL OTL logfile created on: 08/11/2012 20:01:52 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1023.48 Mb Total Physical Memory | 455.36 Mb Available Physical Memory | 44.49% Memory free 2.40 Gb Paging File | 1.44 Gb Available in Paging File | 59.90% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229.36 Gb Total Space | 89.53 Gb Free Space | 39.04% Space Free | Partition Type: NTFS Drive D: | 33.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: MESH | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Documents and Settings\\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierMon.exe (Parabon Computation, Inc.) PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontier.exe (Parabon Computation, Inc.) PRC - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft) PRC - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft) PRC - C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcgrid_dsfl_vina_prod_x86.exe.6.25 () PRC - C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcgrid_dsfl_vina_6.25_windows_intelx86 () PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierUpdate.exe (Parabon Computation, Inc.) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcg_faah_autodock_6.40_windows_intelx86 (The Scripps Research Institute and IBM Corporation) PRC - C:\Program Files\Addon\Common\RaUI.exe (Addon Technology Ltd.) PRC - C:\Program Files\Addon\Common\RaRegistry.exe (Ralink Technology, Corp.) PRC - C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) PRC - C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory) PRC - C:\Program Files\BOINC\boinc.exe (Space Sciences Laboratory) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin) PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe () PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink) PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink) PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe () PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe () PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.) PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () MOD - C:\Program Files\Anvisoft\Anvi Smart Defender\sqlite3.dll () MOD - C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcgrid_dsfl_vina_prod_x86.exe.6.25 () MOD - C:\Documents and Settings\All Users\Application Data\BOINC\projects\http://www.worldcommunitygrid.org\wcgrid_dsfl_vina_6.25_windows_intelx86 () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c1de8e1c\system.drawing.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_353abf6a\system.windows.forms.dll () MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fe8bae91\mscorlib.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_6c105c62\system.xml.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_157634b6\system.dll () MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll () MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll () MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\WINDOWS\system32\cpwmon2k.dll () MOD - C:\WINDOWS\system32\DiagFunc.dll () MOD - C:\Program Files\BOINC\cudart.dll () MOD - C:\Program Files\BOINC\zlib1.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll () MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll () MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll () MOD - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinwcuiDLL.dll () MOD - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinHWStatus.dll () MOD - C:\WINDOWS\system32\vmcmidiport.dll () MOD - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe () MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe () MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe () MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll () MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll () MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll () MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\HomeNetWorking\CLNetMedia.dll () ========== Services (SafeList) ========== SRV - (rpcapd) -- %ProgramFiles%\WinPcap\rpcapd.exe File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_b5e8a4c.dll () SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (Frontier Compute Engine) -- C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierMon.exe (Parabon Computation, Inc.) SRV - (asdsrv) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Frontier Update Service) -- C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierUpdate.exe (Parabon Computation, Inc.) SRV - (RalinkRegistryWriter) -- C:\Program Files\Addon\Common\RaRegistry.exe (Ralink Technology, Corp.) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (BlueSoleil Hid Service) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe () SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink) SRV - (CLSched) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe () SRV - (CLCapSvc) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe () SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (CFcatchme) -- C:\DOCUME~1\\LOCALS~1\Temp\CFcatchme.sys File not found DRV - (catchme) -- C:\ComboFi\catchme.sys File not found DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (asdrs) -- C:\WINDOWS\system32\drivers\asdrs.sys (Anvisoft) DRV - (asdrm) -- C:\WINDOWS\system32\drivers\asdrm.sys (Anvisoft) DRV - (asdws) -- C:\WINDOWS\system32\drivers\asdws.sys () DRV - (VBoxDrv) -- C:\Program Files\Sun\VirtualBox OSE\VBoxDrv.sys (Sun Microsystems, Inc.) DRV - (VBoxNetFlt) -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.) DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.) DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology, Corp.) DRV - (Scutum50) -- C:\WINDOWS\system32\drivers\Scutum50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation) DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (BT) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys (IVT Corporation) DRV - (BLKWGU(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation) DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation) DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys () DRV - (nvnforce) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation) DRV - (nvax) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation) DRV - (BTHidMgr) -- C:\WINDOWS\system32\drivers\BTHidMgr.sys (IVT Corporation) DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.) DRV - (m5287) -- C:\WINDOWS\system32\drivers\m5287.sys (ULi Electronics Inc.) DRV - (m5289) -- C:\WINDOWS\system32\drivers\m5289.sys (ULi Electronics Inc.) DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (iComp) -- C:\WINDOWS\system32\drivers\p2usbwdm.sys (Conexant Systems Inc.) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys (Promise Technology, Inc.) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (USBIO) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=-2sDKcDEApIF3bXpdzZjJfrBHrc?q={searchTerms} IE - HKCU\..\SearchScopes\{C2353BDA-19DB-4F7E-936F-2EAA9D89C0AB}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=10: C:\Program Files\Google\Google Updater\2.1.810.31257\npCIDetect10.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/01 16:12:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/17 20:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\\Application Data\Mozilla\Extensions [2012/10/30 08:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\\Application Data\Mozilla\Firefox\Profiles\lr2j7lup.default\extensions [2012/11/01 16:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/11/01 16:11:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012/11/01 16:12:35 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/10/07 07:29:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/25 18:12:27 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.1.810.31257\npCIDetect10.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll O1 HOSTS File: ([2012/10/31 21:37:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.) O3 - HKLM\..\Toolbar: (Net Snippets) - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\Program Files\NetSnippets\NetSnip.DLL (Net Snippets LTD.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe (CyberLink Corp.) O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.) O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [bullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" File not found O4 - HKCU..\Run: [Power2GoExpress] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Addon Wireless Utility.lnk = C:\Program Files\Addon\Common\RaUI.exe (Addon Technology Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin) O4 - Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\Program Files\NetSnippets\NetSnip.DLL (Net Snippets LTD.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: internet ([]about in Internet) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156003235671 (MUWebControl Class) O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave.com/content/ghostfrenzy/sis/axhost.cab (WildfireActiveXHost Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://cloverleafgames.com/igloader.CAB (igLoader Content on Demand) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Virtools WebPlayer Class) O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} http://www.candystand.com/assets/activex/virtools/CacheManager.CAB (CacheManager.CacheManagerCtrl) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://msnuk.oberon-media.com/online2/MSN_INTL_UK/insaniquarium_non_zylom/popcaploader_v6.cab (PopCapLoader Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29AF84D6-C5B5-4117-B363-6E563C03BE00}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5472BD3-8BB9-4176-9B87-A8C28AB2C5CC}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/11/25 09:00:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/11/08 18:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG [2012/11/05 10:08:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\TempFDFE5C73-D615-8C64-76E1-211BA9DCFA2C-Signatures [2012/11/04 09:27:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp50C8A26A-3FEA-478A-F4F9-D800502FC839-Signatures [2012/11/04 09:18:45 | 000,000,000 | ---D | C] -- C:\a5dbb2febf5f6f4c8dba390a9f3a [2012/11/01 21:43:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\TempDE7E0D27-FB35-C35B-7EA0-A145C4FA2B21-Signatures [2012/11/01 18:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [2012/11/01 18:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/11/01 18:14:40 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012/11/01 16:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/11/01 12:58:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/10/31 21:23:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012/10/31 20:35:52 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/10/31 20:33:50 | 000,000,000 | ---D | C] -- C:\ComboFi [2012/10/31 20:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Zipeg [2012/10/31 12:13:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe [2012/10/31 09:56:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\\Start Menu\Programs\Administrative Tools [2012/10/31 09:54:53 | 004,991,994 | R--- | C] (Swearware) -- C:\Documents and Settings\\Desktop\ComboFi.exe [2012/10/31 09:51:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/10/31 09:51:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/10/31 09:51:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/10/31 09:51:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/10/30 11:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Unity [2012/10/29 21:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Desktop\RK_Quarantine [2012/10/28 16:18:56 | 001,085,440 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll [2012/10/28 16:18:56 | 000,757,852 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll [2012/10/28 16:18:56 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll [2012/10/28 16:18:56 | 000,180,224 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll [2012/10/28 16:18:56 | 000,143,459 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll [2012/10/28 16:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Addon Wireless [2012/10/28 16:18:38 | 000,500,096 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt61.sys [2012/10/28 16:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Addon Driver [2012/10/28 16:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Addon [2012/10/28 11:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Sun [2012/10/26 17:54:42 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/10/26 17:54:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/10/26 17:54:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/10/26 17:54:22 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/10/22 20:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HideAnyWindow [2012/10/22 20:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\HideAnyWindow [2012/10/18 18:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\AVG2013 [2012/10/18 18:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\TuneUp Software [2012/10/18 18:15:37 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys [2012/10/18 18:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012/10/18 18:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013 [2012/10/18 18:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012/10/18 18:07:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/10/18 18:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\MFAData [2012/10/18 18:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData [2012/10/18 18:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Avg2013 [2012/10/18 17:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\Malwarebytes [2012/10/18 17:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/10/18 17:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/10/18 17:27:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/10/18 17:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/10/18 17:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\Anvisoft [2012/10/18 17:01:15 | 000,022,864 | ---- | C] (Anvisoft) -- C:\WINDOWS\System32\drivers\asdrs.sys [2012/10/18 17:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Anvisoft [2012/10/18 17:01:14 | 000,016,208 | ---- | C] (Anvisoft) -- C:\WINDOWS\System32\drivers\asdrm.sys [2012/10/18 17:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anvisoft [2012/10/18 17:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft [2012/10/17 21:17:35 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/10/17 21:17:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012/10/17 20:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\PCHealth [2012/10/17 20:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Mozilla [2012/10/17 19:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs [2012/10/17 18:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\386C33D85747E24000B1386B834FC480 [2006/06/18 16:24:55 | 000,163,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\pfbackup.exe [2006/06/18 16:18:39 | 005,566,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vviewer.exe [2006/06/18 16:13:17 | 002,931,992 | ---- | C] (Microsoft Corporation) -- C:\Program Files\LEO_Setup.EXE [2006/06/18 16:11:13 | 001,389,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ppttmpl3.exe [2006/06/18 16:10:43 | 000,480,816 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Sounds.EXE [2006/06/18 16:09:50 | 000,330,024 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ppttpwiz.exe [2006/06/17 17:56:41 | 002,053,688 | ---- | C] (Google) -- C:\Program Files\GoogleDesktopSetup.exe [2006/06/15 16:29:11 | 024,070,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe [2006/06/15 15:37:21 | 017,357,552 | ---- | C] (The LEGO Group) -- C:\Program Files\Lego Designer.exe [2006/06/15 15:29:04 | 037,311,488 | ---- | C] (Apple Computer, Inc. ) -- C:\Program Files\iTunesSetup.exe [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/08 20:11:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D665C24D-DAD0-4076-8D6C-97D8FCC394E5}.job [2012/11/08 19:33:40 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012/11/08 19:28:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/11/08 19:19:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/11/08 18:28:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/11/08 17:37:43 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/11/08 17:35:40 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6B9DDA16-430C-4C97-BD40-7A58000A54AD}.job [2012/11/08 17:29:45 | 000,012,664 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/11/08 17:27:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/11/05 13:30:12 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012/11/02 10:34:10 | 000,356,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/11/01 21:52:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/11/01 14:26:31 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk [2012/10/31 21:41:24 | 000,427,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/10/31 21:41:22 | 000,069,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/10/31 21:37:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/10/31 20:32:55 | 004,991,994 | R--- | M] (Swearware) -- C:\Documents and Settings\\Desktop\ComboFi.exe [2012/10/31 12:13:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe [2012/10/31 10:09:04 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\\Desktop\Shortcut to mbam.lnk [2012/10/30 21:16:09 | 000,000,678 | ---- | M] () -- C:\WINDOWS\DeleteOnReboot.bat [2012/10/30 21:13:30 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\\Desktop\Shortcut to AdwCleaner.lnk [2012/10/28 16:18:53 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Addon Wireless Utility.lnk [2012/10/26 17:54:00 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/10/26 17:53:58 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll [2012/10/26 17:53:58 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012/10/26 17:53:58 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/10/26 17:53:58 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/10/26 17:53:58 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/10/26 17:53:58 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012/10/20 17:27:27 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2012/10/18 18:15:14 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys [2012/10/18 17:01:15 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Anvi Smart Defender.lnk [2012/10/17 20:03:32 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2012/10/17 19:36:18 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/05 15:44:24 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/11/05 15:44:13 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012/10/31 20:35:56 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/10/31 10:09:04 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\\Desktop\Shortcut to mbam.lnk [2012/10/31 09:51:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/10/31 09:51:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/10/31 09:51:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/10/31 09:51:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/10/31 09:51:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/10/30 21:13:30 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\\Desktop\Shortcut to AdwCleaner.lnk [2012/10/30 21:11:19 | 000,000,678 | ---- | C] () -- C:\WINDOWS\DeleteOnReboot.bat [2012/10/28 16:18:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll [2012/10/28 16:18:56 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI [2012/10/28 16:18:56 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini [2012/10/28 16:18:53 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Addon Wireless Utility.lnk [2012/10/20 17:27:27 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk [2012/10/20 17:27:27 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2012/10/18 18:16:14 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk [2012/10/18 17:01:15 | 000,014,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\asdws.sys [2012/10/18 17:01:15 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Anvi Smart Defender.lnk [2012/09/12 09:58:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/02/26 11:28:58 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2012/02/15 08:38:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/01/30 17:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI [2006/09/12 17:39:15 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\\Application Data\wklnhst.dat [2006/08/19 15:54:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\\Application Data\dm.ini [2006/08/13 13:08:20 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/06/18 16:42:53 | 000,299,078 | ---- | C] () -- C:\Program Files\10131610.cab [2006/06/18 16:23:42 | 006,571,008 | ---- | C] () -- C:\Program Files\Nile_Theme_EN.msi [2006/06/18 16:22:33 | 001,638,400 | ---- | C] () -- C:\Program Files\Nature Theme 1 - Animal_EN.msi [2006/06/18 16:19:32 | 003,830,526 | ---- | C] () -- C:\Program Files\WM Components 2.0.2.dmg [2006/06/18 15:56:03 | 000,863,616 | ---- | C] () -- C:\Program Files\Epic Pinball.zip [2006/06/17 16:21:23 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/06/15 16:12:17 | 001,062,523 | ---- | C] () -- C:\Program Files\Peps Football Pinball Game.zip [2006/05/27 10:53:46 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat [2006/05/19 18:59:33 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\fusioncache.dat ========== ZeroAccess Check ========== [2012/10/17 19:40:46 | 000,002,048 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\@ [2010/12/09 15:15:09 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\n [2010/12/09 15:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\L [2012/10/30 19:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U [2012/10/24 16:41:23 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\00000001.@ [2012/10/30 19:17:40 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\80000000.@ [2012/10/21 09:35:06 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\800000cb.@ [2005/11/25 09:10:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc < End of report > Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.