Broadband Tech > Security > Security Cleanup > Microsoft security essentials problem

Opening up for easier analysis

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.03.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
George :: G [administrator]

Protection: Enabled

4/3/2013 3:56:16 PM
mbam-log-2013-04-03 (15-56-16).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271757
Time elapsed: 1 hour(s), 44 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL logfile created on: 4/4/2013 5:40:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\George\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.55% Memory free
3.85 Gb Paging File | 3.08 Gb Available in Paging File | 80.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.52 Gb Total Space | 53.46 Gb Free Space | 72.71% Space Free | Partition Type: NTFS

Computer Name: G | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/04/04 17:35:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George\My Documents\Downloads\OTL.exe
PRC - [2013/03/30 14:44:14 | 001,219,248 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/03/30 14:44:14 | 000,990,896 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
PRC - [2013/03/13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/03/12 00:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\George\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/02/26 23:41:54 | 000,763,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/02/19 04:02:02 | 001,418,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/02/19 04:01:34 | 001,116,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/02/19 04:01:04 | 000,799,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/12 18:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/08/19 02:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/03/30 14:44:14 | 001,219,248 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/03/30 14:44:14 | 000,990,896 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/30 14:44:14 | 000,990,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe -- (vToolbarUpdater15.0.0)
SRV - [2013/03/29 16:28:26 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/29 16:03:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 001,418,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/12 18:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/19 02:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\George\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/03/30 14:44:15 | 000,033,624 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/26 23:40:46 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/02/14 03:52:46 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2011/10/16 10:00:47 | 000,042,752 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2011/10/12 14:45:05 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2011/10/12 14:40:18 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2011/08/19 02:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/08/19 02:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/04/01 07:35:26 | 000,051,200 | ---- | M] (Gigaware) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Svk2pl.sys -- (Svk2pl)
DRV - [2009/06/10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2005/12/01 22:49:00 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/28 02:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/20 03:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 15:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 14:06:14 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/22 14:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 02:06:00 | 001,035,008 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/01 18:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/01 17:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »search.live.com/results.aspx?q={···source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.wrh.noaa.gov/lox/main.php?suite=public
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.wrh.noaa.gov/lox/main.php?suite=public"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/29 16:03:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/11 06:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George\Application Data\Mozilla\Extensions
[2012/10/25 20:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\5fdbouni.default\extensions
[2013/03/29 16:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/29 16:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013/03/29 16:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/29 16:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2011/10/27 07:23:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/03/29 16:03:09 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/29 16:02:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/29 16:02:41 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/29 13:14:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - Startup: C:\Documents and Settings\George\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\George\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} »www.update.microsoft.com/microso···71539328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.5.0/jinsta···i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} »java.sun.com/update/1.5.0/jinsta···i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.5.0/jinsta···i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CE8DF0D-34BD-4EC1-8C88-D82F12116999}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\George\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\George\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/11 00:06:22 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/04/04 17:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Local Settings\Application Data\AVG Secure Search
[2013/04/01 16:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Desktop\Mandatory Steps Before Requesting Assistance Security Cleanup FAQ _ DSLReports.com, ISP Information_files
[2013/04/01 16:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/01 16:40:42 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/01 16:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/03/30 19:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/03/30 14:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Application Data\AVG2013
[2013/03/30 14:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Local Settings\Application Data\AVG SafeGuard toolbar
[2013/03/30 14:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/03/30 14:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Application Data\TuneUp Software
[2013/03/30 14:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Application Data\AVG SafeGuard toolbar
[2013/03/30 14:44:46 | 000,033,624 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/03/30 14:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/03/30 14:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013/03/30 14:42:10 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/03/30 14:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/03/30 14:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/03/30 14:36:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/03/30 14:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Local Settings\Application Data\MFAData
[2013/03/30 14:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/03/30 14:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Local Settings\Application Data\Avg2013
[2013/03/30 13:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Application Data\Windows Search
[2013/03/30 13:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2013/03/30 13:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/03/30 13:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2013/03/30 13:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2013/03/30 13:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2013/03/30 13:03:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2013/03/30 13:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2013/03/30 13:03:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2013/03/30 13:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Application Data\Windows Desktop Search
[2013/03/30 13:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2013/03/30 13:02:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/03/30 13:01:41 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2013/03/30 13:01:41 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2013/03/30 13:01:41 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2013/03/30 12:20:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/03/30 11:50:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013/03/30 11:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Start Menu\Programs\Sophos
[2013/03/30 11:47:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/03/29 16:55:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\George\PrivacIE
[2013/03/29 16:53:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\George\IETldCache
[2013/03/29 16:42:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/03/29 16:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/03/29 16:39:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/03/29 16:35:04 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/03/29 16:33:19 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/03/29 16:33:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/03/29 16:33:17 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/03/29 16:33:16 | 002,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/03/29 16:33:13 | 011,111,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/03/29 16:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/29 13:47:14 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2013/03/29 13:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2013/03/29 13:06:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/03/29 12:20:18 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/29 12:20:18 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/03/29 11:36:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/03/29 11:36:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/03/29 11:36:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/03/29 11:36:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/03/29 11:35:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/29 11:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/03/28 11:11:32 | 000,000,000 | ---D | C] -- C:\18fc8b7197ba6dc4e8
[2013/03/28 11:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications
[2013/03/28 11:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/03/28 11:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2013/03/28 11:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HTC
[2013/03/28 11:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Local Settings\Application Data\HTC

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/04/04 17:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/04 17:35:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/04 17:34:48 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/04 17:33:34 | 000,574,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/04 17:33:34 | 000,139,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/04 17:24:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/04 17:24:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/04 16:48:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/02 03:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/04/01 19:42:46 | 000,000,952 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2013/04/01 16:54:24 | 000,038,255 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Mandatory Steps Before Requesting Assistance Security Cleanup FAQ _ DSLReports.com, ISP Information.htm
[2013/04/01 16:40:57 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/01 16:40:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MalwareBytes.lnk
[2013/03/31 15:13:23 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Calculator.lnk
[2013/03/31 09:13:58 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/03/30 16:10:24 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Sophos Virus Removal Tool.lnk
[2013/03/30 14:45:09 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/03/30 14:44:15 | 000,033,624 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/03/30 13:36:39 | 000,012,824 | ---- | M] () -- C:\FixitRegBackup.reg
[2013/03/30 13:34:57 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/30 13:02:57 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/03/29 16:53:59 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/29 16:28:25 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/29 16:28:25 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/29 13:59:27 | 000,001,029 | ---- | M] () -- C:\Documents and Settings\George\Start Menu\Programs\Startup\Dropbox.lnk
[2013/03/29 13:58:29 | 000,001,015 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Dropbox.lnk
[2013/03/29 13:47:14 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2013/03/29 13:19:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/03/29 13:14:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/03/29 12:39:52 | 000,001,816 | -HS- | M] () -- C:\hpqp.ini
[2013/03/29 12:39:49 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2013/03/27 21:44:58 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/04/01 16:54:22 | 000,038,255 | ---- | C] () -- C:\Documents and Settings\George\Desktop\Mandatory Steps Before Requesting Assistance Security Cleanup FAQ _ DSLReports.com, ISP Information.htm
[2013/04/01 16:40:57 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/01 16:40:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MalwareBytes.lnk
[2013/03/31 15:13:23 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\George\Desktop\Calculator.lnk
[2013/03/30 14:45:09 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/03/30 14:33:22 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/03/30 13:36:38 | 000,012,824 | ---- | C] () -- C:\FixitRegBackup.reg
[2013/03/30 13:02:57 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2013/03/30 13:02:57 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/03/30 13:00:35 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013/03/30 11:50:52 | 000,002,563 | ---- | C] () -- C:\Documents and Settings\George\Desktop\Sophos Virus Removal Tool.lnk
[2013/03/29 13:07:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/03/29 13:06:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/03/29 11:36:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/03/29 11:36:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/03/29 11:36:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/03/29 11:36:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/03/29 11:36:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/26 10:33:32 | 000,117,655 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2012/08/26 10:33:07 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2012/03/07 21:03:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/24 18:08:42 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/10/23 17:06:15 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\George\Local Settings\Application Data\WebpageIcons.db
[2011/10/16 12:20:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/10/15 15:16:26 | 000,008,181 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2011/10/15 15:16:26 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2011/10/12 14:45:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/10/11 19:12:19 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\George\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/11 05:01:55 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\George\Local Settings\Application Data\fusioncache.dat
[2011/10/11 00:09:47 | 000,000,167 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/10/11 00:08:51 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/10 23:59:16 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/10/10 23:52:14 | 000,087,275 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2011/10/10 23:40:23 | 000,112,794 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/10/10 23:24:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/10 23:19:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/10 15:24:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/10 15:20:20 | 000,229,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/19 02:26:20 | 010,898,456 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/08/19 02:26:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/08/19 02:26:20 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/07/25 23:48:54 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2011/10/10 23:44:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/02/06 03:48:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2013/01/16 18:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/29 17:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/03/30 19:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/03/30 14:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/03/30 14:36:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/03/28 11:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2013/04/04 17:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/16 12:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/10/11 00:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/10/12 13:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2013/03/30 11:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013/03/28 11:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2013/03/30 14:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\AVG SafeGuard toolbar
[2013/03/30 14:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\AVG2013
[2013/04/04 17:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Dropbox
[2012/08/28 15:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Image Zone Express
[2011/10/15 17:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Leadertech
[2013/03/28 11:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Teleca
[2013/03/30 14:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\TuneUp Software
[2011/10/12 14:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Uniblue
[2013/03/30 13:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Windows Desktop Search
[2013/03/30 13:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Windows Search

[color=#E56717]========== Purity Check ==========[/color]

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

OTL Extras logfile created on: 4/4/2013 5:40:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\George\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.55% Memory free
3.85 Gb Paging File | 3.08 Gb Available in Paging File | 80.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.52 Gb Total Space | 53.46 Gb Free Space | 72.71% Space Free | Partition Type: NTFS

Computer Name: G | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\George\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\George\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
"{34D54E98-A8FA-4970-A625-2EC73F91FAB3}" = AVG 2013
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0
"{48A5AB54-6327-43DC-A376-4AC74C5D40B0}" = AVG 2013
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D17A2FDC-5C16-439C-A0E1-FF350079447E}" = HP User Guides 0026
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2013
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Revo Uninstaller" = Revo Uninstaller 1.94
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 4/2/2013 8:55:08 PM | Computer Name = G | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 4/2/2013 8:55:08 PM | Computer Name = G | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/2/2013 9:43:17 PM | Computer Name = G | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 4/2/2013 9:43:17 PM | Computer Name = G | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/3/2013 5:29:29 PM | Computer Name = G | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 4/3/2013 5:29:29 PM | Computer Name = G | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/4/2013 7:55:45 PM | Computer Name = G | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 4/4/2013 7:55:45 PM | Computer Name = G | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/4/2013 8:33:26 PM | Computer Name = G | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 4/4/2013 8:33:26 PM | Computer Name = G | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

[ System Events ]
Error - 4/4/2013 7:51:01 PM | Computer Name = G | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 4/4/2013 7:51:01 PM | Computer Name = G | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 4/4/2013 7:51:58 PM | Computer Name = G | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 4/4/2013 8:25:45 PM | Computer Name = G | Source = Service Control Manager | ID = 7000
Description = The OrangeWare USB Enhanced Host Controller Service service failed
to start due to the following error: %%1058

Error - 4/4/2013 8:25:45 PM | Computer Name = G | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2

Error - 4/4/2013 8:25:45 PM | Computer Name = G | Source = Service Control Manager | ID = 7000
Description = The Internet Pass-Through Service service failed to start due to the
following error: %%2

Error - 4/4/2013 8:27:50 PM | Computer Name = G | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 4/4/2013 8:27:50 PM | Computer Name = G | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 4/4/2013 8:28:41 PM | Computer Name = G | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 4/4/2013 8:28:41 PM | Computer Name = G | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

Hi turbovmax

Problems sometimes can be caused by other's use of utilities when they aren't sure how to use them, and there's no good way to determine what they (your "local PC guy") did. For instance I see that someone ran ComboFix without uninstalling it afterwards.

Please post the log from ComboFix that should still be located at C:\ComboFix.txt.

Please post the log from Sophos Virus Removal Tool which it appears you ran (it's in your installed program list).

Did you run AdwCleaner? Please post the log from it at C:\AdwCleaner[S1].txt.

Do you know what program created this file:
C:\FixitRegBackup.reg

If you don't know, please right-click on the file, select Edit, and when it opens in Notepad copy and paste the contents in your next reply.

I see that you have your Windows Firewall turned off, and I don't see another listed.
In part of your logs I do see these listed, but no longer in your uninstall list. I would not recommend the first two listed:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

I see you have Revo Uninstaller. I would run it and see if it can find any part of those programs to uninstall (leave Sophos Virus Removal Tool installed for now) since you no longer have them currently installed (they weren't in your installed program list).

You need to uninstall this old vulnerable version of Java from Windows Control Panel:
J2SE Runtime Environment 5.0 Update 6

Can you turn on your Windows Firewall? If you can, you need to do that now. If you can't, please let me know.

What is in this folder, or is it empty?
C:\18fc8b7197ba6dc4e8

Please post the logs from ComboFix, Sophos Virus Removal Tool, AdwCleaner, ESET's online scanner, let me know what program created the file FixitRegBackup.reg or post the contents of the file, and let me know what is in the folder - C:\18fc8b7197ba6dc4e8.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

# AdwCleaner v2.200 - Logfile created 04/04/2013 at 17:21:21
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : George - G
# Boot Mode : Normal
# Running from : C:\Documents and Settings\George\My Documents\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\5fdbouni.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [998 octets] - [29/03/2013 12:13:45]
AdwCleaner[S1].txt - [1061 octets] - [29/03/2013 12:24:20]
AdwCleaner[S2].txt - [3771 octets] - [04/04/2013 17:21:21]

########## EOF - C:\AdwCleaner[S2].txt - [3831 octets] ##########
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

ComboFix 13-03-30.01 - George 03/30/2013 11:38:15.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1568 [GMT -7:00]
Running from: G:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-30 )))))))))))))))))))))))))))))))
.
.
2013-03-30 18:33 . 2013-03-30 18:33 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{512AA945-963E-446D-BA77-E26853D42EF7}\MpKsl5617e768.sys
2013-03-29 23:55 . 2013-03-29 23:55 -------- d-sh--w- c:\documents and settings\George\PrivacIE
2013-03-29 23:53 . 2013-03-29 23:53 -------- d-sh--w- c:\documents and settings\George\IETldCache
2013-03-29 23:39 . 2013-03-29 23:40 -------- dc-h--w- c:\windows\ie8
2013-03-29 23:35 . 2013-02-05 20:05 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-03-29 23:33 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-03-29 23:33 . 2013-02-05 20:05 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-03-29 23:33 . 2013-02-05 20:05 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-03-29 23:33 . 2013-02-05 20:05 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-03-29 23:33 . 2013-02-05 20:05 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-03-29 23:33 . 2013-02-05 20:05 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-03-29 23:33 . 2013-02-05 20:05 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-03-29 23:33 . 2013-02-05 20:05 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-03-29 20:47 . 2013-03-29 20:47 14664 ----a-w- c:\windows\stinger.sys
2013-03-29 20:46 . 2013-03-29 20:53 -------- d-----w- c:\program files\stinger
2013-03-29 19:20 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-29 19:20 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-29 19:19 . 2013-03-19 12:50 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{512AA945-963E-446D-BA77-E26853D42EF7}\mpengine.dll
2013-03-28 18:11 . 2013-03-28 18:11 -------- d-----w- C:\18fc8b7197ba6dc4e8
2013-03-28 18:08 . 2013-03-28 18:08 -------- d-----w- c:\program files\Spirent Communications
2013-03-28 18:03 . 2013-03-28 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca
2013-03-28 18:03 . 2013-03-28 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC
2013-03-28 18:03 . 2013-03-28 18:03 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\HTC
2013-03-04 13:52 . 2013-03-04 13:52 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\Sun
2013-03-01 01:59 . 2013-03-07 16:01 -------- d-----w- C:\Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-30 02:18 . 2011-12-25 01:08 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2013-03-29 23:28 . 2012-04-18 20:47 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-29 23:28 . 2011-10-12 02:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32 . 2011-10-11 17:56 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 20:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-06 10:48 . 2004-08-04 20:00 667136 ----a-w- c:\windows\system32\wininet(2).dll
2013-02-06 10:48 . 2004-08-04 20:00 633344 ----a-w- c:\windows\system32\urlmon(2).dll
2013-02-06 10:48 . 2004-08-04 20:00 37888 ----a-w- c:\windows\system32\url(2).dll
2013-02-06 10:48 . 2004-08-04 20:00 1510400 ----a-w- c:\windows\system32\shdocvw(2).dll
2013-02-05 20:05 . 2004-08-04 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-08-04 20:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2004-08-04 20:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-04 20:00 385024 ------w- c:\windows\system32\html.iec
2013-01-30 10:53 . 2011-10-12 01:41 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55 . 2004-08-04 20:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-16 00:56 . 2012-08-19 21:39 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-16 00:56 . 2011-11-09 04:04 473520 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-15 23:14 . 2012-08-19 21:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-08 04:57 . 2013-02-18 22:28 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-07 01:16 . 2004-08-04 20:00 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2004-08-03 22:59 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-04 20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-04 20:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 20:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-03-29 23:03 . 2013-03-29 23:02 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\George\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\George\Application Data\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^George^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\George\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-08-12 19:18 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-11-19 23:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 20:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\George\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R1 MpKsl5617e768;MpKsl5617e768;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{512AA945-963E-446D-BA77-E26853D42EF7}\MpKsl5617e768.sys [3/30/2013 11:33 AM 29904]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 2:26 AM 450848]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [10/10/2011 11:38 PM 231424]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [10/12/2011 2:40 PM 812544]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [10/12/2011 2:42 PM 42752]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe --> c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [10/18/2011 9:48 AM 24576]
S3 McComponentHostService;McComponentHostService; [x]
S3 Svk2pl;Gigaware USB to Serial Cable;c:\windows\system32\drivers\Svk2pl.sys [4/1/2010 7:35 AM 51200]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 29379678
*NewlyCreated* - MPKSL5617E768
*Deregistered* - 29379678
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 23:28]
.
2013-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-22 01:05]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-22 01:05]
.
2013-03-30 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 01:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wrh.noaa.gov/lox/main.php?suite=public
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\5fdbouni.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wrh.noaa.gov/lox/main.php?suite=public
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2013-03-30 11:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1000)
c:\windows\system32\WININET.dll
c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-03-30 11:47:17
ComboFix-quarantined-files.txt 2013-03-30 18:47
ComboFix2.txt 2013-03-29 20:16
ComboFix3.txt 2013-03-29 18:56
.
Pre-Run: 58,371,776,512 bytes free
Post-Run: 58,427,170,816 bytes free
.
- - End Of File - - 14C5A101753E667960724E32B8514126
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.790000 GHz
Memory total: 2145566720, free: 843890688

------------ Kernel report ------------
04/06/2013 19:59:28
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Serial.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\drivers\ti21sony.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\Rtnicxp.sys
\SystemRoot\system32\drivers\camc6hal.sys
\SystemRoot\system32\drivers\camc6aud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWATI.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\avgfwdx.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\??\C:\WINDOWS\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff8a758390
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000084\
Lower Device Object: 0xffffffff8a50bc70
Lower Device Driver Name: \Driver\ti21sony\
Driver name found: ti21sony
Initialization returned 0x0
Load Function returned 0x0
>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8a6bfab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xffffffff8a4d82d8
Lower Device Driver Name: \Driver\ti21sony\
Driver name found: ti21sony
>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a866ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a83d940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.04.06.07
Downloaded database version: v2013.03.25.01
Initializing...
Done!
>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a866ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a83c900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a866ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a86b5f0, DeviceName: \Device\0000007b\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a83d940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe3f61100, 0xffffffff8a866ab8, 0xffffffff88049ab8
Lower DeviceData: 0xffffffffe1e95c08, 0xffffffff8a83d940, 0xffffffff88313558
>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
>>
Device number: 0, partition: 1
>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 42DA42DA

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 154191807
Partition file system is NTFS
Partition is bootable

Partition 1 type is Other (0xd7)
Partition is NOT ACTIVE.
Partition starts at LBA: 154191870 Numsec = 2104515

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8a6bfab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7513f8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6bfab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a4d82d8, DeviceName: \Device\00000083\, DriverName: \Driver\ti21sony\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8a758390, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a636020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a758390, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a50bc70, DeviceName: \Device\00000084\, DriverName: \Driver\ti21sony\
------------ End ----------
Done!
Performing system, memory and registry scan...
Read File: File "c:\Documents and Settings\George\Local Settings\Application Data\Avg2013\log\avgual.2013-04-01.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\George\Local Settings\Application Data\Avg2013\log\avgual.2013-04-04.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2013\log\avgcore.log.1" is compressed (flags = 1)
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TidyNetwork.com --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\sidTRUS01.tidy --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2ie.dll --> [PUP.TidyNetwork]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{7736C7FA-512D-11E2-B871-DEC36088709B} --> [PUP.TidyNetwork]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7736C7FA-512D-11E2-B871-DEC36088709B} --> [PUP.TidyNetwork]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7736C7FA-512D-11E2-B871-DEC36088709B} --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2networkTRUS01.exe --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2update.exe --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidynetwork.log --> [PUP.TidyNetwork]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
>>
Device number: 0, partition: 1
>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.790000 GHz
Memory total: 2145566720, free: 1302024192

Removal queue found; removal started
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com...
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\sidTRUS01.tidy...
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2ie.dll...
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2networkTRUS01.exe...
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2update.exe...
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidynetwork.log...
Removal finished
=======================================

Windows Registry Editor Version 5.00
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware]
@=""
"InstallLocation"="c:\\Program Files\\Microsoft Security Client\\"
"ProductAppDataPath"="c:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Microsoft Antimalware"
"ProductIcon"="@C:\\Program Files\\Microsoft Security Client\\EppManifest.dll,-100"
"ProductLocalizedName"="@C:\\Program Files\\Microsoft Security Client\\EppManifest.dll,-1000"
"RemediationExe"="C:\\Program Files\\Microsoft Security Client\\msseces.exe"
"WATPath"="C:\\Program Files\\Microsoft Security Client\\mssewat.dll"
"Edt"=hex:00,00,00,00,00,00,00,00
"ProductType"=dword:00000008
"InstallTime"=hex:f0,14,87,12,51,fa,cd,01
"DisableRoutinelyTakingAction"=dword:00000000
"ProductStatus"=dword:00000000
"OneTimeSqmDataSent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Extensions]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\TemporaryPaths]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Miscellaneous Configuration]
@=""
"SqmConsentApprove"=dword:00000000
"DeltaUpdateFailure"=dword:00000000
"BddUpdateFailure"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\MpEngine]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\ActiveSignatures]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\Exclusions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\Exclusions\IP Ranges]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\Exclusions\Ports]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\Exclusions\Processes]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\Exclusions\Threat IDs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\SKU Differentiation]
"{7A692DFC-A587-4230-B53B-6B8E867B3212}"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Quarantine]
@=""
"PurgeItemsAfterDelay"=dword:0000005a

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Real-Time Protection]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Remediation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Reporting]
@=""
"LastRebootTime"=hex:42,30,9a,2b,84,2d,ce,01

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Scan]
@=""
"SFCState"=dword:00000007
"CacheFile"="c:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Microsoft Antimalware\\Scans\\History\\CacheManager\\MpScanCache-1.bin"
"DisableCatchupQuickScan"=dword:00000001
"DisableCatchupFullScan"=dword:00000001
"AllowPause"=dword:00000000
"CheckForSignaturesBeforeRunningScan"=dword:00000001
"QuickScanInterval"=dword:00000000
"ScheduleDay"=dword:00000001
"LastOfflineScan"=hex:00,00,00,00,00,00,00,00
"LastScanType"=dword:00000002
"LastScanRun"=hex:ba,27,36,0a,13,1e,ce,01
"LastFullScanID"="{1581470E-6408-4388-93A1-5F8BB368DF97}"
"LastFullScanBytesCount"=hex:3c,74,33,9c,07,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates]
"SignatureCategoryID"="6b9e8b26-8f50-44b9-94c6-7846084383ec"
@=""
"SignatureUpdateInterval"=dword:00000018
"ScheduleDay"=dword:00000008
"ASSignatureDue"=dword:00000007
"AVSignatureDue"=dword:00000007
"ForceUpdateFromMU"=dword:00000001
"FallbackOrder"="MicrosoftUpdateServer|MMPC"
"LastFallbackTime"=hex:b6,fa,26,08,82,2d,ce,01
"SignatureUpdateCount"=dword:00000022
"SignaturesLastUpdated"=hex:f4,ae,40,2e,82,2d,ce,01
"UpdatedWithinGracePeriod"=dword:00000000
"EngineVersion"="1.1.9302.0"
"AVSignatureVersion"="1.147.768.0"
"AVSignatureBaseVersion"="1.147.0.0"
"AVSignatureApplied"=hex:00,eb,ac,c9,41,2d,ce,01
"ASSignatureVersion"="1.147.768.0"
"ASSignatureBaseVersion"="1.147.0.0"
"ASSignatureApplied"=hex:00,eb,ac,c9,41,2d,ce,01
"SignatureLocation"="c:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{C16759E2-1F8D-4158-B806-359C4E9EE48C}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet]
@=""
"SpyNetReportingLocation"=hex(7):68,00,74,00,74,00,70,00,73,00,3a,00,2f,00,2f,\
00,73,00,70,00,79,00,6e,00,65,00,74,00,32,00,2e,00,6d,00,69,00,63,00,72,00,\
6f,00,73,00,6f,00,66,00,74,00,2e,00,63,00,6f,00,6d,00,2f,00,41,00,6e,00,74,\
00,69,00,4d,00,61,00,6c,00,77,00,61,00,72,00,65,00,53,00,65,00,72,00,76,00,\
69,00,63,00,65,00,73,00,2f,00,32,00,2f,00,53,00,70,00,79,00,6e,00,65,00,74,\
00,52,00,65,00,70,00,6f,00,72,00,74,00,53,00,72,00,76,00,63,00,2e,00,61,00,\
73,00,6d,00,78,00,00,00,00,00
"SpyNetReporting"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Threats]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatIDDefaultAction]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatSeverityDefaultAction]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\UX Configuration]
@=""
"DisablePrivacyMode"=dword:00000001

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\\Program Files\\Synaptics\\SynTP\\SynTPStart.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"