site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security Cleanup > [Malware] Infection ; MBAM killed, AVG won't work

Search Topic:
 Uniqs:
1405		 Share Topic
Posting?
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
AuthorAll Replies


mosskk_2

@eircom.net
1 edit

[Malware] Infection ; MBAM killed, AVG won't work

Hi, I followed all your pre-clean instructions. However, whatever infection is on my PC kills MBAM, even if I rename MBAM.exe to something else. So here are all the logs with the exception of MBAM :

OTL.TXT
=======
OTL logfile created on: 13/10/2011 22:44:34 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Maurice\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 74.80% Memory free
4.34 Gb Paging File | 3.79 Gb Available in Paging File | 87.22% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.43 Gb Total Space | 16.01 Gb Free Space | 22.41% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 96.92 Gb Free Space | 41.62% Space Free | Partition Type: NTFS

Computer Name: D5L0WW1J | User Name: Maurice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found -- C:\WINDOWS\2204794081:511939964.exe
PRC - [2011/10/13 22:09:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maurice\Desktop\OTL.exe
PRC - [2011/10/09 00:56:29 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/31 16:48:36 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/26 15:54:22 | 001,629,480 | ---- | M] (Nero AG) -- E:\Program Files\LG Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/11/26 15:54:12 | 001,554,728 | ---- | M] (Nero AG) -- E:\Program Files\LG Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/11/26 15:54:02 | 001,057,064 | ---- | M] (Nero AG) -- E:\Program Files\LG Nero\Nero 7\InCD\InCD.exe
PRC - [2007/10/05 14:30:34 | 000,595,184 | ---- | M] ( ) -- C:\WINDOWS\system32\dldocoms.exe
PRC - [2007/10/05 14:30:18 | 000,455,920 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\dldomon.exe
PRC - [2007/04/02 05:24:10 | 000,113,400 | ---- | M] () -- C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe
PRC - [2006/01/05 08:58:38 | 000,489,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\CameraAssistant.exe
PRC - [2005/12/09 16:32:18 | 000,225,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/03/23 00:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/11/01 18:22:22 | 000,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe
PRC - [2004/09/05 18:20:18 | 000,380,928 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/10/09 00:56:29 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/06/03 20:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 20:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/06/20 17:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2007/10/05 14:30:18 | 000,455,920 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\dldomon.exe
MOD - [2007/09/17 15:24:37 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\DLDOPMON.DLL
MOD - [2007/09/17 15:23:13 | 000,032,768 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\ipcmt.dll
MOD - [2007/09/06 21:38:30 | 000,278,528 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\dldoscw.dll
MOD - [2007/08/01 09:15:51 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\dldocfg.dll
MOD - [2007/07/18 11:42:20 | 000,113,664 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dldodrpp.dll
MOD - [2007/06/11 14:01:29 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\dldooem.dll
MOD - [2007/05/03 16:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\dldodatr.dll
MOD - [2007/04/02 05:24:10 | 000,113,400 | ---- | M] () -- C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe
MOD - [2006/12/28 16:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\dldocats.dll
MOD - [2004/09/05 18:20:38 | 000,008,192 | ---- | M] () -- C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\fm30xmf.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (Winferno Subscription Service)
SRV - File not found [Auto | Stopped] -- -- (vToolbarUpdater)
SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Auto | Stopped] -- -- (nsverctl)
SRV - File not found [Auto | Stopped] -- -- (NMSAccessU)
SRV - File not found [Auto | Stopped] -- -- (MDM)
SRV - File not found [Auto | Stopped] -- -- (LVPrcSrv)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Auto | Stopped] -- -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Google Update Service (gupdatem)
SRV - File not found [Auto | Stopped] -- -- (gupdate1c98977f2a8c992) Google Update Service (gupdate1c98977f2a8c992)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- -- (CCALib8)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [Auto | Stopped] -- -- (avgfws)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/03/21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/04/14 01:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 01:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/11/26 15:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Running] -- E:\Program Files\LG Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/10/05 14:30:46 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV - [2007/10/05 14:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldocoms.exe -- (dldo_device)
SRV - [2007/09/20 21:50:53 | 001,247,600 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/09/17 10:36:18 | 000,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- E:\Program Files\LG Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/12/11 22:16:32 | 000,064,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/12/11 22:16:28 | 000,301,816 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/10/13 22:39:53 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/10/10 22:34:26 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/12/02 15:13:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/12/02 15:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/12/02 15:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/12/02 15:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/09/30 00:30:13 | 000,052,824 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stdriver32.sys -- (stdriver)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/08/05 10:25:02 | 000,015,896 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\inidvd.sys -- (INIDVD)
DRV - [2009/08/03 14:06:52 | 000,129,176 | ---- | M] (Alesis) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AlesisFirewire.sys -- (AlesisFirewire)
DRV - [2009/08/03 14:06:52 | 000,030,872 | ---- | M] (Alesis) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AlesisFirewireMidi.sys -- (AlesisFirewireMidi)
DRV - [2009/08/03 14:06:52 | 000,028,184 | ---- | M] (Alesis) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AlesisFirewireAudio.sys -- (AlesisFirewireAudio)
DRV - [2009/04/23 12:16:34 | 000,073,368 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\net6im51.sys -- (Net6IM)
DRV - [2009/02/17 12:17:15 | 000,060,672 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rdwm1093.sys -- (RDID1093)
DRV - [2008/11/07 22:55:48 | 000,059,553 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdwm1029.sys -- (RDID1029)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/01/18 10:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/11/26 15:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 15:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 15:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/07/13 23:43:59 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/11/23 19:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/07 09:42:30 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200obex.sys -- (w200obex)
DRV - [2006/11/07 09:42:28 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mgmt.sys -- (w200mgmt) Sony Ericsson W200 USB WMC Device Management Drivers (WDM)
DRV - [2006/11/07 09:42:24 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mdm.sys -- (w200mdm)
DRV - [2006/11/07 09:42:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mdfl.sys -- (w200mdfl)
DRV - [2006/11/07 09:42:16 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200bus.sys -- (w200bus) Sony Ericsson W200 driver (WDM)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (winusb)
DRV - [2006/09/05 20:09:26 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex)
DRV - [2006/09/05 20:08:40 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mgmt.sys -- (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/05 20:07:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdm.sys -- (se59mdm)
DRV - [2006/09/05 20:07:48 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdfl.sys -- (se59mdfl)
DRV - [2006/09/05 20:07:00 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)
DRV - [2006/09/05 20:06:28 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59nd5.sys -- (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS)
DRV - [2006/09/05 20:06:22 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59unic.sys -- (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM)
DRV - [2006/07/31 13:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2006/03/13 16:50:02 | 000,096,352 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300mdm.sys -- (w300mdm)
DRV - [2006/03/13 16:50:00 | 000,009,264 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300mdfl.sys -- (w300mdfl)
DRV - [2006/03/13 16:49:54 | 000,060,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300bus.sys -- (w300bus) Sony Ericsson W300 Driver driver (WDM)
DRV - [2005/12/09 16:37:42 | 002,400,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/12/09 16:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/12/09 16:35:54 | 002,174,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 22:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/05/27 17:46:20 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 17:37:58 | 000,007,136 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 17:31:26 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/04 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/10/14 03:27:54 | 000,054,272 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AvidXPSerial.sys -- (Serial)
DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/03/05 17:09:02 | 000,003,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM)
DRV - [2004/03/05 17:09:00 | 000,003,744 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO)
DRV - [2003/12/15 18:14:28 | 000,082,952 | ---- | M] (SAMSUNG Electro-Mechanics Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swld23u.sys -- (SWLD23U)
DRV - [2003/12/15 18:14:28 | 000,053,690 | ---- | M] (Samsung Electro-Mechanics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swlubtl.sys -- (swlubtl)
DRV - [2003/10/14 12:31:00 | 000,140,416 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (bkn50USB)
DRV - [2003/05/15 08:32:16 | 000,013,056 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PRT1XW2K.SYS -- (prt1xw2k)
DRV - [2001/02/01 17:10:12 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = »www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = »www.google.com/search?q={searchT···&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.ie/ig?hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = »www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@myvr-software.com/myvrview,version=1.0: C:\Program Files\myVR-Viewer\npmyvrx86.dll (myVR Software AS)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6i: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web-accelerator@google.com: C:\Program Files\Google\Web Accelerator\firefox [2008/02/03 17:56:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/10/09 00:55:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/06/21 22:27:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/09/14 21:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/06/21 22:27:48 | 000,000,000 | ---D | M]

[2010/08/24 22:52:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maurice\Application Data\Mozilla\Extensions
[2009/03/21 00:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maurice\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/10/09 00:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maurice\Application Data\Mozilla\Firefox\Profiles\ujwqj4tv.default\extensions
[2010/08/24 22:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maurice\Application Data\Mozilla\Firefox\Profiles\ujwqj4tv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/09 00:56:44 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Documents and Settings\Maurice\Application Data\Mozilla\Firefox\Profiles\ujwqj4tv.default\extensions\avg@toolbar
[2010/08/24 22:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maurice\Application Data\Mozilla\Firefox\Profiles\ujwqj4tv.default\extensions\staged-xpis
[2008/06/28 23:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/21 00:01:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/06/17 22:09:20 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/06/17 22:09:20 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/06/17 22:09:20 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/06/17 22:09:20 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/14 23:25:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (&Google Web Accelerator Helper) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dell 968 AIO Printer Fax Server] C:\Program Files\Dell 968 AIO Printer\fm3032.exe ()
O4 - HKLM..\Run: [dldomon.exe] C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [InCD] E:\Program Files\LG Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NBKeyScan] E:\Program Files\LG Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecurDisc] E:\Program Files\LG Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [pdfSaver3] C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Loc8 - C:\Program Files\Loc8Code\Loc8Script.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O15 - HKCU\..Trusted Domains: esb.ie ([myoffice] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} »office.microsoft.com/sites/produ···dc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} »www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} »download.macromedia.com/pub/shoc···r/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} »download.microsoft.com/download/···trol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} »fpdownload.macromedia.com/get/sh···r/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} »static.s2g.gate5.de/ovi_maps/Ovi···37.6.cab (Ovi maps browser plugin)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} »download.bitdefender.com/resourc···can8.cab (Reg Error: Key error.)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} »webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} »update.microsoft.com/microsoftup···66237281 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} »www5.carzone.ie/my/aurigma/Image···der4.cab (Image Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} »fpdownload.macromedia.com/get/fl···shim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} »www.sibelius.com/download/softwa···ugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} »java.sun.com/products/plugin/aut···i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} »java.sun.com/update/1.5.0/jinsta···i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} »fpdownload2.macromedia.com/get/s···lash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} »mymeetingatesb.webex.com/client/···tgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05D28CA0-8EE8-49E4-81A1-8EFBBF31EC6B}: NameServer = 83.147.160.2,83.147.160.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36840B03-3125-453C-A4C8-F3DF87BE19CF}: NameServer = 83.147.160.2,83.147.160.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59B5634D-8F20-4BE2-8382-860E4E905CEF}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D886984-0F6F-4318-A7A4-5D1B7DDFEA80}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E23C0CE2-B83E-4452-8796-7CB2B7A7C0F1}: NameServer = 83.147.160.2,83.147.160.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6763D23-7145-46EC-AA59-EF5E9CFD74A0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6763D23-7145-46EC-AA59-EF5E9CFD74A0}: NameServer = 213.94.190.194,213.94.190.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF6F503E-77A1-44B5-A184-B06CAC0595F2}: NameServer = 83.147.160.2,83.147.160.3
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

File not found -- C:\WINDOWS\System32\
[2011/10/13 22:39:53 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/13 22:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/13 22:33:51 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/13 22:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/13 22:09:02 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maurice\Desktop\OTL.exe
[2011/10/13 22:07:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maurice\Desktop\TFC.exe
[2011/10/13 21:56:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/13 21:56:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/13 21:56:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/13 21:56:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/13 21:55:53 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2011/10/13 21:55:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/10 22:42:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/10/09 22:32:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Maurice\Start Menu\Programs\Administrative Tools
[2011/10/09 22:31:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Maurice\Desktop\dds.scr
[2011/10/09 22:13:47 | 004,247,113 | R--- | C] (Swearware) -- C:\Documents and Settings\Maurice\Desktop\Combo-Fix.exe
[2011/10/09 20:53:39 | 000,000,000 | ---D | C] -- E:\Maurice\How to Get Rid of Malware
[2011/10/09 20:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maurice\Application Data\AVG
[2011/10/09 00:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maurice\Application Data\AVG Secure Search
[2011/10/09 00:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/10/09 00:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/10/08 22:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/10/08 21:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maurice\Start Menu\Programs\Free Registry Cleaner
[2011/10/08 21:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2011/10/05 21:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maurice\Application Data\TuneUpMedia
[2011/10/05 20:40:47 | 000,000,000 | ---D | C] -- E:\Maurice\Recipes
[2011/10/02 16:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/10/02 16:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2011/10/02 16:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011/09/24 21:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maurice\Local Settings\Application Data\CutePDF Writer
[2008/03/04 23:14:24 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dldohcp.dll
[2008/03/04 23:14:23 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoinpa.dll
[2008/03/04 23:14:23 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoiesc.dll
[2008/03/04 23:14:22 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoserv.dll
[2008/03/04 23:14:22 | 000,954,368 | ---- | C] ( ) -- C:\WINDOWS\System32\dldousb1.dll
[2008/03/04 23:14:21 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dldopmui.dll
[2008/03/04 23:14:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoprox.dll
[2008/03/04 23:14:20 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldolmpm.dll
[2008/03/04 23:14:19 | 000,320,752 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoih.exe
[2008/03/04 23:14:18 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldohbn3.dll
[2008/03/04 23:14:16 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocomc.dll
[2008/03/04 23:14:16 | 000,595,184 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocoms.exe
[2008/03/04 23:14:16 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocomm.dll
[2008/03/04 23:14:15 | 000,365,808 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocfg.exe
[2007/10/15 02:35:00 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\OMNIUNS.EXE
[44 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

File not found -- C:\WINDOWS\System32\
[2011/10/13 22:39:53 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/13 22:35:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/10/13 22:33:55 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Maurice\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/13 22:33:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 22:29:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/13 22:29:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/13 22:29:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\WSSHelper.job
[2011/10/13 22:28:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/13 22:28:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2204794081
[2011/10/13 22:09:30 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Maurice\Desktop\SecurityCheck.exe
[2011/10/13 22:09:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maurice\Desktop\OTL.exe
[2011/10/13 22:07:37 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maurice\Desktop\TFC.exe
[2011/10/13 21:51:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1648752600-1690101073-3019421483-1008UA.job
[2011/10/13 21:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/13 21:45:47 | 000,048,016 | -HS- | M] () -- C:\WINDOWS\System32\c_55342.nl_
[2011/10/13 21:43:17 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\Maurice\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2011/10/13 21:12:19 | 134,792,427 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/13 21:12:19 | 000,662,551 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/10/13 21:08:55 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0BF0561F-EA4A-4406-AF0B-7DEF00CB8035}.job
[2011/10/10 22:34:26 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2011/10/10 21:17:36 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Maurice\Desktop\Winlogon.exe
[2011/10/10 21:17:36 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Maurice\Desktop\Copy of cnl5bbup.exe
[2011/10/09 22:48:39 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Maurice\Desktop\4em8vwxo.exe
[2011/10/09 22:31:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Maurice\Desktop\dds.scr
[2011/10/09 22:29:56 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Maurice\Desktop\Defogger.exe
[2011/10/09 22:13:48 | 004,247,113 | R--- | M] (Swearware) -- C:\Documents and Settings\Maurice\Desktop\Combo-Fix.exe
[2011/10/09 21:11:55 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\Maurice\Desktop\ATF-Cleaner.lnk
[2011/10/09 00:55:49 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/10/09 00:33:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/10/08 22:54:52 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Maurice\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/10/08 22:54:52 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Maurice\Desktop\AVG PC Tuneup 2011.lnk
[2011/10/08 21:28:19 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Maurice\Desktop\Eusing Free Registry Cleaner.lnk
[2011/10/06 21:50:34 | 000,034,373 | ---- | M] () -- C:\Documents and Settings\All Users\dldo
[2011/10/02 16:13:10 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/10/02 15:31:53 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/28 18:25:42 | 000,277,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/09/24 21:50:20 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/24 20:59:44 | 000,000,126 | ---- | M] () -- C:\WINDOWS\JascCmdFile.INI
[2011/09/24 20:43:04 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Maurice\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/19 23:10:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/16 10:38:02 | 047,369,160 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011/09/14 21:57:46 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[44 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

.... continued in post part 2
to forum · permalink · 2011-10-14 16:09:23 ·


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

Re: [Malware] Infection ; MBAM killed, AVG won't work - part 1

Hi mosskk_2, to help keep everything in one thread for easier analysis..please use the "reply" button under your post instead of the "new topic" button. Thanks

I'll be bringing your other posts forward here in a moment.
to forum · permalink · 2011-10-14 16:29:25 ·


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

reply to mosskk_2
continued from post part 1...

O1 HOSTS File: ([2010/10/14 23:25:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (&Google Web Accelerator Helper) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dell 968 AIO Printer Fax Server] C:\Program Files\Dell 968 AIO Printer\fm3032.exe ()
O4 - HKLM..\Run: [dldomon.exe] C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [InCD] E:\Program Files\LG Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NBKeyScan] E:\Program Files\LG Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecurDisc] E:\Program Files\LG Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [pdfSaver3] C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Loc8 - C:\Program Files\Loc8Code\Loc8Script.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O15 - HKCU\..Trusted Domains: esb.ie ([myoffice] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} »office.microsoft.com/sites/produ···dc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} »www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} »download.macromedia.com/pub/shoc···r/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} »download.microsoft.com/download/···trol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} »fpdownload.macromedia.com/get/sh···r/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} »static.s2g.gate5.de/ovi_maps/Ovi···37.6.cab (Ovi maps browser plugin)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} »download.bitdefender.com/resourc···can8.cab (Reg Error: Key error.)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} »webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} »update.microsoft.com/microsoftup···66237281 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} »www5.carzone.ie/my/aurigma/Image···der4.cab (Image Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} »fpdownload.macromedia.com/get/fl···shim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} »www.sibelius.com/download/softwa···ugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} »java.sun.com/products/plugin/aut···i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} »java.sun.com/update/1.5.0/jinsta···i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} »fpdownload2.macromedia.com/get/s···lash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} »mymeetingatesb.webex.com/client/···tgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05D28CA0-8EE8-49E4-81A1-8EFBBF31EC6B}: NameServer = 83.147.160.2,83.147.160.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36840B03-3125-453C-A4C8-F3DF87BE19CF}: NameServer = 83.147.160.2,83.147.160.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59B5634D-8F20-4BE2-8382-860E4E905CEF}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D886984-0F6F-4318-A7A4-5D1B7DDFEA80}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E23C0CE2-B83E-4452-8796-7CB2B7A7C0F1}: NameServer = 83.147.160.2,83.147.160.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6763D23-7145-46EC-AA59-EF5E9CFD74A0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6763D23-7145-46EC-AA59-EF5E9CFD74A0}: NameServer = 213.94.190.194,213.94.190.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF6F503E-77A1-44B5-A184-B06CAC0595F2}: NameServer = 83.147.160.2,83.147.160.3
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

File not found -- C:\WINDOWS\System32\
[2011/10/13 22:39:53 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/13 22:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/13 22:33:51 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/13 22:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/13 22:09:02 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maurice\Desktop\OTL.exe
[2011/10/13 22:07:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maurice\Desktop\TFC.exe
[2011/10/13 21:56:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/13 21:56:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/13 21:56:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/13 21:56:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/13 21:55:53 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2011/10/13 21:55:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/10 22:42:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/10/09 22:32:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Maurice\Start Menu\Programs\Administrative Tools
[2011/10/09 22:31:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Maurice\Desktop\dds.scr
[2011/10/09 22:13:47 | 004,247,113 | R--- | C] (Swearware) -- C:\Documents and Settings\Maurice\Desktop\Combo-Fix.exe
[2011/10/09 20:53:39 | 000,000,000 | ---D | C] -- E:\Maurice\How to Get Rid of Malware
[2011/10/09 20:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maurice\Application Data\AVG
[2011/10/09 00:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maurice\Application Data\AVG Secure Search
[2011/10/09 00:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/10/09 00:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/10/08 22:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/10/08 21:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maurice\Start Menu\Programs\Free Registry Cleaner
[2011/10/08 21:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2011/10/05 21:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maurice\Application Data\TuneUpMedia
[2011/10/05 20:40:47 | 000,000,000 | ---D | C] -- E:\Maurice\Recipes
[2011/10/02 16:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/10/02 16:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2011/10/02 16:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011/09/24 21:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maurice\Local Settings\Application Data\CutePDF Writer
[2008/03/04 23:14:24 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dldohcp.dll
[2008/03/04 23:14:23 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoinpa.dll
[2008/03/04 23:14:23 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoiesc.dll
[2008/03/04 23:14:22 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoserv.dll
[2008/03/04 23:14:22 | 000,954,368 | ---- | C] ( ) -- C:\WINDOWS\System32\dldousb1.dll
[2008/03/04 23:14:21 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dldopmui.dll
[2008/03/04 23:14:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoprox.dll
[2008/03/04 23:14:20 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldolmpm.dll
[2008/03/04 23:14:19 | 000,320,752 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoih.exe
[2008/03/04 23:14:18 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldohbn3.dll
[2008/03/04 23:14:16 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocomc.dll
[2008/03/04 23:14:16 | 000,595,184 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocoms.exe
[2008/03/04 23:14:16 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocomm.dll
[2008/03/04 23:14:15 | 000,365,808 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocfg.exe
[2007/10/15 02:35:00 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\OMNIUNS.EXE
[44 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

File not found -- C:\WINDOWS\System32\
[2011/10/13 22:39:53 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/13 22:35:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/10/13 22:33:55 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Maurice\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/13 22:33:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 22:29:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/13 22:29:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/13 22:29:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\WSSHelper.job
[2011/10/13 22:28:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/13 22:28:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2204794081
[2011/10/13 22:09:30 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Maurice\Desktop\SecurityCheck.exe
[2011/10/13 22:09:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maurice\Desktop\OTL.exe
[2011/10/13 22:07:37 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maurice\Desktop\TFC.exe
[2011/10/13 21:51:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1648752600-1690101073-3019421483-1008UA.job
[2011/10/13 21:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/13 21:45:47 | 000,048,016 | -HS- | M] () -- C:\WINDOWS\System32\c_55342.nl_
[2011/10/13 21:43:17 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\Maurice\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2011/10/13 21:12:19 | 134,792,427 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/13 21:12:19 | 000,662,551 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/10/13 21:08:55 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0BF0561F-EA4A-4406-AF0B-7DEF00CB8035}.job
[2011/10/10 22:34:26 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2011/10/10 21:17:36 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Maurice\Desktop\Winlogon.exe
[2011/10/10 21:17:36 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Maurice\Desktop\Copy of cnl5bbup.exe
[2011/10/09 22:48:39 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Maurice\Desktop\4em8vwxo.exe
[2011/10/09 22:31:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Maurice\Desktop\dds.scr
[2011/10/09 22:29:56 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Maurice\Desktop\Defogger.exe
[2011/10/09 22:13:48 | 004,247,113 | R--- | M] (Swearware) -- C:\Documents and Settings\Maurice\Desktop\Combo-Fix.exe
[2011/10/09 21:11:55 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\Maurice\Desktop\ATF-Cleaner.lnk
[2011/10/09 00:55:49 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/10/09 00:33:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/10/08 22:54:52 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Maurice\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/10/08 22:54:52 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Maurice\Desktop\AVG PC Tuneup 2011.lnk
[2011/10/08 21:28:19 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Maurice\Desktop\Eusing Free Registry Cleaner.lnk
[2011/10/06 21:50:34 | 000,034,373 | ---- | M] () -- C:\Documents and Settings\All Users\dldo
[2011/10/02 16:13:10 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/10/02 15:31:53 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/28 18:25:42 | 000,277,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/09/24 21:50:20 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/24 20:59:44 | 000,000,126 | ---- | M] () -- C:\WINDOWS\JascCmdFile.INI
[2011/09/24 20:43:04 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Maurice\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/19 23:10:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/16 10:38:02 | 047,369,160 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011/09/14 21:57:46 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[44 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

.... continued in post part 3
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2011-10-14 16:30:07 ·


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

reply to mosskk_2
.... continued from post part 2

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/10/13 22:33:55 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Maurice\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/13 22:33:55 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 22:09:24 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Maurice\Desktop\SecurityCheck.exe
[2011/10/13 21:56:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/13 21:56:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/13 21:56:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/13 21:56:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/13 21:56:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/10 21:17:54 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Maurice\Desktop\Copy of cnl5bbup.exe
[2011/10/10 21:17:36 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Maurice\Desktop\Winlogon.exe
[2011/10/09 22:48:39 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Maurice\Desktop\4em8vwxo.exe
[2011/10/09 22:29:56 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Maurice\Desktop\Defogger.exe
[2011/10/09 21:11:31 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\Maurice\Desktop\ATF-Cleaner.lnk
[2011/10/08 22:54:52 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Maurice\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/10/08 22:54:52 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Maurice\Desktop\AVG PC Tuneup 2011.lnk
[2011/10/08 21:28:19 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Maurice\Desktop\Eusing Free Registry Cleaner.lnk
[2011/10/05 22:04:21 | 000,048,016 | -HS- | C] () -- C:\WINDOWS\System32\c_55342.nl_
[2011/10/02 16:13:10 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/10/02 15:31:53 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/02 15:30:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2204794081
[2011/07/19 19:55:04 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/06/29 22:47:42 | 000,038,455 | ---- | C] () -- C:\Documents and Settings\Maurice\Application Data\Microsoft Excel 97-2003.ADR
[2011/03/11 00:49:44 | 000,038,459 | ---- | C] () -- C:\Documents and Settings\Maurice\Application Data\Tab Separated Values (Windows).ADR
[2010/11/14 15:07:06 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\RdCi1093.dll
[2010/11/14 15:07:06 | 000,004,088 | ---- | C] () -- C:\WINDOWS\System32\Rd3t1093.DAT
[2010/11/03 23:39:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/15 00:49:43 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/26 00:08:46 | 000,203,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/23 23:59:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Maurice\Application Data\DMX.bmk
[2010/05/07 10:44:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/17 21:56:49 | 000,000,297 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2009/11/20 23:05:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/23 23:20:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009/10/07 22:21:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2009/06/09 21:32:43 | 000,074,116 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/08/10 15:00:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/08/06 22:05:13 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/06 22:05:12 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/27 22:31:07 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/07/27 22:26:21 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2008/06/28 23:21:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/28 10:33:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/29 22:53:55 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/03/08 12:01:11 | 000,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/03/08 12:01:11 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\41093D9B77.sys
[2008/03/04 23:29:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldovs.dll
[2008/03/04 23:29:31 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldocoin.dll
[2008/03/04 23:28:39 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dldodrs.dll
[2008/03/04 23:28:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dldocaps.dll
[2008/03/04 23:28:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldocnv4.dll
[2008/03/04 23:24:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDOPMON.DLL
[2008/03/04 23:24:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDOFXPU.DLL
[2008/03/04 23:24:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dldooem.dll
[2008/03/04 23:24:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DLDOPMRC.DLL
[2008/03/04 23:14:25 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldoinst.dll
[2008/03/04 23:14:22 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\dldoutil.dll
[2008/03/04 23:14:20 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldoinsb.dll
[2008/03/04 23:14:20 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldojswr.dll
[2008/03/04 23:14:19 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldoins.dll
[2008/03/04 23:14:19 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldoinsr.dll
[2008/03/04 23:14:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldogrd.dll
[2008/03/04 23:14:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldocub.dll
[2008/03/04 23:14:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldocu.dll
[2008/03/04 23:14:17 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldocur.dll
[2008/03/04 23:14:14 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\dldocfg.dll
[2008/02/03 18:37:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Maurice\Application Data\.googlewebacchosts
[2008/01/09 16:01:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2008/01/09 16:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/11/10 20:54:01 | 011,056,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ISx3E.avi
[2007/10/28 21:25:11 | 000,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/31 19:20:29 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/29 13:31:02 | 000,000,221 | ---- | C] () -- C:\WINDOWS\SOFTEK.INI
[2007/07/16 22:01:31 | 000,038,455 | ---- | C] () -- C:\Documents and Settings\Maurice\Application Data\Microsoft Excel.ADR
[2007/07/12 11:34:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/01/27 18:07:21 | 012,161,536 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ISx21.avi
[2007/01/13 23:28:38 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2007/01/13 23:23:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Title.INI
[2006/12/26 11:33:26 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/12/26 11:26:48 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2006/11/09 23:28:23 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2006/11/09 23:28:22 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
[2006/11/09 23:28:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/11/06 21:03:30 | 000,015,636 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/11/01 21:57:19 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/10/29 17:42:02 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mmrpplic.dat
[2006/08/08 22:15:27 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Maurice\Application Data\WavCodec.wff
[2006/06/16 22:01:07 | 000,000,126 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI
[2006/05/13 22:59:47 | 000,013,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\PRT1XW2K.SYS
[2006/03/30 23:08:31 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Maurice\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/12 15:57:00 | 000,004,088 | ---- | C] () -- C:\WINDOWS\System32\rd1t1029.dat
[2006/02/07 20:17:45 | 000,000,282 | ---- | C] () -- C:\WINDOWS\System32\SunData.ini
[2006/02/07 20:16:36 | 000,000,041 | ---- | C] () -- C:\WINDOWS\TTL3.ini
[2005/12/09 21:51:14 | 047,369,160 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2005/12/09 16:37:42 | 002,400,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/12/09 16:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/12/09 16:35:54 | 002,174,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/10/25 22:07:36 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Maurice\Local Settings\Application Data\fusioncache.dat
[2005/10/25 17:53:19 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/21 10:33:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/21 10:26:06 | 000,000,360 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/21 10:01:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/10/21 10:01:00 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/10/21 10:00:44 | 000,000,402 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/06/11 11:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,345,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,467,150 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,080,174 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2008/03/04 23:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\968 Series
[2011/10/09 01:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/21 22:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/19 12:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/07/11 00:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/09/08 23:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD
[2010/02/12 13:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2010/02/05 10:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/10/21 22:43:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/08/10 22:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/05/01 19:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/10/15 01:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/03/02 20:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/10/08 22:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/03/14 23:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
[2008/05/30 11:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/10/11 22:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/04/10 21:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/03/01 18:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2010/03/02 19:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2011/06/21 23:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaAccount
[2011/06/21 22:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009/10/06 22:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2007/01/13 22:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2008/08/10 22:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/01/10 22:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/12/26 14:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011/10/09 20:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/07/05 19:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2008/08/05 21:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2011/10/02 16:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2010/09/09 00:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/28 14:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/03/07 09:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\968 Series
[2009/10/30 23:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\AlesisFirewire
[2011/10/09 20:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\AVG
[2011/10/09 00:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\AVG Secure Search
[2010/10/21 22:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\AVG10
[2010/07/17 00:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Azureus
[2006/07/19 22:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Blender Foundation
[2010/09/14 21:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\BSD
[2010/02/12 14:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Cakewalk
[2006/10/28 21:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\GetRightToGo
[2009/06/09 16:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\ICAClient
[2006/01/24 22:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Jasc
[2005/10/25 22:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Leadertech
[2010/01/08 23:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\LG Electronics
[2011/10/04 23:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\NCH Swift Sound
[2010/02/02 21:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Nokia
[2009/07/12 19:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\OpenOffice.org
[2011/06/21 23:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\PC Suite
[2010/07/29 23:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\PgcEdit
[2006/08/08 22:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\RecordPad
[2008/12/26 14:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Steinberg
[2008/08/30 22:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Teleca
[2005/11/15 22:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Template
[2007/02/04 22:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Topaz Moment
[2011/10/05 21:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\TuneUpMedia
[2011/10/11 09:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\webex
[2010/04/09 21:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Windows Desktop Search
[2010/04/11 19:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Windows Search
[2011/08/29 18:00:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2011/10/09 00:33:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2010/09/30 00:30:23 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\soundtapSevenDays.job
[2010/09/30 00:30:22 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\soundtapShakeIcon.job
[2010/10/29 22:46:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2011/10/13 21:08:55 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0BF0561F-EA4A-4406-AF0B-7DEF00CB8035}.job
[2011/10/13 22:29:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\WSSHelper.job

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2008/09/29 22:28:27 | 000,000,058 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\²˯
[2008/09/29 22:28:27 | 000,000,058 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\²˯

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\2204794081:511939964.exe
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/10/13 22:33:55 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Maurice\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/13 22:33:55 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 22:09:24 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Maurice\Desktop\SecurityCheck.exe
[2011/10/13 21:56:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/13 21:56:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/13 21:56:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/13 21:56:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/13 21:56:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/10 21:17:54 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Maurice\Desktop\Copy of cnl5bbup.exe
[2011/10/10 21:17:36 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Maurice\Desktop\Winlogon.exe
[2011/10/09 22:48:39 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Maurice\Desktop\4em8vwxo.exe
[2011/10/09 22:29:56 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Maurice\Desktop\Defogger.exe
[2011/10/09 21:11:31 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\Maurice\Desktop\ATF-Cleaner.lnk
[2011/10/08 22:54:52 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Maurice\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/10/08 22:54:52 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Maurice\Desktop\AVG PC Tuneup 2011.lnk
[2011/10/08 21:28:19 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Maurice\Desktop\Eusing Free Registry Cleaner.lnk
[2011/10/05 22:04:21 | 000,048,016 | -HS- | C] () -- C:\WINDOWS\System32\c_55342.nl_
[2011/10/02 16:13:10 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/10/02 15:31:53 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/02 15:30:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2204794081
[2011/07/19 19:55:04 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/06/29 22:47:42 | 000,038,455 | ---- | C] () -- C:\Documents and Settings\Maurice\Application Data\Microsoft Excel 97-2003.ADR
[2011/03/11 00:49:44 | 000,038,459 | ---- | C] () -- C:\Documents and Settings\Maurice\Application Data\Tab Separated Values (Windows).ADR
[2010/11/14 15:07:06 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\RdCi1093.dll
[2010/11/14 15:07:06 | 000,004,088 | ---- | C] () -- C:\WINDOWS\System32\Rd3t1093.DAT
[2010/11/03 23:39:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/15 00:49:43 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/26 00:08:46 | 000,203,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/23 23:59:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Maurice\Application Data\DMX.bmk
[2010/05/07 10:44:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/17 21:56:49 | 000,000,297 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2009/11/20 23:05:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/23 23:20:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009/10/07 22:21:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2009/06/09 21:32:43 | 000,074,116 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/08/10 15:00:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/08/06 22:05:13 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/06 22:05:12 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/27 22:31:07 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/07/27 22:26:21 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2008/06/28 23:21:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/28 10:33:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/29 22:53:55 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/03/08 12:01:11 | 000,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/03/08 12:01:11 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\41093D9B77.sys
[2008/03/04 23:29:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldovs.dll
[2008/03/04 23:29:31 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldocoin.dll
[2008/03/04 23:28:39 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dldodrs.dll
[2008/03/04 23:28:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dldocaps.dll
[2008/03/04 23:28:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldocnv4.dll
[2008/03/04 23:24:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDOPMON.DLL
[2008/03/04 23:24:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDOFXPU.DLL
[2008/03/04 23:24:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dldooem.dll
[2008/03/04 23:24:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DLDOPMRC.DLL
[2008/03/04 23:14:25 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldoinst.dll
[2008/03/04 23:14:22 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\dldoutil.dll
[2008/03/04 23:14:20 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldoinsb.dll
[2008/03/04 23:14:20 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldojswr.dll
[2008/03/04 23:14:19 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldoins.dll
[2008/03/04 23:14:19 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldoinsr.dll
[2008/03/04 23:14:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldogrd.dll
[2008/03/04 23:14:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldocub.dll
[2008/03/04 23:14:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldocu.dll
[2008/03/04 23:14:17 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldocur.dll
[2008/03/04 23:14:14 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\dldocfg.dll
[2008/02/03 18:37:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Maurice\Application Data\.googlewebacchosts
[2008/01/09 16:01:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2008/01/09 16:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/11/10 20:54:01 | 011,056,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ISx3E.avi
[2007/10/28 21:25:11 | 000,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/31 19:20:29 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/29 13:31:02 | 000,000,221 | ---- | C] () -- C:\WINDOWS\SOFTEK.INI
[2007/07/16 22:01:31 | 000,038,455 | ---- | C] () -- C:\Documents and Settings\Maurice\Application Data\Microsoft Excel.ADR
[2007/07/12 11:34:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/01/27 18:07:21 | 012,161,536 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ISx21.avi
[2007/01/13 23:28:38 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2007/01/13 23:23:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Title.INI
[2006/12/26 11:33:26 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/12/26 11:26:48 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2006/11/09 23:28:23 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2006/11/09 23:28:22 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
[2006/11/09 23:28:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/11/06 21:03:30 | 000,015,636 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/11/01 21:57:19 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/10/29 17:42:02 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mmrpplic.dat
[2006/08/08 22:15:27 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Maurice\Application Data\WavCodec.wff
[2006/06/16 22:01:07 | 000,000,126 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI
[2006/05/13 22:59:47 | 000,013,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\PRT1XW2K.SYS
[2006/03/30 23:08:31 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Maurice\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/12 15:57:00 | 000,004,088 | ---- | C] () -- C:\WINDOWS\System32\rd1t1029.dat
[2006/02/07 20:17:45 | 000,000,282 | ---- | C] () -- C:\WINDOWS\System32\SunData.ini
[2006/02/07 20:16:36 | 000,000,041 | ---- | C] () -- C:\WINDOWS\TTL3.ini
[2005/12/09 21:51:14 | 047,369,160 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2005/12/09 16:37:42 | 002,400,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/12/09 16:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/12/09 16:35:54 | 002,174,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/10/25 22:07:36 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Maurice\Local Settings\Application Data\fusioncache.dat
[2005/10/25 17:53:19 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/21 10:33:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/21 10:26:06 | 000,000,360 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/21 10:01:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/10/21 10:01:00 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/10/21 10:00:44 | 000,000,402 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/06/11 11:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,345,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,467,150 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,080,174 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2008/03/04 23:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\968 Series
[2011/10/09 01:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/21 22:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/19 12:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/07/11 00:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/09/08 23:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD
[2010/02/12 13:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2010/02/05 10:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/10/21 22:43:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/08/10 22:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/05/01 19:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/10/15 01:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/03/02 20:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/10/08 22:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/03/14 23:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
[2008/05/30 11:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/10/11 22:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/04/10 21:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/03/01 18:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2010/03/02 19:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2011/06/21 23:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaAccount
[2011/06/21 22:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009/10/06 22:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2007/01/13 22:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2008/08/10 22:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/01/10 22:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/12/26 14:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011/10/09 20:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/07/05 19:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2008/08/05 21:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2011/10/02 16:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2010/09/09 00:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/28 14:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/03/07 09:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\968 Series
[2009/10/30 23:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\AlesisFirewire
[2011/10/09 20:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\AVG
[2011/10/09 00:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\AVG Secure Search
[2010/10/21 22:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\AVG10
[2010/07/17 00:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Azureus
[2006/07/19 22:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Blender Foundation
[2010/09/14 21:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\BSD
[2010/02/12 14:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Cakewalk
[2006/10/28 21:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\GetRightToGo
[2009/06/09 16:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\ICAClient
[2006/01/24 22:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Jasc
[2005/10/25 22:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Leadertech
[2010/01/08 23:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\LG Electronics
[2011/10/04 23:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\NCH Swift Sound
[2010/02/02 21:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Nokia
[2009/07/12 19:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\OpenOffice.org
[2011/06/21 23:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\PC Suite
[2010/07/29 23:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\PgcEdit
[2006/08/08 22:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\RecordPad
[2008/12/26 14:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Steinberg
[2008/08/30 22:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Teleca
[2005/11/15 22:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Template
[2007/02/04 22:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Topaz Moment
[2011/10/05 21:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\TuneUpMedia
[2011/10/11 09:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\webex
[2010/04/09 21:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Windows Desktop Search
[2010/04/11 19:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maurice\Application Data\Windows Search
[2011/08/29 18:00:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2011/10/09 00:33:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2010/09/30 00:30:23 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\soundtapSevenDays.job
[2010/09/30 00:30:22 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\soundtapShakeIcon.job
[2010/10/29 22:46:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2011/10/13 21:08:55 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0BF0561F-EA4A-4406-AF0B-7DEF00CB8035}.job
[2011/10/13 22:29:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\WSSHelper.job

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2008/09/29 22:28:27 | 000,000,058 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\²˯
[2008/09/29 22:28:27 | 000,000,058 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\²˯

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\2204794081:511939964.exe
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4

.... continued in post part 4
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2011-10-14 16:30:38 ·


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

reply to mosskk_2
... continued from post part 3

EXTRAS.TXT
==========
OTL Extras logfile created on: 13/10/2011 22:44:34 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Maurice\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 74.80% Memory free
4.34 Gb Paging File | 3.79 Gb Available in Paging File | 87.22% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.43 Gb Total Space | 16.01 Gb Free Space | 22.41% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 96.92 Gb Free Space | 41.62% Space Free | Partition Type: NTFS

Computer Name: D5L0WW1J | User Name: Maurice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:192.168.2.1/255.255.255.255,192.168.2.3/255.255.255.255:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:192.168.2.1/255.255.255.255,192.168.2.3/255.255.255.255:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dldocoms.exe" = C:\WINDOWS\system32\dldocoms.exe:*:Enabled:Dell Communications System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldopswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldopswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldotime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldotime.exe:*:Enabled:Time Executable -- ()
"C:\Program Files\Dell 968 AIO Printer\dldomon.exe" = C:\Program Files\Dell 968 AIO Printer\dldomon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldojswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldojswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Dell 968 AIO Printer\dldoaiox.exe" = C:\Program Files\Dell 968 AIO Printer\dldoaiox.exe:*:Enabled:AIOC exe -- ()
"C:\Program Files\Citrix\Secure Access Client\nsload.exe" = C:\Program Files\Citrix\Secure Access Client\nsload.exe:*:Enabled:Citrix AGEE Client -- (Citrix Systems, Inc)
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\Peter\Local Settings\temp\mig21.tmp\migwiz.exe" = C:\Documents and Settings\Peter\Local Settings\temp\mig21.tmp\migwiz.exe:*:Enabled:Windows Easy Transfer
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe" = C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe:*:Disabled:Application Checker -- (Bootstrap Software Development)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Temp\YouTubeDownloader\YouTubeDownloaderSetup33.exe" = C:\Temp\YouTubeDownloader\YouTubeDownloaderSetup33.exe:*:Enabled:YouTubeDownloaderSetup33 -- ()
"C:\Program Files\YouTube Downloader\YouTubeDownloader.exe" = C:\Program Files\YouTube Downloader\YouTubeDownloader.exe:*:Enabled:YouTube Downloader -- (BienneSoft)
"C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" = C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe:*:Enabled:InstallShield Update Service Agent -- (InstallShield Software Corporation)
"C:\WINDOWS\system32\msfeedssync.exe" = C:\WINDOWS\system32\msfeedssync.exe:*:Enabled:Microsoft Feeds Synchronization -- (Microsoft Corporation)
"C:\Documents and Settings\Maurice\Local Settings\temp\7zS16.tmp\avgmfapx.exe" = C:\Documents and Settings\Maurice\Local Settings\temp\7zS16.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application
"C:\Documents and Settings\Maurice\Local Settings\temp\7zS9.tmp\avgmfapx.exe" = C:\Documents and Settings\Maurice\Local Settings\temp\7zS9.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application
"C:\Documents and Settings\Maurice\Local Settings\temp\7zSA.tmp\avgmfapx.exe" = C:\Documents and Settings\Maurice\Local Settings\temp\7zSA.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application
"C:\Program Files\Dell 968 AIO Printer\Wireless\dldowpss.exe" = C:\Program Files\Dell 968 AIO Printer\Wireless\dldowpss.exe:*:Disabled: -- ()
"C:\Program Files\Dell 968 AIO Printer\dldoafcn.exe" = C:\Program Files\Dell 968 AIO Printer\dldoafcn.exe:*:Disabled: -- ()
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus / Vuze
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Disabled:Raptr Client
"C:\Program Files\Raptr\f2p_ping.exe" = C:\Program Files\Raptr\f2p_ping.exe:*:Disabled:Raptr Client
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Disabled:Raptr IM
"C:\Program Files\Vuze\uninstall.exe" = C:\Program Files\Vuze\uninstall.exe:*:Disabled:Vuze
"C:\Documents and Settings\Maurice\Local Settings\temp\7zS27.tmp\avgmfapx.exe" = C:\Documents and Settings\Maurice\Local Settings\temp\7zS27.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Documents and Settings\Maurice\Local Settings\temp\7zSB.tmp\avgmfapx.exe" = C:\Documents and Settings\Maurice\Local Settings\temp\7zSB.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application
"C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfapx.exe" = C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfapx.exe:*:Enabled:AVG Installer Application -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Maurice\Local Settings\temp\7zS30.tmp\avgmfapx.exe" = C:\Documents and Settings\Maurice\Local Settings\temp\7zS30.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe" = C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe:*:Enabled:AVG Security Toolbar -- ()
"C:\Documents and Settings\Maurice\Local Settings\temp\ToolbarInstaller.exe" = C:\Documents and Settings\Maurice\Local Settings\temp\ToolbarInstaller.exe:*:Enabled:ToolbarInstaller
"C:\Program Files\AVG\AVG10\AVGTBInstall.exe" = C:\Program Files\AVG\AVG10\AVGTBInstall.exe:*:Enabled:IntToolbarInstaller Application -- ()
"C:\Documents and Settings\Maurice\Local Settings\temp\7zS57.tmp\avgmfapx.exe" = C:\Documents and Settings\Maurice\Local Settings\temp\7zS57.tmp\avgmfapx.exe:*:Disabled:AVG Installer Application

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DF34F71-6182-474F-B6FE-0B2AF069E6FD}" = VBA (2627.01)
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{15D8D315-BB4C-4867-BCD7-2B829EF0F38B}" = ParetoLogic Data Recovery
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25CFEF55-A945-41FC-86ED-76469F31DF37}" = Nokia Connectivity Cable Driver
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{27579b3c-5470-4496-be6c-0c872674f19f}" =
"{28706B95-C23E-4949-A01A-64626724F43F}" = PipPlus
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D3F0F8-E45C-4F45-A6F5-8CBFECBA2A3D}" =
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3DE96337-68D2-48E0-A863-6E4A5CD3BC25}" = PC Connectivity Solution
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FA5E4CC-58ED-4ED0-AC9E-ED0759E9166E}" = RedistSysFiles
"{403EF592-953B-4794-BCEF-ECAB835C2095}" =
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{43F8F1E5-C740-4293-A309-EA9DD6474DB1}" = MotionDV STUDIO 5.3E LE for DV
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B3A3BD-F90D-48FE-A147-D74878A51033}" = Nero 7 Essentials
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4B606393-09AD-4C3D-B13F-65F469BC7AAD}" = Spark-Space
"{4CA10D13-F83A-487E-9B30-CC979FEF7A70}" = OviMPlatform
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{51DD0602-CD28-4AA9-84BB-B8F8FC2F4DA5}" = Mindjet MindManager Pro 6
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6339663B-F26F-4FE3-B813-0E1DEC4ED976}" = Nokia Ovi Suite
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64642058-BC94-4AA0-AC50-3B444EA5E295}" =
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A1975EB-27E6-491D-94BC-6355FA25F40F}" = Google Web Accelerator
"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{727DAFCB-E3AF-46E3-8A38-EB9C3EAA0A88}" = AVG 2011
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7969DF41-6ED7-414F-9114-A26A59E36ABC}" =
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7C119D03-58C1-46B1-B536-C1B5D4E52AA9}" = Citrix Access Gateway Plug-in
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BD3BFEE-79BF-40A1-A69D-97A53F216412}_0" = Bentley MicroStation (V 08.05.02.35) - 1
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A97D672-6C93-4DFA-B527-DE005A761495}" = Video Stream Driver for Panasonic DVC
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E0EC833-C05C-4385-9AE2-AA26A89B098B}" = AVG 2011
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Roxio Media Experience
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{BAD26CB5-035A-495E-83B8-92215B6DA3DE}" = Avid Free DV
"{BB96907A-1578-4C02-A9B9-39FC149B429D}" = Micr8
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE90CE58-41DE-4708-9291-A9D1D49B1033}" = SecurDisc Viewer
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{BEF7FC5C-0182-4DDE-BDDD-F7D132AB833D}" = Ovi Desktop Sync Engine
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C191BE7C-8542-4A61-973A-714EF76C5995}" = Logitech QuickCam Software
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}" = Nokia Software Updater
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D211AC35-87D2-4761-9C93-47296CDC8DDB}" = Alesis Multimix Firewire
"{D392E98A-6DC2-4548-85AC-F48819892B6B}" = Topaz Moment
"{D7FB76C8-3A76-49A1-B1A4-C686E4B067B9}" = Netopia Wireless LAN
"{DDC63227-BA06-4855-B002-BDB49E9F677E}" = Symantec Technical Support Web Controls
"{DE1694CD-1594-4234-A318-BEE4D2E4F48A}" = Audio Key Utility
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"255050B21C1729F426F1F41748DD51AEB4902245" = Windows Driver Package - Alesis (AlesisFirewire) MEDIA (06/29/2007 3.0.0.56)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.57
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alesis Firewire_is1" = Alesis Firewire 3.4.2.6300
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.4
"AudioPlugin.dll" =
"AVG" = AVG 2011
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS Video ReMaker_is1" = AVS Video ReMaker 3.1.1.83
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Cakewalk Studio Instruments_is1" = Studio Instruments 1.0
"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CDisplay_is1" = CDisplay 1.8
"CheckIt Diagnostics" = CheckIt Diagnostics
"CopyNow.dll" =
"CSCLIB" = Canon Camera Support Core Library
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DataPlugin.dll" =
"Dell 968 AIO Printer" = Dell 968 AIO Printer
"DellSupport" = Dell Support 5.0.0 (630)
"dlatray.exe" =
"DreamStation DXi2" = DreamStation DXi2
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"GeoGebra" = GeoGebra
"Google Updater" = Google Updater
"Guitar Guru_is1" = Guitar Guru Version 2.2.5.0
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{9A97D672-6C93-4DFA-B527-DE005A761495}" = Video Stream Driver for Panasonic DVC
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"InstallShield_{D9A0D2AC-24F9-4D99-9B68-BD0A4F95A4C4}" = Jahshaka
"InstallShield_{DE1694CD-1594-4234-A318-BEE4D2E4F48A}" = Audio Key Utility
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Jasc Paint Shop Pro 9 GDI+ Patch" = Jasc Paint Shop Pro 9 GDI+ Patch
"Jasc Paint Shop Pro 9.00 Update Patch" = Jasc Paint Shop Pro 9 20040928_12 Plugin Update Patch
"Jasc Paint Shop Pro 9.01 Patch" = Jasc Paint Shop Pro 9.01 Patch
"LG USB Booster_is1" = Booster 1.05A02
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Interactive Training" =
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Player_is1" = Musicnotes Player V1.23.1
"myVR" = myVR-Viewer 2.0-build3614
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"OpenLibraries" = OpenLibraries
"PC Pitstop Erase_is1" = PC Pitstop Erase 1.1
"PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
"PCHealth" =
"PDF-XChange 3_is1" = PDF-XChange 3.0
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Connections Drivers
"QcDrv" = Logitech® Camera Driver
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RecordPad" = RecordPad Sound Recorder Uninstall
"Redline Racer" = C:\Program Files\Criterion Studios\Redline Racer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"rgc:audio sfz+ DXi_is1" = rgc:audio sfz+ DXi v1.01
"rgc:audio sfz+ VSTi_is1" = rgc:audio sfz+ VSTi v1.01
"RolandRDID0093" = UM-1G Driver
"Shockwave" = Shockwave
"SONAR LE" = SONAR LE
"SONAR85LE_is1" = SONAR LE
"SoundTap" = SoundTap Streaming Audio Recorder
"Spam Arrest Configurator" = Spam Arrest Configurator
"Super DVD Creator_is1" = Super DVD Creator 9.8 Full Version
"Switch" = Switch Sound File Converter
"Syncrosoft License Control" = Syncrosoft License Control
"TuneUpMedia" = TuneUp Companion 2.0.10
"UnityWebPlayer" = Unity Web Player
"VISPROR" = Microsoft Office Visio Professional 2007
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WET7Cable" = Windows Easy Transfer for Windows 7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV to AVI MPEG DVD WMV Converter_is1" = WMV to AVI MPEG DVD WMV Converter 1.7.6
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 08/10/2011 15:35:39 | Computer Name = D5L0WW1J | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 8.0.6001.19120, fault address 0x001db015.

Error - 08/10/2011 16:52:55 | Computer Name = D5L0WW1J | Source = Windows Search Service | ID = 3038
Description = The gatherer is unable to read the registry DocIdMapFile. Context:
Application, SystemIndex Catalog Details: The system cannot find the file specified.
(0x80070002)

Error - 08/10/2011 16:52:56 | Computer Name = D5L0WW1J | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The registry value cannot be read because the configuration
is invalid. Recreate the content index configuration by removing the content index.
(0x80040d03)

Error - 08/10/2011 16:52:56 | Computer Name = D5L0WW1J | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
registry value cannot be read because the configuration is invalid. Recreate the
content index configuration by removing the content index. (0x80040d03)

Error - 08/10/2011 17:02:35 | Computer Name = D5L0WW1J | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- The
installer has encountered an unexpected error installing this package. This may
indicate a problem with this package. The error code is 2755. The arguments are:
1601, C:\Documents and Settings\All Users\Application Data\MFAData\pack\COREx86.msi,

Error - 08/10/2011 17:23:08 | Computer Name = D5L0WW1J | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- The
installer has encountered an unexpected error installing this package. This may
indicate a problem with this package. The error code is 2755. The arguments are:
1601, C:\Documents and Settings\All Users\Application Data\MFAData\pack\COREx86.msi,

Error - 08/10/2011 20:09:07 | Computer Name = D5L0WW1J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 09/10/2011 04:19:34 | Computer Name = D5L0WW1J | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 8.0.6001.19120, fault address 0x000e187d.

Error - 09/10/2011 14:07:03 | Computer Name = D5L0WW1J | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 8.0.6001.19120, fault address 0x001db015.

Error - 10/10/2011 18:19:14 | Computer Name = D5L0WW1J | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x4ec674b2.

[ OSession Events ]
Error - 09/04/2010 16:35:50 | Computer Name = D5L0WW1J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 126
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/04/2010 16:47:28 | Computer Name = D5L0WW1J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 414
seconds with 300 seconds of active time. This session ended with a crash.

Error - 16/04/2010 18:57:51 | Computer Name = D5L0WW1J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1329
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 22/04/2010 17:02:45 | Computer Name = D5L0WW1J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 206
seconds with 120 seconds of active time. This session ended with a crash.

Error - 09/05/2011 18:04:11 | Computer Name = D5L0WW1J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3304
seconds with 1680 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 13/10/2011 17:28:44 | Computer Name = D5L0WW1J | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/10/2011 17:28:45 | Computer Name = D5L0WW1J | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/10/2011 17:28:45 | Computer Name = D5L0WW1J | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/10/2011 17:28:57 | Computer Name = D5L0WW1J | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/10/2011 17:30:19 | Computer Name = D5L0WW1J | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/10/2011 17:30:19 | Computer Name = D5L0WW1J | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/10/2011 17:30:21 | Computer Name = D5L0WW1J | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/10/2011 17:31:01 | Computer Name = D5L0WW1J | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/10/2011 17:31:39 | Computer Name = D5L0WW1J | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/10/2011 17:48:31 | Computer Name = D5L0WW1J | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

CHECKUP.TXT
==========
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Disabled!
AVG 2011
AVG PC Tuneup 2011
AVG 2011
ESET Online Scanner v3
Norton 360
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Malwarebytes' Anti-Malware
TuneUp Companion 2.0.10
AVG PC Tuneup 2011
Eusing Free Registry Cleaner
Java(TM) 6 Update 19
Java(TM) 6 Update 13
Java 2 Runtime Environment, SE v1.4.2_03
[color=red]Out of date Java installed![/color]
Adobe Flash Player ( 10.1.53.64) [color=red]Flash Player Out of Date![/color]
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgnsx.exe
``````````End of Log````````````

ESET LOG.TXT
=============
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
DLL:pipe not connected. attempts=1
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=eae110c8f7518044bed1d9ea17709bee
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-13 11:17:04
# local_time=2011-10-14 12:17:04 (+0000, GMT Daylight Time)
# country="Ireland"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777189 100 95 0 61711098 0 0
# compatibility_mode=8192 67108863 100 0 31383984 31383984 0 0
# scanned=138221
# found=11
# cleaned=8
# scan_time=4469
C:\Documents and Settings\Peter\Application Data\OpenCandy\OpenCandy_D0C9CB0D21E04DEF906D9272E93A552D\DLMgr_3_1.6.87.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Peter\Local Settings\Application Data\OpenCandy\OpenCandy_{E54E359F-FAD6-4269-B90F-96D25F6E018D}.dll Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\AVG\AVG10\avgam.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG10\avgnsx.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG10\avgwdsvc.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000004.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001001.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001002.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001076.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001077.dll Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\10.10.2011_22.41.46\susp0000\svc0000\tsk0000.dta Win32/Sirefef.CT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2011-10-14 16:31:08 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23

reply to mosskk_2

Re: [Malware] Infection ; MBAM killed, AVG won't work

Your computer has been too severely compromised to even begin cleaning.

Back up any needed data files, then reformat and start over.
to forum · permalink · 2011-10-14 18:19:57 ·


mosskk_2

@eircom.net

reply to mosskk_2
Thanks for your advice. Any suggestions as to how to prevent this happening in future ? I have AVG Internet Security 2012.

to forum · permalink · 2011-10-15 07:17:25 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23

reply to mosskk_2
Keep your OS current, your AV current and do a full system scan regularly. Consider an additional malware removal program such as MBAM.

Avoid torrent programs unless required by employment. The risk is not worth any potential benefit.

to forum · permalink · 2011-10-15 11:13:38 ·
Forums > Broadband Tech > Security > Security Cleanup

Friday, 01-Jun 22:32:28 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics