BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Trojan Affection Steam?
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Trojan Affection Steam?  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Trojan Affection Steam?
[ << Previous Thread | Next Thread >> ]

Cool Trojan Bro
New Member


Date Joined Nov 2012
Total Posts : 4
 
   Posted 11/10/2012 9:15 PM (GMT +3)    Quote: Trojan Affection Steam?Alert an admin about: Trojan Affection Steam?
I became aware of this problem yesterday when i couldn't access Steam. It got to 99% updating and then stopped and I got a Resident Shield alert that found "Trojan horse PSW.Generic.10.AIXT" filename "C:\Program Files\Steam\bin\FileSystem_Steam.dll". My system's also slower than usual.

I've detected and deleted this and a similar Trojan several times with AVG and Malwarebytes but the problem is still there.

I noticed once while I was running a Malwarebytes scan that my Resident Shield picked them up while the files were being scanned, but MB didn't:

"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP677\A0501932.dll";"Trojan horse PSW.Generic10.AIXT";"Moved to Virus Vault"
"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP677\A0501965.exe";"Trojan horse Proxy.AVIS";"Moved to Virus Vault"
"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP677\A0502968.exe";"Trojan horse Proxy.AVIS";"Moved to Virus Vault"
"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP677\A0503010.dll";"Trojan horse PSW.Generic10.AIXT";"Moved to Virus Vault"
"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP677\A0503011.exe";"Trojan horse Proxy.AVIS";"Moved to Virus Vault"
"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP678\A0503395.dll";"Trojan horse PSW.Generic10.AIXT";"Moved to Virus Vault"
"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP680\A0503589.exe";"Trojan horse Proxy.AVIS";"Moved to Virus Vault"
"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP682\A0504105.exe";"Trojan horse Proxy.AVIS";"Moved to Virus Vault"
"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP682\A0504123.dll";"Trojan horse PSW.Generic10.AIXT";"Moved to Virus Vault"

Anyway here are the logs:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.10.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.3264
Administrator :: HP13888241712 [administrator]

10/11/2012 15:28:02
mbam-log-2012-11-10 (15-28-02).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 312267
Time elapsed: 1 hour(s), 28 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 6.0.2900.3264 BrowserJavaVersion: 10.7.2
Run by Administrator at 17:04:26 on 2012-11-10
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2021 [GMT 0:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AOL Toolbar BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - <orphaned>
BHO: GretechBHO Class: {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - c:\program files\gretech\gompicker\GomPickerBHO.dll
BHO: SidebarAutoLaunch Class: {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: &Save Flash: {4064EA35-578D-4073-A834-C96D82CBCF40} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Save Flash: {4064EA35-578D-4073-A834-C96D82CBCF40} -
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Octoshape Streaming Services] "c:\documents and settings\administrator\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [RayV] c:\program files\rayv\rayv\RayV.exe /background
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [btbb_wcm_McciTrayApp] c:\program files\btbb_wcm\McciTrayApp.exe
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ISTray] "c:\knowhow\sdscanner\pctsTray.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\btbroa~1.lnk - c:\program files\bt home hub\help\bin\matcli.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-System: EnableLUA = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-gb\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8E0C87BC-10EE-4EF6-89E3-EF5F48018F23} : DHCPNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\yyr3iipu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2447621&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - 2Shared Customized Web Search
FF - prefs.js: browser.startup.homepage - bbc.co.uk
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll
FF - plugin: c:\program files\common files\gretech\npgomtvx_nie.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\rayv\rayv\plugins\nprayvplugin.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-1-17 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-26 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-26 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-26 108552]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-4 26984]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-2-24 33856]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-26 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-26 297752]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-11-26 576024]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-11-26 156160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz130;cpuz130;\??\c:\docume~1\admini~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 167264]
S4 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-9 711112]
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
ShellExec: pdfvista.exe: Open="c:\program files\pdf complete\pdfvista.exe"
ShellExec: pdfvista.exe: Read="c:\program files\pdf complete\pdfvista.exe"
.
=============== Created Last 30 ================
.
2012-11-10 12:27:47 -------- d-----w- c:\program files\CCleaner
2012-11-10 12:12:25 -------- d-----w- c:\program files\trend micro
2012-11-10 11:44:23 -------- d-----w- c:\program files\Steam
2012-11-09 23:27:32 -------- d-----w- c:\program files\common files\Steam
2012-11-07 19:09:03 -------- d-----w- c:\program files\iPod
2012-11-07 19:08:55 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-07 19:03:23 -------- d-----w- c:\program files\Bonjour
2012-11-03 18:12:10 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Sun
2012-11-03 18:09:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-03 18:09:51 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-03 18:09:39 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-22 14:02:15 -------- d-----w- c:\program files\BT Broadband Desktop Help
2012-10-22 14:01:37 -------- d-----w- c:\program files\Citrix
2012-10-22 14:01:28 -------- d-----w- c:\program files\BTHomeHub
.
==================== Find3M ====================
.
2012-11-09 09:59:32 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-03 18:09:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-29 19:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 13:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 13:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2008-11-26 23:16:01 7332072 -c--a-w- c:\program files\Firefox Setup 3.0.4.exe
2008-11-26 20:52:06 50689960 ----a-w- c:\program files\avg_free_stf_en_8_173a1373.exe
.
============= FINISH: 17:05:01.84 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/26/2008 7:11:03 AM
System Uptime: 11/10/2012 12:48:23 PM (5 hours ago)
.
Motherboard: OEM_MB | | 2A72h
Processor: AMD Athlon(tm) Dual Core Processor 4450B | Socket AM2 | 1801/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 46.807 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 2.534 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP667: 10/10/2012 11:03:12 PM - Software Distribution Service 3.0
RP668: 10/17/2012 4:28:23 AM - System Checkpoint
RP669: 10/23/2012 6:24:13 AM - System Checkpoint
RP670: 10/25/2012 5:06:01 PM - System Checkpoint
RP671: 10/27/2012 3:24:42 AM - System Checkpoint
RP672: 10/30/2012 3:29:33 AM - System Checkpoint
RP673: 11/3/2012 6:12:24 AM - System Checkpoint
RP674: 11/3/2012 6:09:09 PM - Installed Java 7 Update 7
RP675: 11/3/2012 8:49:45 PM - Installed DirectX
RP676: 11/6/2012 11:09:59 AM - System Checkpoint
RP677: 11/7/2012 7:06:39 PM - Installed iTunes
RP678: 11/9/2012 11:07:27 PM - Removed TubeHunter Ultra
RP679: 11/9/2012 11:19:21 PM - Removed Hi-Command
RP680: 11/9/2012 11:20:01 PM - Removed Steam
RP681: 11/9/2012 11:27:30 PM - Installed Steam
RP682: 11/9/2012 11:34:08 PM - Removed Steam
RP683: 11/10/2012 11:44:21 AM - Installed Steam
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8
Adobe Shockwave Player 11.5
Afterfall InSanity DEMO
Amazon Kindle
AMD Processor Driver
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
AVG Free 8.5
AVG Security Toolbar
BattlEye (A2Free) Uninstall
Bonjour
Braid (Version 1.015)
BT Broadband Desktop Help
BT Broadband Talk Softphone 2.0
BT Home Hub
BT Wireless Connection Manager
BT Yahoo! Applications
BTHomeHub
Canon MP Navigator EX 1.0
Canon MP520 series
Canon MP520 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
CoreAAC
CoView
CutePDF Writer 2.8
CyberLink PowerDVD 8
Deus Ex - Game of the Year Edition
Direct Show Ogg Vorbis Filter (remove only)
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Download Manager 2.3.10
Droid Assault (remove only)
dtvblizzcon Player
Dual-Core Optimizer
Fps Terminator
Fraps
Futuremark SystemInfo
GOG.com Downloader version 3.0.40
GOM PICKER
GOM Player
GOM Video Converter
GOMTV Plug-in
GOMTV Streamer
Google Chrome
Google Update Helper
GoToAssist Corporate
Half-Life Uplink
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB952117-v2)
Hotfix for Windows XP (KB954550-v5)
HP Backup and Recovery Manager
HP Help and Support
iTunes
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 6 Update 2
Junk Mail filter update
LDC Driving Test Complete
League of Legends
LucasArts' Grim Fandango
Machinarium
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliPoint 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows Media Video 9 VCM
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
mIRC
MouseMaestro Input Device Driver V2.0.1-145AA MUL
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MPEG2 Codec(libmpeg2/mad)
MSVCRT
MSXML 6.0 Parser (KB925673)
Mumble 1.2.3
NVIDIA Control Panel 296.10
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 296.10
NVIDIA HD Audio Driver 1.3.12.0
NVIDIA Install Application
NVIDIA nView 136.18
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Update 1.7.11
NVIDIA Update Components
Octoshape add-in for Adobe Flash Player
Octoshape Streaming Services
OpenAL
PDF Complete
Peggle Deluxe 1.01
Penumbra
Pocket RAR documentation
PunkBuster Services
Quake Live Mozilla Plugin
QuickTime
RayViewer 1.08
Real Alternative 1.9.0
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
S.T.A.L.K.E.R. - Shadow of Chernobyl
Save Flash 4.2
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Segoe UI
Skype Click to Call
Skype™ 5.5
Spotify
Spybot - Search & Destroy
Steam
System Requirements Lab
System Requirements Lab CYRI
TeamSpeak 2 RC2
TrueCrypt
UE3Redist
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
USB 2.0 Card Reader
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Ventrilo Server
Veoh Web Player
VLC media player 0.9.9
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
YouTube Downloader 2.5.5
.
==== Event Viewer Messages From Past Week ========
.
11/9/2012 9:29:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/9/2012 9:28:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/9/2012 9:28:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT oreans32 RasAcd Rdbss sptd Tcpip truecrypt
11/9/2012 9:28:21 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/9/2012 9:28:21 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/9/2012 9:28:21 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/9/2012 9:28:21 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/9/2012 9:28:21 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/9/2012 9:28:21 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/9/2012 9:27:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/9/2012 9:27:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/9/2012 9:27:26 PM, error: sptd - Driver detected an internal error in its data structures for .
11/9/2012 7:27:51 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
11/9/2012 2:44:00 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
11/9/2012 2:39:50 PM, error: sr - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'FileSystem_Steam.dll' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/9/2012 10:55:58 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bd03d83b, parameter3 b13e25e4, parameter4 00000000.
11/9/2012 10:13:37 AM, error: Service Control Manager [7034] - The vToolbarUpdater13.2.0 service terminated unexpectedly. It has done this 1 time(s).
11/9/2012 10:13:34 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/8/2012 9:37:20 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/4/2012 10:07:56 AM, error: Service Control Manager [7034] - The vToolbarUpdater12.2.6 service terminated unexpectedly. It has done this 1 time(s).
11/4/2012 10:07:54 AM, error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).
11/4/2012 10:07:53 AM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
11/4/2012 10:07:53 AM, error: Service Control Manager [7034] - The Hi-Rez Studios Authenticate and Update Service service terminated unexpectedly. It has done this 1 time(s).
11/4/2012 10:07:50 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2012 10:05:05 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
11/3/2012 8:39:07 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/3/2012 4:12:10 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/3/2012 4:12:04 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:27:42, on 10/11/2012
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O2 - BHO: GomPicker - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files\GRETECH\GomPicker\GomPickerBHO.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ISTray] "C:\KnowHow\sdscanner\pctsTray.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-21-1276635300-2826307005-1031441524-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1276635300-2826307005-1031441524-1006\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-GB\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 14229 bytes

Post Edited (Cool Trojan Bro) : 11/10/2012 6:17:56 PM GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12980
 
   Posted 11/11/2012 11:52 PM (GMT +3)    Quote: Trojan Affection Steam?Alert an admin about: Trojan Affection Steam?
Hello Cool Trojan Bro smile




"C:\Program Files\Steam\bin\FileSystem_Steam.dll". <<<--- Sounds like a false positive


My system's also slower than usual.


Ok, We need to get a comprehensive report of what is present in your system.



Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in:

netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
MRESP50.SYS
CBPSp50.sys
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT



• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

• Post both logs


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Cool Trojan Bro
New Member


Date Joined Nov 2012
Total Posts : 4
 
   Posted 11/12/2012 12:27 PM (GMT +3)    Quote: Trojan Affection Steam?Alert an admin about: Trojan Affection Steam?
Thanks for replying, here are the two logs from OTL.


OTL logfile created on: 12/11/2012 09:10:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3264)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.08% Memory free
4.84 Gb Paging File | 4.26 Gb Available in Paging File | 88.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 50.14 Gb Free Space | 36.06% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.53 Gb Free Space | 25.33% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.79% Space Free | Partition Type: FAT32

Computer Name: HP13888241712 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/12 09:09:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/11/10 17:21:03 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/11/09 09:59:29 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/02/29 23:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/10/18 10:41:46 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/11 21:45:44 | 002,839,848 | ---- | M] (RayV) -- C:\Program Files\RayV\RayV\RayV.exe
PRC - [2009/08/29 15:30:44 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/29 15:30:43 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/29 15:30:40 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/29 15:30:31 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/29 15:30:09 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/08 13:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008/04/07 15:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/12/01 00:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/03 16:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2006/12/08 06:45:41 | 000,543,232 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\btbb_wcm\McciTrayApp.exe
PRC - [2006/07/21 16:19:46 | 000,129,536 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
PRC - [2006/07/10 10:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2006/03/03 13:18:10 | 000,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2006/02/02 16:59:32 | 000,192,512 | ---- | M] () -- C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/09 09:59:32 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012/11/09 09:59:31 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/09 09:59:29 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/10/11 21:45:38 | 001,680,915 | ---- | M] () -- C:\Program Files\RayV\RayV\avcodec-tiny3-52.dll
MOD - [2010/10/11 21:45:38 | 000,102,931 | ---- | M] () -- C:\Program Files\RayV\RayV\avutil-tiny3-50.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2006/07/10 10:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
MOD - [2006/02/23 16:13:02 | 000,038,912 | ---- | M] () -- C:\Program Files\Yahoo!\browser\YCommonPS.dll
MOD - [2006/02/02 16:59:32 | 000,192,512 | ---- | M] () -- C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
MOD - [2006/02/02 16:59:32 | 000,057,344 | ---- | M] () -- C:\Program Files\BT Home Hub\Help\bin\AsstCatalog.dll


========== Services (SafeList) ==========

SRV - [2012/11/10 17:21:03 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/09 09:59:28 | 000,711,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/27 15:45:14 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/22 14:01:47 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2012/02/29 23:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/08/29 15:30:31 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/29 15:30:09 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/04/07 15:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2003/05/19 16:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (adpsr3oj)
DRV - [2012/11/09 09:59:32 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/01/17 12:45:58 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/05/26 15:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 15:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/12/01 13:57:05 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/07/09 18:14:20 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/30 15:45:20 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/05/30 15:45:19 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/02/24 16:27:08 | 000,033,856 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/29 15:30:44 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/29 15:30:44 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/09 10:04:35 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/06/04 14:05:58 | 000,156,160 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2007/11/06 17:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/07/30 12:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/07/30 12:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/06/29 22:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/12/08 06:45:41 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/07/02 06:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/24 16:53:07 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/08/04 00:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/04 00:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/04 00:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/04 00:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/04 00:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/04 00:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 00:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/04/04 05:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {D8C323FA-4384-4FBD-B702-56EC42EFE512}
IE - HKLM\..\SearchScopes\{D8C323FA-4384-4FBD-B702-56EC42EFE512}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmdtie7-en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{52C44DD7-36D1-467A-AEBC-5492674D4CA4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={0B1AB77F-4989-40C6-860B-203F03D316A3}&mid=29f91fa93287ec5ac038cfcac4d6badc-50548208d82a7e4dce6fd3caa3c5e637daa1c79f&lang=us&ds=AVG&pr=fr&d=2012-01-03 17:13:08&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{D8C323FA-4384-4FBD-B702-56EC42EFE512}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmdtie7-en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "2Shared Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2447621&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "2Shared Customized Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "bbc.co.uk"
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.3.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@gomtv.com/gomtvx-plugin: C:\Program Files\Common Files\GRETECH\npgomtvx_nie.dll ((주) 그래텍)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll ( )
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll File not found
FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYVerInfo.dll File not found
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/09 10:01:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/25 14:07:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 15:45:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/03 18:09:51 | 000,000,000 | ---D | M]

[2009/05/03 20:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/05/03 20:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/11/03 17:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions
[2012/05/03 11:29:07 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/11/11 22:10:06 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions\firefox@tvunetworks.com
[2012/09/13 06:56:33 | 000,621,521 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions\testpilot@labs.mozilla.com.xpi
[2012/11/03 17:18:31 | 000,530,388 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/07/25 16:18:38 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010/10/12 18:00:58 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\searchplugins\conduit.xml
[2012/10/27 15:45:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/27 15:45:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/25 14:07:07 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/10/27 15:45:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/09 10:00:05 | 000,003,572 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/30 07:23:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 17:10:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: gomtvx NIE Module (Enabled) = C:\Program Files\Common Files\GRETECH\npgomtvx_nie.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RayV Plugin (Enabled) = C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Secure Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/04/05 11:46:54 | 000,424,767 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14640 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O2 - BHO: (GretechBHO Class) - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files\GRETECH\GomPicker\GomPickerBHO.dll (Gretech Corporation)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISTray] "C:\KnowHow\sdscanner\pctsTray.exe" File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" File not found
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork File not found
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe (Motive Communications, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-GB\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E0C87BC-10EE-4EF6-89E3-EF5F48018F23}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {0430454D-47EA-11D6-AD58-00010333D0AD} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error.
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - Reg Error: Value error.
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {34C70B70-8FFF-4179-A2EB-0819FFA38126} - Reg Error: Value error.
ActiveX: {362A5D5E-1BF6-4CA7-87B4-B6686F3C1BEF} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4a01a151-e350-4839-a2b8-03dc39d6c8e5} - Reg Error: Value error.
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4DAEE2D4-A471-42AC-97A2-4C2A79C77648} - Reg Error: Value error.
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - Reg Error: Value error.
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {944D7BBB-EA1D-43EB-B49F-F517CF2B6C9D} - Reg Error: Value error.
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CE734E0A-D6D3-4A92-AF9F-499BE87A025C} - Reg Error: Value error.
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F53CE5EC-1CD8-41EB-A220-F8EA247E3A06} - Reg Error: Value error.
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

MsConfig - Services: "PnkBstrA"
MsConfig - Services: "vToolbarUpdater13.2.0"
MsConfig - Services: "iPod Service"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "AVG Security Toolbar Service"
MsConfig - StartUpReg: btbb_McciTrayApp - hkey= - key= - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
MsConfig - StartUpReg: BtcMouseMaestro - hkey= - key= - C:\Program Files\MMaestro\KMaestro.exe (BTC)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Motive SmartBridge - hkey= - key= - C:\Program Files\BT Home Hub\Help\SmartBridge\BTHelpNotifier.exe (Motive)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Documents and Settings\Administrator\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/12 09:09:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/11/12 09:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink PowerDVD 8
[2012/11/10 17:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/11/10 17:21:25 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/11/10 17:21:25 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/11/10 17:21:16 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/11/10 17:21:16 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/11/10 17:21:16 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/11/10 17:07:51 | 000,895,464 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\Administrator\Desktop\jxpiinstall(2).exe
[2012/11/10 17:03:32 | 000,688,901 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/11/10 13:50:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/11/10 12:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/11/10 12:27:18 | 004,011,968 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup324.exe
[2012/11/10 12:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012/11/10 12:12:25 | 000,000,000 | ---D | C] -- C:\rsit
[2012/11/10 11:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\backups
[2012/11/10 11:51:33 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2012/11/10 11:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012/11/10 11:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steam
[2012/11/09 23:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012/11/07 19:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/11/07 19:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/07 19:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/07 19:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/11/07 19:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/11/07 19:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/11/03 18:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2012/11/03 18:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/11/03 18:09:52 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/11/03 18:09:51 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/10/27 15:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/22 14:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BT Broadband Desktop Help
[2012/10/22 14:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\BT Broadband Desktop Help
[2012/10/22 14:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012/10/22 14:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BTHomeHub
[2012/10/22 14:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\BTHomeHub
[2008/11/26 23:15:45 | 007,332,072 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.4.exe
[2008/11/26 20:51:56 | 050,689,960 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_173a1373.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/12 09:12:46 | 060,433,531 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/11/12 09:09:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/11/12 09:08:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/12 09:08:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/12 09:05:53 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\tasks\ce32849a.job
[2012/11/12 09:05:53 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1276635300-2826307005-1031441524-500.job
[2012/11/12 09:05:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/12 09:05:45 | 3219,640,320 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/11 09:49:54 | 000,042,060 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\raKs9.jpg
[2012/11/10 17:21:04 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/11/10 17:21:02 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/11/10 17:21:02 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/11/10 17:21:02 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/11/10 17:21:02 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/11/10 17:21:02 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/11/10 17:21:01 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/11/10 17:07:52 | 000,895,464 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Administrator\Desktop\jxpiinstall(2).exe
[2012/11/10 17:03:32 | 000,688,901 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/11/10 13:55:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/10 12:46:33 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2012/11/10 12:27:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/10 12:27:19 | 004,011,968 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup324.exe
[2012/11/10 12:15:09 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2012/11/10 12:11:52 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RSIT.exe
[2012/11/10 11:44:27 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2012/11/09 23:26:23 | 001,606,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SteamInstall.msi
[2012/11/09 20:14:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/11/09 09:59:32 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/11/08 20:36:52 | 001,200,649 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\abstract-fractal-gears.jpg
[2012/11/02 21:19:20 | 000,038,026 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LiveLeak-dot-com-9d93e9b8b90e-110620_meghan_mccain_ap_465.jpg
[2012/11/02 14:42:15 | 000,098,015 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HjIWI.jpg
[2012/10/30 23:25:55 | 000,222,135 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cSd0k.jpg
[2012/10/30 22:55:23 | 000,353,918 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JcumG.png
[2012/10/28 10:33:13 | 000,102,127 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wU1Zx.jpg
[2012/10/28 10:11:28 | 000,502,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/28 10:11:28 | 000,087,802 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/27 11:48:19 | 000,485,523 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\beJWq.jpg
[2012/10/25 07:46:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1276635300-2826307005-1031441524-500.job
[2012/10/22 14:04:14 | 000,001,087 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BT Broadband Desktop Help.lnk
[2012/10/22 14:01:32 | 000,001,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BT email & search.LNK
[2012/10/22 14:01:32 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My BT.LNK
[2012/10/22 13:48:46 | 000,111,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/20 23:50:18 | 000,502,606 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ko9pj.jpg
[2012/10/19 11:39:00 | 000,509,601 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LzuQu.gif
[2012/10/18 15:30:58 | 000,699,708 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\vaRRv.png
[2012/10/17 12:25:13 | 000,075,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\xRsr5.jpg
[2012/10/16 18:34:58 | 000,767,015 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\6R215.jpg
[2012/10/15 10:04:03 | 000,058,552 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\710ZP.jpg
[2012/10/15 10:03:51 | 000,225,746 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\6mW9L.jpg
[2012/10/14 11:34:26 | 000,089,583 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sZUSg.jpg
[2012/10/13 17:44:56 | 000,191,167 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\J4dYo.jpg
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/11 09:49:52 | 000,042,060 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\raKs9.jpg
[2012/11/10 12:27:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/10 12:11:51 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RSIT.exe
[2012/11/10 11:44:27 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2012/11/09 23:26:22 | 001,606,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SteamInstall.msi
[2012/11/09 22:53:47 | 3219,640,320 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/09 21:23:48 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk
[2012/11/08 20:36:51 | 001,200,649 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\abstract-fractal-gears.jpg
[2012/11/02 21:19:20 | 000,038,026 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LiveLeak-dot-com-9d93e9b8b90e-110620_meghan_mccain_ap_465.jpg
[2012/11/02 14:42:15 | 000,098,015 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HjIWI.jpg
[2012/10/30 23:25:54 | 000,222,135 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cSd0k.jpg
[2012/10/30 22:55:22 | 000,353,918 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JcumG.png
[2012/10/28 10:33:12 | 000,102,127 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wU1Zx.jpg
[2012/10/27 11:48:14 | 000,485,523 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\beJWq.jpg
[2012/10/22 14:04:14 | 000,001,087 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BT Broadband Desktop Help.lnk
[2012/10/22 14:01:32 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BT email & search.LNK
[2012/10/22 14:01:32 | 000,001,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My BT.LNK
[2012/10/20 23:50:17 | 000,502,606 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ko9pj.jpg
[2012/10/19 11:38:58 | 000,509,601 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LzuQu.gif
[2012/10/18 15:30:57 | 000,699,708 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vaRRv.png
[2012/10/17 12:25:12 | 000,075,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\xRsr5.jpg
[2012/10/16 18:34:57 | 000,767,015 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\6R215.jpg
[2012/10/15 10:04:03 | 000,058,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\710ZP.jpg
[2012/10/15 10:03:50 | 000,225,746 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\6mW9L.jpg
[2012/10/14 11:34:21 | 000,089,583 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sZUSg.jpg
[2012/10/13 17:44:55 | 000,191,167 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\J4dYo.jpg
[2012/10/13 17:05:46 | 000,199,667 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\aaaaaaaaaa.png
[2012/01/18 09:13:06 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/01/18 09:13:06 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/01/18 09:13:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/18 09:12:25 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/01/17 19:48:36 | 000,261,232 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/11/15 04:01:36 | 000,002,107 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ENGDEMO.2011-10.pl.nicolasgames_BF405A2F-B199-4DA6-895E-3ADBB640ACA6.swidtag
[2011/10/15 13:25:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/09/28 09:44:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2011/07/11 10:46:32 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/02/17 07:58:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/26 18:13:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/01 21:03:59 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrator\test.ps
[2010/02/27 18:01:23 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/13 10:57:56 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\Administrator\Administrator.rar
[2009/03/01 22:11:10 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2008/12/03 23:25:39 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/11/26 01:39:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2007/12/01 00:25:54 | 001,498,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2007/12/01 00:25:36 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2007/12/01 00:26:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/11/11 16:57:56 | 000,000,000 | -H-D | M] -- C:\$AVG8.VAULT$
[2010/06/01 02:10:08 | 000,000,000 | ---D | M] -- C:\057acc536f83d14fdcc3b2dc0e46
[2008/12/14 13:44:18 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2008/12/15 15:52:48 | 000,000,000 | ---D | M] -- C:\ComboFix
[2008/11/26 01:47:29 | 000,000,000 | ---D | M] -- C:\Compaq
[2012/11/10 17:21:35 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/11/08 23:50:47 | 000,000,000 | ---D | M] -- C:\CoView
[2012/05/19 11:32:53 | 000,000,000 | ---D | M] -- C:\DirectX9
[2012/05/19 11:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2010/05/04 20:50:00 | 000,000,000 | ---D | M] -- C:\Downloads
[2011/07/23 10:58:38 | 000,000,000 | ---D | M] -- C:\Fraps
[2011/10/13 01:11:37 | 000,000,000 | ---D | M] -- C:\Games
[2008/11/26 01:48:12 | 000,000,000 | -H-D | M] -- C:\hp
[2008/11/26 01:32:26 | 000,000,000 | ---D | M] -- C:\i386
[2012/01/17 20:21:48 | 000,000,000 | ---D | M] -- C:\KnowHow
[2008/11/30 16:11:21 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012/05/19 11:08:47 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012/11/10 17:09:51 | 000,000,000 | R--D | M] -- C:\Program Files
[2008/12/15 15:52:46 | 000,000,000 | ---D | M] -- C:\Qoobox
[2008/12/15 16:38:15 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012/11/10 12:12:43 | 000,000,000 | ---D | M] -- C:\rsit
[2011/09/28 13:17:54 | 000,000,000 | ---D | M] -- C:\Sierra
[2011/11/26 20:45:19 | 000,000,000 | ---D | M] -- C:\Stealth!!!!!!!
[2011/07/16 13:51:55 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008/11/26 08:47:35 | 000,000,000 | -H-D | M] -- C:\system.sav
[2011/08/20 14:59:54 | 000,000,000 | ---D | M] -- C:\UDK
[2012/11/10 17:51:14 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >
[2008/11/26 20:52:06 | 050,689,960 | ---- | M] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_173a1373.exe
[2008/11/26 23:16:01 | 007,332,072 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.4.exe
Invalid Environment Variable: LOCALAPPDATA

< %windir%\Installer\*.* >
[2011/07/07 13:03:35 | 003,537,408 | ---- | M] () -- C:\WINDOWS\Installer\10b482.msi
[2012/05/10 15:41:54 | 020,343,808 | R--- | M] () -- C:\WINDOWS\Installer\114abad.msp
[2012/02/17 07:45:24 | 002,299,392 | R--- | M] () -- C:\WINDOWS\Installer\114abbd.msp
[2012/04/28 20:43:58 | 008,459,264 | R--- | M] () -- C:\WINDOWS\Installer\114abcf.msp
[2012/03/15 01:24:28 | 001,795,584 | R--- | M] () -- C:\WINDOWS\Installer\114abe1.msp
[2012/04/04 21:38:16 | 003,620,864 | R--- | M] () -- C:\WINDOWS\Installer\114abf3.msp
[2012/04/28 20:44:02 | 009,586,176 | R--- | M] () -- C:\WINDOWS\Installer\114ac06.msp
[2012/04/28 20:44:02 | 009,101,824 | R--- | M] () -- C:\WINDOWS\Installer\114ac18.msp
[2012/04/04 21:38:44 | 002,831,360 | R--- | M] () -- C:\WINDOWS\Installer\114ac2a.msp
[2011/11/30 14:02:21 | 001,655,808 | ---- | M] () -- C:\WINDOWS\Installer\1177d0.msi
[2010/10/23 15:29:53 | 000,058,880 | ---- | M] () -- C:\WINDOWS\Installer\1329229.msi
[2010/10/23 15:30:00 | 000,083,456 | ---- | M] () -- C:\WINDOWS\Installer\1329234.msi
[2010/10/23 15:30:10 | 000,149,504 | ---- | M] () -- C:\WINDOWS\Installer\1329241.msi
[2010/10/23 15:30:24 | 000,027,136 | ---- | M] () -- C:\WINDOWS\Installer\132924e.msi
[2010/10/23 15:30:45 | 000,429,056 | ---- | M] () -- C:\WINDOWS\Installer\1329278.msi
[2010/10/23 15:31:19 | 000,022,016 | ---- | M] () -- C:\WINDOWS\Installer\1329281.msi
[2010/10/23 15:31:31 | 000,735,744 | ---- | M] () -- C:\WINDOWS\Installer\13292b0.msi
[2010/08/13 17:00:36 | 009,404,928 | R--- | M] () -- C:\WINDOWS\Installer\13bbb37.msp
[2010/08/13 17:02:20 | 002,545,664 | R--- | M] () -- C:\WINDOWS\Installer\13bbb49.msp
[2010/08/13 16:59:46 | 008,182,272 | R--- | M] () -- C:\WINDOWS\Installer\13bbb5b.msp
[2010/08/13 17:01:28 | 008,993,280 | R--- | M] () -- C:\WINDOWS\Installer\13bbb6d.msp
[2006/04/26 00:41:10 | 000,264,704 | ---- | M] () -- C:\WINDOWS\Installer\14804.msi
[2010/02/21 00:03:34 | 004,472,832 | R--- | M] () -- C:\WINDOWS\Installer\16e059.msp
[2010/03/22 15:03:14 | 011,732,992 | R--- | M] () -- C:\WINDOWS\Installer\16e06b.msp
[2008/11/30 16:11:47 | 002,397,184 | ---- | M] () -- C:\WINDOWS\Installer\17ba8c.msi
[2008/11/30 16:11:56 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\17ba92.msi
[2008/11/30 16:12:02 | 001,713,152 | ---- | M] () -- C:\WINDOWS\Installer\17ba98.msi
[2008/11/30 16:12:08 | 001,640,960 | ---- | M] () -- C:\WINDOWS\Installer\17ba9e.msi
[2008/11/30 16:12:16 | 001,640,960 | ---- | M] () -- C:\WINDOWS\Installer\17baa4.msi
[2008/11/30 16:12:21 | 000,048,128 | ---- | M] () -- C:\WINDOWS\Installer\17baad.msi
[2008/11/30 16:12:31 | 000,513,024 | ---- | M] () -- C:\WINDOWS\Installer\17bab3.msi
[2008/11/30 16:12:40 | 000,516,608 | ---- | M] () -- C:\WINDOWS\Installer\17baba.msi
[2008/11/30 16:12:49 | 000,506,880 | ---- | M] () -- C:\WINDOWS\Installer\17bac1.msi
[2008/11/30 16:12:54 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\17bac7.msi
[2008/11/30 16:12:58 | 001,652,736 | ---- | M] () -- C:\WINDOWS\Installer\17bacd.msi
[2008/11/30 16:13:59 | 009,613,312 | ---- | M] () -- C:\WINDOWS\Installer\17bad8.msi
[2012/11/03 18:12:39 | 000,022,528 | ---- | M] () -- C:\WINDOWS\Installer\1aebdf7.msi
[2011/03/17 17:38:30 | 020,308,992 | R--- | M] () -- C:\WINDOWS\Installer\1c46276.msp
[2011/11/13 18:44:14 | 000,751,616 | ---- | M] () -- C:\WINDOWS\Installer\1d71040.msi
[2009/10/16 07:09:28 | 002,518,016 | R--- | M] () -- C:\WINDOWS\Installer\1edcfd5.msp
[2010/09/02 17:56:09 | 020,303,872 | R--- | M] () -- C:\WINDOWS\Installer\1f5f216.msp
[2009/03/05 11:06:04 | 000,140,288 | ---- | M] () -- C:\WINDOWS\Installer\204f0f.msi
[2012/11/07 19:01:06 | 001,547,776 | ---- | M] () -- C:\WINDOWS\Installer\209f8d4.msi
[2012/11/07 19:03:26 | 002,002,432 | ---- | M] () -- C:\WINDOWS\Installer\209f919.msi
[2012/11/07 19:04:36 | 001,716,736 | ---- | M] () -- C:\WINDOWS\Installer\209f97c.msi
[2012/11/07 19:06:05 | 001,769,984 | ---- | M] () -- C:\WINDOWS\Installer\209fa0a.msi
[2012/11/07 19:10:55 | 004,736,000 | ---- | M] () -- C:\WINDOWS\Installer\20a0203.msi
[2010/03/26 21:11:13 | 000,892,416 | ---- | M] () -- C:\WINDOWS\Installer\219686f.msi
[2009/07/29 02:00:40 | 000,248,832 | ---- | M] () -- C:\WINDOWS\Installer\22985ce.msi
[2011/01/06 00:42:03 | 020,304,384 | R--- | M] () -- C:\WINDOWS\Installer\2309be8.msp
[2011/07/21 12:34:34 | 003,456,000 | R--- | M] () -- C:\WINDOWS\Installer\2592df.msp
[2012/09/14 08:08:12 | 000,022,016 | ---- | M] () -- C:\WINDOWS\Installer\25bcf8.msi
[2009/02/01 19:48:19 | 000,683,008 | ---- | M] () -- C:\WINDOWS\Installer\2627b8.msi
[2007/06/01 15:54:52 | 009,626,624 | R--- | M] () -- C:\WINDOWS\Installer\268a96b.msp
[2008/04/18 14:56:18 | 006,215,680 | R--- | M] () -- C:\WINDOWS\Installer\268a97e.msp
[2008/07/29 23:18:28 | 011,933,184 | R--- | M] () -- C:\WINDOWS\Installer\268a991.msp
[2008/05/21 00:45:28 | 005,246,976 | R--- | M] () -- C:\WINDOWS\Installer\268a9a8.msp
[2007/10/14 23:43:14 | 229,852,160 | R--- | M] () -- C:\WINDOWS\Installer\268aa29.msp
[2007/10/14 23:43:32 | 021,981,184 | R--- | M] () -- C:\WINDOWS\Installer\268aa31.msp
[2007/10/14 23:43:46 | 005,749,760 | R--- | M] () -- C:\WINDOWS\Installer\268aa51.msp
[2007/10/14 23:43:38 | 012,743,168 | R--- | M] () -- C:\WINDOWS\Installer\268aa63.msp
[2007/10/14 23:46:48 | 000,324,608 | R--- | M] () -- C:\WINDOWS\Installer\268aa75.msp
[2007/10/14 23:44:28 | 000,324,608 | R--- | M] () -- C:\WINDOWS\Installer\268aa7c.msp
[2008/04/11 18:48:24 | 006,774,272 | R--- | M] () -- C:\WINDOWS\Installer\268aa90.msp
[2008/09/24 12:05:44 | 016,381,440 | R--- | M] () -- C:\WINDOWS\Installer\268aaa2.msp
[2008/07/29 23:20:14 | 011,767,296 | R--- | M] () -- C:\WINDOWS\Installer\268aab4.msp
[2008/08/11 11:49:32 | 022,457,344 | R--- | M] () -- C:\WINDOWS\Installer\268aac6.msp
[2008/04/11 18:07:02 | 013,257,728 | R--- | M] () -- C:\WINDOWS\Installer\268aada.msp
[2008/08/11 11:51:14 | 015,916,544 | R--- | M] () -- C:\WINDOWS\Installer\268aaec.msp
[2008/02/15 08:54:20 | 009,736,192 | R--- | M] () -- C:\WINDOWS\Installer\268aafd.msp
[2009/10/16 06:08:48 | 002,237,952 | R--- | M] () -- C:\WINDOWS\Installer\284aaf9.msp
[2009/12/23 03:00:42 | 000,049,664 | ---- | M] () -- C:\WINDOWS\Installer\28a2bbe.msi
[2009/12/23 03:00:43 | 015,709,696 | R--- | M] () -- C:\WINDOWS\Installer\28a2bc5.msp
[2010/09/30 02:00:29 | 020,303,872 | R--- | M] () -- C:\WINDOWS\Installer\2966893.msp
[2010/05/31 00:13:45 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\29e9aa4.msi
[2010/06/01 13:02:00 | 000,035,840 | ---- | M] () -- C:\WINDOWS\Installer\2aba6f.msi
[2009/04/04 17:09:34 | 015,190,016 | R--- | M] () -- C:\WINDOWS\Installer\2c0a3ef.msp
[2009/04/04 11:36:32 | 021,390,848 | R--- | M] () -- C:\WINDOWS\Installer\2c0a406.msp
[2009/04/04 17:08:40 | 343,058,432 | R--- | M] () -- C:\WINDOWS\Installer\2c0a51d.msp
[2009/04/04 17:10:08 | 009,926,144 | R--- | M] () -- C:\WINDOWS\Installer\2c0a529.msp
[2009/04/04 17:10:16 | 007,888,384 | R--- | M] () -- C:\WINDOWS\Installer\2c0a534.msp
[2009/04/04 17:10:24 | 001,282,560 | R--- | M] () -- C:\WINDOWS\Installer\2c0a53d.msp
[2010/06/01 02:07:08 | 000,088,576 | ---- | M] () -- C:\WINDOWS\Installer\2d36a6b.msi
[2008/07/30 00:31:05 | 006,083,072 | R--- | M] () -- C:\WINDOWS\Installer\2d36a6c.msp
[2008/07/30 00:37:10 | 000,911,360 | R--- | M] () -- C:\WINDOWS\Installer\2d36a6d.msp
[2008/07/30 00:33:06 | 000,506,368 | R--- | M] () -- C:\WINDOWS\Installer\2d36a6e.msp
[2008/07/30 00:43:20 | 001,013,248 | R--- | M] () -- C:\WINDOWS\Installer\2d36a6f.msp
[2008/07/30 00:35:08 | 000,553,472 | R--- | M] () -- C:\WINDOWS\Installer\2d36a70.msp
[2008/07/30 00:39:12 | 003,403,264 | R--- | M] () -- C:\WINDOWS\Installer\2d36a71.msp
[2008/07/30 00:41:15 | 006,487,040 | R--- | M] () -- C:\WINDOWS\Installer\2d36a72.msp
[2008/07/30 00:29:02 | 002,926,080 | R--- | M] () -- C:\WINDOWS\Installer\2d36a73.msp
[2008/07/30 00:45:26 | 002,543,616 | R--- | M] () -- C:\WINDOWS\Installer\2d36a74.msp
[2010/06/01 02:11:14 | 000,137,728 | ---- | M] () -- C:\WINDOWS\Installer\2d91ea0.msi
[2008/07/30 04:07:18 | 000,023,040 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea1.msp
[2008/07/30 02:18:47 | 003,376,640 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea2.msp
[2008/07/30 03:22:41 | 004,137,984 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea3.msp
[2008/07/30 02:34:27 | 001,448,448 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea4.msp
[2008/07/30 04:15:12 | 003,697,664 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea5.msp
[2008/07/30 02:40:37 | 000,291,840 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea6.msp
[2008/07/30 03:37:55 | 002,679,808 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea7.msp
[2008/07/30 04:28:09 | 000,278,016 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea8.msp
[2008/07/30 02:26:24 | 001,043,456 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea9.msp
[2008/07/30 04:23:11 | 000,250,880 | R--- | M] () -- C:\WINDOWS\Installer\2d91eaa.msp
[2010/06/01 02:12:28 | 000,648,192 | ---- | M] () -- C:\WINDOWS\Installer\2daa4eb.msi
[2011/11/29 01:10:55 | 000,178,176 | ---- | M] () -- C:\WINDOWS\Installer\2e1a7a4.msi
[2008/11/26 20:53:20 | 000,337,408 | ---- | M] () -- C:\WINDOWS\Installer\2e867b.msi
[2010/07/23 01:03:24 | 000,338,432 | R--- | M] () -- C:\WINDOWS\Installer\2ebe696.msp
[2010/06/04 02:00:30 | 020,242,432 | R--- | M] () -- C:\WINDOWS\Installer\2ec6f64.msp
[2010/05/31 01:45:24 | 071,266,304 | ---- | M] () -- C:\WINDOWS\Installer\2f1dab5.msi
[2009/05/16 01:29:06 | 000,846,336 | ---- | M] () -- C:\WINDOWS\Installer\3004a09.msi
[2009/05/16 01:29:38 | 000,824,832 | ---- | M] () -- C:\WINDOWS\Installer\3004a59.msi
[2012/07/18 14:53:36 | 010,937,344 | R--- | M] () -- C:\WINDOWS\Installer\30bacdd.msp
[2012/07/18 14:46:48 | 000,593,408 | R--- | M] () -- C:\WINDOWS\Installer\30bacef.msp
[2012/07/25 15:59:06 | 011,032,064 | R--- | M] () -- C:\WINDOWS\Installer\30bad01.msp
[2012/06/26 17:03:12 | 003,875,840 | R--- | M] () -- C:\WINDOWS\Installer\30bad13.msp
[2012/07/18 14:54:24 | 002,831,360 | R--- | M] () -- C:\WINDOWS\Installer\312ec26.msp
[2012/07/25 15:57:08 | 002,532,864 | R--- | M] () -- C:\WINDOWS\Installer\312ec38.msp
[2012/07/18 14:55:46 | 009,585,664 | R--- | M] () -- C:\WINDOWS\Installer\312ec4b.msp
[2012/10/22 14:01:37 | 000,083,456 | ---- | M] () -- C:\WINDOWS\Installer\3175b3.msi
[2010/05/18 11:55:39 | 000,301,056 | ---- | M] () -- C:\WINDOWS\Installer\318a5.msi
[2010/05/18 11:59:42 | 001,299,456 | ---- | M] () -- C:\WINDOWS\Installer\318ab.msi
[2011/03/27 12:39:12 | 000,092,672 | ---- | M] () -- C:\WINDOWS\Installer\31c78e.msi
[2011/03/27 12:39:42 | 000,018,944 | ---- | M] () -- C:\WINDOWS\Installer\31c799.msi
[2012/04/04 21:37:40 | 002,540,544 | R--- | M] () -- C:\WINDOWS\Installer\330cf45.msp
[2012/06/19 11:54:40 | 002,239,488 | R--- | M] () -- C:\WINDOWS\Installer\330cf57.msp
[2010/04/24 16:10:46 | 008,486,400 | R--- | M] () -- C:\WINDOWS\Installer\3644a3a.msp
[2010/04/24 16:07:04 | 010,118,144 | R--- | M] () -- C:\WINDOWS\Installer\3644a4d.msp
[2010/04/24 16:07:58 | 004,667,392 | R--- | M] () -- C:\WINDOWS\Installer\3644a5f.msp
[2010/03/24 17:54:54 | 002,516,992 | R--- | M] () -- C:\WINDOWS\Installer\3644a71.msp
[2010/04/24 16:08:48 | 009,129,984 | R--- | M] () -- C:\WINDOWS\Installer\3644a83.msp
[2010/04/24 16:09:46 | 011,750,912 | R--- | M] () -- C:\WINDOWS\Installer\3644a95.msp
[2009/08/18 12:08:34 | 001,373,696 | R--- | M] () -- C:\WINDOWS\Installer\368c795.msp
[2009/07/27 03:31:24 | 003,738,624 | R--- | M] () -- C:\WINDOWS\Installer\368c7a8.msp
[2009/08/05 06:49:32 | 003,457,024 | R--- | M] () -- C:\WINDOWS\Installer\368c7bd.msp
[2011/10/14 02:00:27 | 020,333,568 | R--- | M] () -- C:\WINDOWS\Installer\3716445.msp
[2008/10/20 10:18:14 | 006,474,240 | R--- | M] () -- C:\WINDOWS\Installer\3767b7.msp
[2008/10/20 10:16:58 | 013,211,648 | R--- | M] () -- C:\WINDOWS\Installer\3767ca.msp
[2008/10/20 10:21:40 | 011,937,280 | R--- | M] () -- C:\WINDOWS\Installer\3767dc.msp
[2008/10/20 10:22:54 | 011,758,592 | R--- | M] () -- C:\WINDOWS\Installer\3767ee.msp
[2012/11/10 17:21:00 | 000,873,984 | ---- | M] () -- C:\WINDOWS\Installer\3935b.msi
[2012/11/10 17:21:35 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Installer\39361.msi
[2010/07/10 19:06:20 | 010,120,192 | R--- | M] () -- C:\WINDOWS\Installer\39896c8.msp
[2010/07/10 19:14:14 | 002,850,816 | R--- | M] () -- C:\WINDOWS\Installer\39896da.msp
[2010/08/04 14:13:04 | 000,686,080 | R--- | M] () -- C:\WINDOWS\Installer\3ac5b72.msp
[2010/11/20 22:33:46 | 001,980,928 | R--- | M] () -- C:\WINDOWS\Installer\3d80ba6.msp
[2011/07/27 06:39:50 | 009,892,352 | R--- | M] () -- C:\WINDOWS\Installer\3d80bb8.msp
[2011/09/06 20:48:02 | 008,181,248 | R--- | M] () -- C:\WINDOWS\Installer\3d80bca.msp
[2011/04/29 11:27:04 | 004,158,464 | R--- | M] () -- C:\WINDOWS\Installer\3d80bdd.msp
[2011/08/10 16:42:04 | 007,070,208 | R--- | M] () -- C:\WINDOWS\Installer\3d80bef.msp
[2011/10/04 02:02:31 | 020,333,056 | R--- | M] () -- C:\WINDOWS\Installer\3d80bfb.msp
[2011/09/06 20:46:22 | 009,006,080 | R--- | M] () -- C:\WINDOWS\Installer\3d80c0c.msp
[2011/04/29 11:28:40 | 001,995,264 | R--- | M] () -- C:\WINDOWS\Installer\3d80c1e.msp
[2011/08/10 16:43:30 | 003,795,968 | R--- | M] () -- C:\WINDOWS\Installer\3d80c30.msp
[2008/11/26 01:39:22 | 003,444,224 | ---- | M] () -- C:\WINDOWS\Installer\3dd66.msi
[2009/08/18 12:57:54 | 009,122,304 | R--- | M] () -- C:\WINDOWS\Installer\3f454.msp
[2009/08/18 12:58:56 | 008,301,056 | R--- | M] () -- C:\WINDOWS\Installer\3f466.msp
[2012/01/03 20:53:53 | 001,527,808 | ---- | M] () -- C:\WINDOWS\Installer\41378.msi
[2012/01/03 20:54:18 | 001,252,864 | ---- | M] () -- C:\WINDOWS\Installer\4138e.msi
[2008/12/16 17:50:33 | 000,470,528 | ---- | M] () -- C:\WINDOWS\Installer\4174e30.msi
[2012/03/25 14:05:56 | 000,178,688 | ---- | M] () -- C:\WINDOWS\Installer\458f2.msi
[2008/11/26 01:39:50 | 019,210,240 | R--- | M] () -- C:\WINDOWS\Installer\491d7.msp
[2011/11/14 08:52:18 | 000,019,968 | ---- | M] () -- C:\WINDOWS\Installer\4a25c.msi
[2009/04/24 11:29:02 | 009,013,760 | R--- | M] () -- C:\WINDOWS\Installer\4dc59d.msp
[2009/05/26 17:53:56 | 000,579,072 | R--- | M] () -- C:\WINDOWS\Installer\4dc5af.msp
[2009/04/24 11:30:16 | 002,583,552 | R--- | M] () -- C:\WINDOWS\Installer\4dc5c3.msp
[2009/05/04 06:47:22 | 009,124,864 | R--- | M] () -- C:\WINDOWS\Installer\4dc5d6.msp
[2009/05/04 06:46:14 | 008,299,008 | R--- | M] () -- C:\WINDOWS\Installer\4dc5e9.msp
[2011/09/15 17:37:28 | 016,691,712 | R--- | M] () -- C:\WINDOWS\Installer\4f274.msp
[2011/09/15 17:37:52 | 034,428,416 | R--- | M] () -- C:\WINDOWS\Installer\4f288.msp
[2011/09/15 17:34:54 | 428,804,608 | R--- | M] () -- C:\WINDOWS\Installer\4f3bc.msp
[2011/11/11 16:16:20 | 008,458,240 | R--- | M] () -- C:\WINDOWS\Installer\54e2a7.msp
[2011/11/11 16:15:00 | 001,795,584 | R--- | M] () -- C:\WINDOWS\Installer\54e2b9.msp
[2011/11/01 13:34:30 | 002,531,840 | R--- | M] () -- C:\WINDOWS\Installer\54e2cb.msp
[2011/11/11 16:14:40 | 009,096,192 | R--- | M] () -- C:\WINDOWS\Installer\54e2dd.msp
[2011/11/01 13:34:28 | 002,247,168 | R--- | M] () -- C:\WINDOWS\Installer\54e2ef.msp
[2011/11/01 13:34:56 | 004,250,112 | R--- | M] () -- C:\WINDOWS\Installer\54e303.msp
[2009/02/25 18:08:18 | 008,311,808 | R--- | M] () -- C:\WINDOWS\Installer\558bc7.msp
[2011/10/05 08:47:54 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\55a429.msi
[2009/12/23 16:13:26 | 000,219,648 | ---- | M] () -- C:\WINDOWS\Installer\55fe92d.msi
[2009/05/09 11:34:51 | 000,096,256 | ---- | M] () -- C:\WINDOWS\Installer\560c26.msi
[2010/10/07 18:43:04 | 001,980,416 | R--- | M] () -- C:\WINDOWS\Installer\5b1831.msp
[2010/09/17 06:04:16 | 009,401,856 | R--- | M] () -- C:\WINDOWS\Installer\5b1843.msp
[2011/09/15 17:38:04 | 010,838,528 | R--- | M] () -- C:\WINDOWS\Installer\62a57.msp
[2011/09/15 17:39:22 | 011,163,136 | R--- | M] () -- C:\WINDOWS\Installer\62a63.msp
[2011/09/15 17:40:36 | 007,959,552 | R--- | M] () -- C:\WINDOWS\Installer\62a6d.msp
[2009/02/01 13:16:30 | 000,367,104 | ---- | M] () -- C:\WINDOWS\Installer\6a7cd0.msi
[2010/05/30 14:03:01 | 000,030,208 | ---- | M] () -- C:\WINDOWS\Installer\6f771d.msi
[2010/06/24 22:49:03 | 000,213,504 | ---- | M] () -- C:\WINDOWS\Installer\71ba7ce.msi
[2011/11/01 12:34:26 | 001,169,920 | R--- | M] () -- C:\WINDOWS\Installer\74fa3a.msp
[2012/03/23 13:59:02 | 007,899,648 | R--- | M] () -- C:\WINDOWS\Installer\74fa4c.msp
[2009/11/23 09:42:18 | 000,107,008 | ---- | M] () -- C:\WINDOWS\Installer\7b479b.msi
[2009/11/23 09:42:47 | 000,202,752 | ---- | M] () -- C:\WINDOWS\Installer\7b47b3.msi
[2009/11/23 09:43:02 | 000,155,648 | ---- | M] () -- C:\WINDOWS\Installer\7b47ce.msi
[2008/12/03 19:27:46 | 006,318,592 | ---- | M] () -- C:\WINDOWS\Installer\82e92.msi
[2010/02/21 01:00:02 | 008,480,768 | R--- | M] () -- C:\WINDOWS\Installer\8733a22.msp
[2010/02/04 17:24:30 | 009,122,304 | R--- | M] () -- C:\WINDOWS\Installer\8733a34.msp
[2009/11/20 23:46:06 | 011,524,608 | R--- | M] () -- C:\WINDOWS\Installer\8733a46.msp
[2009/01/29 12:59:31 | 000,867,840 | ---- | M] () -- C:\WINDOWS\Installer\948a7f.msi
[2009/01/29 13:00:35 | 001,142,784 | ---- | M] () -- C:\WINDOWS\Installer\948a8b.msi
[2008/12/15 17:39:27 | 009,685,504 | ---- | M] () -- C:\WINDOWS\Installer\9ecd99.msi
[2012/11/10 11:44:23 | 001,065,984 | ---- | M] () -- C:\WINDOWS\Installer\a03560.msi
[2012/05/07 13:17:37 | 000,926,720 | ---- | M] () -- C:\WINDOWS\Installer\a529b2.msi
[2011/11/27 12:02:59 | 000,160,768 | ---- | M] () -- C:\WINDOWS\Installer\a663fa.msi
[2011/11/13 13:16:44 | 001,160,192 | ---- | M] () -- C:\WINDOWS\Installer\a9300f.msi
[2011/11/13 13:20:12 | 000,492,544 | ---- | M] () -- C:\WINDOWS\Installer\a93016.msi
[2010/04/02 14:42:01 | 009,472,000 | ---- | M] () -- C:\WINDOWS\Installer\af4064.msi
[2010/01/21 03:00:23 | 015,710,720 | R--- | M] () -- C:\WINDOWS\Installer\b3ec44.msp
[2012/05/19 11:11:50 | 001,553,408 | ---- | M] () -- C:\WINDOWS\Installer\bad62.msi
[2009/04/24 11:28:00 | 004,450,816 | R--- | M] () -- C:\WINDOWS\Installer\ceb6a6.msp
[2012/02/25 10:17:22 | 020,333,056 | R--- | M] () -- C:\WINDOWS\Installer\d2620.msp
[2009/11/04 06:28:56 | 000,216,576 | ---- | M] () -- C:\WINDOWS\Installer\d523c88.msi
[2009/11/04 06:31:21 | 000,027,648 | ---- | M] () -- C:\WINDOWS\Installer\d523ca6.msi
[2009/02/25 18:07:14 | 011,646,464 | R--- | M] () -- C:\WINDOWS\Installer\d8e66e.msp
[2009/02/25 18:05:14 | 011,840,000 | R--- | M] () -- C:\WINDOWS\Installer\d8e680.msp
[2012/01/06 13:33:42 | 001,636,352 | ---- | M] () -- C:\WINDOWS\Installer\f55dd.msi
[2011/11/13 13:16:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{3C3901C5-3455-3E0A-A214-0B093A5070A6}.SchedServiceConfig.rmi
[2010/06/01 02:11:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.SchedServiceConfig.rmi
[2009/10/15 02:58:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}.SchedServiceConfig.rmi
[2010/04/02 14:39:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{B5C3B892-0849-476C-9F46-B12F84819D57}.SchedServiceConfig.rmi
[2012/11/07 19:04:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}.SchedServiceConfig.rmi

< %windir%\system32\tasks\*.* >

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2004/08/04 07:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/12/01 00:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=E0EE428F4777A3CD8760BAD61F87ABED -- C:\WINDOWS\explorer.exe
[2007/12/01 00:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=E0EE428F4777A3CD8760BAD61F87ABED -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: MRESP50.SYS >
[2011/05/26 15:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) MD5=07C02C892E8E1A72D6BF35004F0E9C5E -- C:\Program Files\Common Files\Motive\MRESP50.sys

< MD5 for: REGEDIT.EXE >
[2007/12/01 00:26:46 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=6A05DE27DCBD8256845782943BEBC572 -- C:\WINDOWS\regedit.exe
[2007/12/01 00:26:46 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=6A05DE27DCBD8256845782943BEBC572 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2006/02/28 12:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\i386\REGEDIT.EXE
[2006/02/28 12:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe

< MD5 for: SVCHOST.EXE >
[2007/12/01 00:26:52 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=0C82B0AE50BB2BC8A96A753F4EDC495F -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2007/12/01 00:26:52 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=0C82B0AE50BB2BC8A96A753F4EDC495F -- C:\WINDOWS\system32\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 07:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2007/12/01 00:26:54 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=813B2E9C4CAEA05FBA51A442FAB7A95D -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2007/12/01 00:26:54 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=813B2E9C4CAEA05FBA51A442FAB7A95D -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2007/12/01 00:26:58 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=45FFE966290B9C4BA659325561DE4830 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2007/12/01 00:26:58 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=45FFE966290B9C4BA659325561DE4830 -- C:\WINDOWS\system32\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright (C) 1999-2003 Microsoft Corporation.
On computer: HP13888241712
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B
Volume 1 F DVD-ROM 0 B
Volume 2 C NTFS Partition 139 GB Healthy System
Volume 3 D HP_RECOVERY NTFS Partition 10 GB Healthy
Volume 4 G 01256816966 FAT32 Removeable 3820 MB

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2

< End of report >


OTL Extras logfile created on: 12/11/2012 09:10:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3264)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.08% Memory free
4.84 Gb Paging File | 4.26 Gb Available in Paging File | 88.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 50.14 Gb Free Space | 36.06% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.53 Gb Free Space | 25.33% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.79% Space Free | Partition Type: FAT32

Computer Name: HP13888241712 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = YBrowser.HTML] -- C:\Program Files\Yahoo!\browser\ybrowser.exe (Yahoo!, Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"8370:TCP" = 8370:TCP:*:Enabled:League of Legends Launcher
"8370:UDP" = 8370:UDP:*:Enabled:League of Legends Launcher
"8372:TCP" = 8372:TCP:*:Enabled:League of Legends Launcher
"8372:UDP" = 8372:UDP:*:Enabled:League of Legends Launcher
"43795:TCP" = 43795:TCP:*:Enabled:utorrent
"20919:TCP" = 20919:TCP:*:Enabled:BitComet 20919 TCP
"20919:UDP" = 20919:UDP:*:Enabled:BitComet 20919 UDP
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"25565:TCP" = 25565:TCP:*:Enabled:Minecraft Multiplayer
"27015:TCP" = 27015:TCP:*:Enabled:Steam
"27014:TCP" = 27014:TCP:*:Enabled:Steam Client
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\Repair.exe" = C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility
"C:\Program Files\THQ\Dawn Of War\W40k.exe" = C:\Program Files\THQ\Dawn Of War\W40k.exe:*:Enabled:W40k
"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" = C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade
"C:\Documents and Settings\Administrator\Local Settings\temp\Blizzard Launcher Temporary - c3abbc60\Launcher.exe" = C:\Documents and Settings\Administrator\Local Settings\temp\Blizzard Launcher Temporary - c3abbc60\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe" = C:\Program Files\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe:*:Enabled:DOW2
"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Documents and Settings\Administrator\Local Settings\temp\Blizzard Launcher Temporary - 0ec68050\Launcher.exe" = C:\Documents and Settings\Administrator\Local Settings\temp\Blizzard Launcher Temporary - 0ec68050\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Disabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Documents and Settings\Administrator\Desktop\WowExpansionMaster_1024_2100_B_English-avi-downloader.exe" = C:\Documents and Settings\Administrator\Desktop\WowExpansionMaster_1024_2100_B_English-avi-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Documents and Settings\Administrator\Desktop\WoW-Intro-enGB-downloader.exe" = C:\Documents and Settings\Administrator\Desktop\WoW-Intro-enGB-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Program Files\NAMCO BANDAI Games\Warhammer Mark of Chaos\Warhammer.exe" = C:\Program Files\NAMCO BANDAI Games\Warhammer Mark of Chaos\Warhammer.exe:*:Enabled:Warhammer®: Mark of Chaos™
"C:\Documents and Settings\Administrator\My Documents\Downloads\SC2-battlereport-4_PEGI-downloader.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\SC2-battlereport-4_PEGI-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Administrator\My Documents\Downloads\Terran_Demo_English_EU.avi-downloader.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\Terran_Demo_English_EU.avi-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\TmNationsForever\TmForever.exe" = C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe
"C:\Program Files\StarCraft II Beta\StarCraft II.exe" = C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary
"C:\Program Files\Bumblebee Studios\Bloodline Champions Beta\Binary\BloodlineChampionsLoader.exe" = C:\Program Files\Bumblebee Studios\Bloodline Champions Beta\Binary\BloodlineChampionsLoader.exe:*:Enabled:BloodlineChampionsLoader
"C:\UDK\The Ball UDK Demo\Binaries\Win32\UDK.exe" = C:\UDK\The Ball UDK Demo\Binaries\Win32\UDK.exe:*:Enabled:UDK
"C:\Program Files\Steam\steamapps\etherloper\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\etherloper\team fortress 2\hl2.exe:*:Enabled:hl2
"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe -- (Microsoft Corporation)
"C:\Program Files\id Software\Quake 4 Multiplayer Demo\Quake4.exe" = C:\Program Files\id Software\Quake 4 Multiplayer Demo\Quake4.exe:*:Enabled:Quake 4
"C:\Documents and Settings\Administrator\Application Data\GameRanger\GameRanger\GameRanger.exe" = C:\Documents and Settings\Administrator\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger
"C:\Program Files\AoE2\empires2.exe" = C:\Program Files\AoE2\empires2.exe:*:Enabled:Age of Empires II
"C:\Program Files\AoE2\age2_x1\age2_x1.exe" = C:\Program Files\AoE2\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion
"C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV -- (RayV)
"C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV -- (RayV)
"C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm
"C:\Program Files\GRETECH\GomTVStreamer\GomTVStreamerLive.exe" = C:\Program Files\GRETECH\GomTVStreamer\GomTVStreamerLive.exe:*:Enabled:GomTVStreamerLive.exe -- ()
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*:Disabled:Java(TM) Web Start Launcher
"C:\Documents and Settings\Administrator\Application Data\RayV\Viewer\RayV.dll" = C:\Documents and Settings\Administrator\Application Data\RayV\Viewer\RayV.dll:*:Enabled:RayV
"C:\Games\World_of_Tanks_closed_Beta\WorldOfTanks.exe" = C:\Games\World_of_Tanks_closed_Beta\WorldOfTanks.exe:*:Enabled:World of Tanks
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\THQ\Dawn Of War\W40kWA.exe" = C:\Program Files\THQ\Dawn Of War\W40kWA.exe:*:Enabled:W40kWA
"C:\UDK\Fps Terminator\Binaries\Win32\UDK.exe" = C:\UDK\Fps Terminator\Binaries\Win32\UDK.exe:*:Enabled:UDK -- (Epic Games, Inc.)
"C:\Documents and Settings\Administrator\Desktop\Gang Garrison 2\Gang Garrison 2.exe" = C:\Documents and Settings\Administrator\Desktop\Gang Garrison 2\Gang Garrison 2.exe:*:Enabled:Gang Garrison 2
"C:\Program Files\Steam\steamapps\common\hacker evolution untold - demo\Hacker Evolution Untold.exe" = C:\Program Files\Steam\steamapps\common\hacker evolution untold - demo\Hacker Evolution Untold.exe:*:Enabled:Hacker Evolution: Untold - Demo
"C:\Program Files\Steam\steamapps\common\wasteland angel - demo\bin\x86\dx9\Angel.exe" = C:\Program Files\Steam\steamapps\common\wasteland angel - demo\bin\x86\dx9\Angel.exe:*:Enabled:Wasteland Angel - Demo
"C:\Games\World_of_Tanks\WorldOfTanks.exe" = C:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Steam\steamapps\common\the ball demo\Binaries\Win32\TheBall.exe" = C:\Program Files\Steam\steamapps\common\the ball demo\Binaries\Win32\TheBall.exe:*:Enabled:The Ball Demo
"C:\Program Files\Steam\steamapps\common\dungeon defenders demo\Binaries\Win32\DunDefGame.exe" = C:\Program Files\Steam\steamapps\common\dungeon defenders demo\Binaries\Win32\DunDefGame.exe:*:Enabled:DunDefGame
"C:\Program Files\Steam\steamapps\common\dungeons the dark lord demo\dungeons-server.exe" = C:\Program Files\Steam\steamapps\common\dungeons the dark lord demo\dungeons-server.exe:*:Enabled:Dungeons - The Dark Lord Demo Server
"C:\Program Files\Steam\steamapps\common\defcon\defcon.exe" = C:\Program Files\Steam\steamapps\common\defcon\defcon.exe:*:Enabled:Defcon
"C:\Program Files\Steam\steamapps\common\oddworld abes oddysee demo\AbeDemo.exe" = C:\Program Files\Steam\steamapps\common\oddworld abes oddysee demo\AbeDemo.exe:*:Enabled:Oddworld: Abe's Oddysee Demo
"C:\Program Files\Hi-Rez Studios\games\tribes alpha\Binaries\Win32\TribesAscend.exe" = C:\Program Files\Hi-Rez Studios\games\tribes alpha\Binaries\Win32\TribesAscend.exe:*:Enabled:TribesAscend
"C:\Program Files\Steam\steamapps\common\hoard\win32\Reuben.exe" = C:\Program Files\Steam\steamapps\common\hoard\win32\Reuben.exe:*:Enabled:HOARD - Demo
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Steam\steamapps\common\the void\bin\win32\Game.exe" = C:\Program Files\Steam\steamapps\common\the void\bin\win32\Game.exe:*:Enabled:The Void
"C:\Program Files\Steam\steamapps\common\the void\bin\win32\Config.exe" = C:\Program Files\Steam\steamapps\common\the void\bin\win32\Config.exe:*:Enabled:The Void
"C:\Program Files\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe" = C:\Program Files\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe:*:Enabled:FTL: Faster Than Light
"C:\Program Files\Steam\steamapps\common\bastion\Bastion.exe" = C:\Program Files\Steam\steamapps\common\bastion\Bastion.exe:*:Enabled:Bastion
"C:\Program Files\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe" = C:\Program Files\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe:*:Enabled:BioShock
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.5
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.0.40
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79A2AB22-00D8-4F09-A00A-F1CB7DB3E916}_is1" = Penumbra
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C59E50F4-0AE2-4742-8059-9EF67E379AFB}" = RayViewer 1.08
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EE079D-A1A6-48A0-8B02-5CC7E1FEE342}" = Afterfall InSanity DEMO
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon Kindle" = Amazon Kindle
"AOL Toolbar" = AOL Toolbar 5.0
"AVG Secure Search" = AVG Security Toolbar
"AVG8Uninstall" = AVG Free 8.5
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"Braid_is1" = Braid (Version 1.015)
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Broadband Talk Softphone Frontier_is1" = BT Broadband Talk Softphone 2.0
"BT Home Hub" = BT Home Hub
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"BtcMouseMaestro" = MouseMaestro Input Device Driver V2.0.1-145AA MUL
"BTHomeHub" = BTHomeHub
"Canon MP520 series User Registration" = Canon MP520 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CoreAAC" = CoreAAC
"CoView_is1" = CoView
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Deus Ex - Game of the Year Edition_is1" = Deus Ex - Game of the Year Edition
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"Download Manager" = Download Manager 2.3.10
"DroidAssault" = Droid Assault (remove only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Fraps" = Fraps
"GOM Picker" = GOM PICKER
"GOM Player" = GOM Player
"GOM Video Converter" = GOM Video Converter
"GomTV Launcher Plugin" = GOMTV Plug-in
"GomTVStreamer" = GOMTV Streamer
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"Half-Life Uplink" = Half-Life Uplink
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"LDC Driving Test Complete2.2" = LDC Driving Test Complete
"LucasArts' Grim Fandango" = LucasArts' Grim Fandango
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"mIRC" = mIRC
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"PDF Complete" = PDF Complete
"Peggle Deluxe 1.01" = Peggle Deluxe 1.01
"PocketRAR" = Pocket RAR documentation
"PunkBusterSvc" = PunkBuster Services
"RayV" = dtvblizzcon Player
"RealAlt_is1" = Real Alternative 1.9.0
"RealPlayer 12.0" = RealPlayer
"Save Flash" = Save Flash 4.2
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TrueCrypt" = TrueCrypt
"UDK-06f58e28-1a8c-4631-ae8f-7bb68abcf9df" = Fps Terminator
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 0.9.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02/11/2012 07:11:15 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 02/11/2012 07:11:15 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6094

Error - 02/11/2012 07:11:15 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6094

Error - 02/11/2012 07:11:17 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 02/11/2012 07:11:18 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8172

Error - 02/11/2012 07:11:18 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8172

Error - 03/11/2012 06:01:58 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/11/2012 06:01:58 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953

Error - 03/11/2012 06:01:58 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

Error - 03/11/2012 12:22:54 | Computer Name = HP13888241712 | Source = Application Error | ID = 1000
Description = Faulting application bioshock.exe, version 1.0.0.0, faulting module
msvcr80.dll, version 8.0.50727.6195, fault address 0x0001500a.

[ Application Events ]
Error - 02/11/2012 07:11:15 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 02/11/2012 07:11:15 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6094

Error - 02/11/2012 07:11:15 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6094

Error - 02/11/2012 07:11:17 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 02/11/2012 07:11:18 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8172

Error - 02/11/2012 07:11:18 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8172

Error - 03/11/2012 06:01:58 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/11/2012 06:01:58 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953

Error - 03/11/2012 06:01:58 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

Error - 03/11/2012 12:22:54 | Computer Name = HP13888241712 | Source = Application Error | ID = 1000
Description = Faulting application bioshock.exe, version 1.0.0.0, faulting module
msvcr80.dll, version 8.0.50727.6195, fault address 0x0001500a.

[ OSession Events ]
Error - 17/12/2009 10:51:00 | Computer Name = HP13888241712 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 243
seconds with 180 seconds of active time. This session ended with a crash.

Error - 17/12/2009 10:51:11 | Computer Name = HP13888241712 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/12/2009 10:51:34 | Computer Name = HP13888241712 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/11/2012 17:55:30 | Computer Name = HP13888241712 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bd03d83b, parameter3
b0cae324, parameter4 00000000.

Error - 11/11/2012 04:46:35 | Computer Name = HP13888241712 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 11/11/2012 04:47:54 | Computer Name = HP13888241712 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 11/11/2012 12:52:39 | Computer Name = HP13888241712 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/11/2012 12:53:06 | Computer Name = HP13888241712 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Update Service Daemon service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/11/2012 12:55:20 | Computer Name = HP13888241712 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 11/11/2012 12:55:47 | Computer Name = HP13888241712 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/11/2012 12:57:02 | Computer Name = HP13888241712 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 12/11/2012 05:05:49 | Computer Name = HP13888241712 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 12/11/2012 05:07:15 | Computer Name = HP13888241712 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.


< End of report >
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12980
 
   Posted 11/12/2012 4:19 PM (GMT +3)    Quote: Trojan Affection Steam?Alert an admin about: Trojan Affection Steam?
We need to run an OTL Fix

• Please reopen OTL on your desktop.
• Copy and Paste the following into the Custom Scan textbox. ^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

:Services

:OTL
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
:Reg
:Files
C:\Program Files\Bonjour
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Push Run Fix Button

• OTL may ask to reboot the machine. Please do so if asked.
• Click OK.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.




Please download Combofix from: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

And save to the desktop.

After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC:
Exit all windows that are currently open on your computer.
To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.


Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.


Post the contents of that log in your next reply

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Cool Trojan Bro
New Member


Date Joined Nov 2012
Total Posts : 4
 
   Posted 11/12/2012 6:28 PM (GMT +3)    Quote: Trojan Affection Steam?Alert an admin about: Trojan Affection Steam?
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {41564D57-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmvadvd.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder deleted successfully.
C:\WINDOWS\8A809006C25A4A3A9DAB94659BCDB107.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\8A809006C25A4A3A9DAB94659BCDB107.TMP folder deleted successfully.
C:\WINDOWS\A7E07C2B2220441587E3784D5814BC93.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\A7E07C2B2220441587E3784D5814BC93.TMP folder deleted successfully.
C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Bonjour\Bonjour.Resources\zh_TW.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\zh_CN.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\sv.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\ru.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\pt_PT.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\pt.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\pl.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\nl.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\nb.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\ko.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\ja.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\it.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\fr.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\fi.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\es.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\en_GB.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\en.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\de.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\da.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources folder moved successfully.
C:\Program Files\Bonjour folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 7017233 bytes
->Temporary Internet Files folder emptied: 99688 bytes
->Java cache emptied: 58591583 bytes
->FireFox cache emptied: 76273060 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 5908032 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41044 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 64046 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 54343693 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41044 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 12130169 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98950 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 19780 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 14264 bytes

Total Files Cleaned = 205.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11122012_135520

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



ComboFix 12-11-12.02 - Administrator 12/11/2012 15:04:22.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2559 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\.#
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@2C8@38C478.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@2C8@38C488.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@2C8@38C4C8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@2C8@38C4D8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@2C8@38C4E8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@8FC@38C478.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@8FC@38C488.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@8FC@38C4C8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@8FC@38C4D8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@8FC@38C4E8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@A14@38C478.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@A14@38C488.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@A14@38C4C8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@A14@38C4D8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@A14@38C4E8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C478.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C488.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C498.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C4A8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C4B8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C4C8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C4D8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C4E8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@FA0@38C478.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@FA0@38C488.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@FA0@38C4C8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@FA0@38C4D8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@FA0@38C4E8.###
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
C:\install.exe
c:\program files\avg_free_stf_en_8_173a1373.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32bd535f5cd7e5ee.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\362e8a6ae1684106.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\600a6ffa37fe392a.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7aa9c138719c9000.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cc8f2f2a26cebd47.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\dac6a74f54021d1d.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))
.
.
2012-11-12 13:55 . 2012-11-12 13:55 -------- d-----w- C:\_OTL
2012-11-10 17:21 . 2012-11-10 17:21 -------- d-----w- c:\program files\Common Files\Java
2012-11-10 17:21 . 2012-11-10 17:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-10 17:21 . 2012-11-10 17:21 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-10 12:27 . 2012-11-10 12:27 -------- d-----w- c:\program files\CCleaner
2012-11-10 12:12 . 2012-11-10 17:23 -------- d-----w- c:\program files\trend micro
2012-11-10 12:12 . 2012-11-10 12:12 -------- d-----w- C:\rsit
2012-11-10 11:44 . 2012-11-12 13:59 -------- d-----w- c:\program files\Steam
2012-11-09 23:27 . 2012-11-09 23:27 -------- d-----w- c:\program files\Common Files\Steam
2012-11-07 19:09 . 2012-11-07 19:09 -------- d-----w- c:\program files\iPod
2012-11-07 19:08 . 2012-11-07 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-07 19:06 . 2012-11-07 19:06 -------- d-----w- c:\program files\Apple Software Update
2012-11-07 19:04 . 2012-11-07 19:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-11-03 18:12 . 2012-11-03 18:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun
2012-11-03 18:09 . 2012-11-10 17:21 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-03 18:09 . 2012-11-10 17:21 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-22 14:02 . 2012-10-22 14:02 -------- d-----w- c:\program files\BT Broadband Desktop Help
2012-10-22 14:01 . 2012-10-22 14:01 -------- d-----w- c:\program files\Citrix
2012-10-22 14:01 . 2012-10-22 14:01 -------- d-----w- c:\program files\BTHomeHub
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-09 09:59 . 2012-09-04 15:37 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-09-29 19:54 . 2008-12-14 13:22 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 13:01 . 2009-10-15 02:59 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 13:01 . 2009-10-15 02:59 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2008-11-26 23:16 . 2008-11-26 23:15 7332072 -c--a-w- c:\program files\Firefox Setup 3.0.4.exe
2012-10-27 15:45 . 2012-10-27 15:45 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 09:59 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Octoshape Streaming Services"="c:\documents and settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-08 543232]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-09 997320]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-25 928096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2007-12-01 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-10-22 14:01 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk
backup=c:\windows\pss\BT Broadband Desktop Help.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 21:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2011-05-26 15:04 1590144 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtcMouseMaestro]
2005-11-09 09:18 286720 ------w- c:\program files\MMaestro\Kmaestro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2009-01-07 19:46 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 23:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-02-06 18:52 462935 ----a-w- c:\progra~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2007-12-01 00:26 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
2010-10-11 21:45 2839848 ----a-w- c:\program files\RayV\RayV\RayV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 20:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 09:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-05-16 10:42 932528 ----a-w- c:\documents and settings\Administrator\Application Data\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-11-10 11:44 1353080 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2005-08-31 17:11 2478080 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\ypager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"vToolbarUpdater13.2.0"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AVG Security Toolbar Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.dll"=
"c:\\Program Files\\GRETECH\\GomTVStreamer\\GomTVStreamerLive.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\UDK\\Fps Terminator\\Binaries\\Win32\\UDK.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"43795:TCP"= 43795:TCP:utorrent
"20919:TCP"= 20919:TCP:BitComet 20919 TCP
"20919:UDP"= 20919:UDP:BitComet 20919 UDP
"25565:TCP"= 25565:TCP:Minecraft Multiplayer
"27015:TCP"= 27015:TCP:Steam
"27014:TCP"= 27014:TCP:Steam Client
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/17/2012 5:24 PM 207792]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/9/2010 6:14 PM 697328]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/4/2012 3:37 PM 26984]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2/24/2010 4:27 PM 33856]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [11/26/2008 1:47 AM 576024]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [11/26/2008 1:45 AM 156160]
S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
S4 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/9/2012 10:00 AM 711112]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-20 14:46]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-20 14:46]
.
2012-11-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1276635300-2826307005-1031441524-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2012-10-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1276635300-2826307005-1031441524-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2447621&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - 2Shared Customized Web Search
FF - prefs.js: browser.startup.homepage - bbc.co.uk
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
HKLM-Run-amd_dc_opt - c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
HKLM-Run-ISTray - c:\knowhow\sdscanner\pctsTray.exe
Notify-avgrsstarter - (no file)
MSConfigStartUp-igndlm - c:\program files\Download Manager\DLM.exe
MSConfigStartUp-OpwareSE4 - c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe
AddRemove-BattlEye A2 Free - c:\program files\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-Veoh Web Player Beta - c:\program files\Veoh Networks\VeohWebPlayer\uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-12 15:10
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1276635300-2826307005-1031441524-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0b,82,b2,24,76,08,6c,c5,ee,ae,80,07,3a,94,e7,8a,5f,33,cf,19,da,18,00,
42,c1,93,b4,ec,1d,2c,61,a4,56,54,17,d2,2c,4d,f6,b1,0e,79,99,f3,1d,df,aa,dc,\
"??"=hex:22,11,6d,13,5d,78,2e,2a,4f,3f,43,f1,2a,61,06,69
.
[HKEY_USERS\S-1-5-21-1276635300-2826307005-1031441524-500\Software\SecuROM\License information*]
"datasecu"=hex:fa,bb,23,6e,34,e5,84,bb,ab,2b,bf,d0,5f,b9,a2,6d,18,ed,26,81,c5,
47,f9,15,a8,74,5d,69,7e,c3,21,c5,f0,b9,f0,b4,5a,3e,e1,9a,b9,23,79,4c,df,44,\
"rkeysecu"=hex:ec,12,aa,77,44,6f,a9,79,7e,41,f0,aa,1d,11,ba,e7
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
.
Completion time: 2012-11-12 15:12:51
ComboFix-quarantined-files.txt 2012-11-12 15:12
ComboFix2.txt 2008-12-15 15:52
ComboFix3.txt 2008-12-14 13:48
.
Pre-Run: 54,985,019,392 bytes free
Post-Run: 54,920,589,312 bytes free
.
- - End Of File - - 6A1C6464A86DAAAF8336E6FAD855602F
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12980
 
   Posted 11/12/2012 6:55 PM (GMT +3)    Quote: Trojan Affection Steam?Alert an admin about: Trojan Affection Steam?
Looks clean to me, please tell how things are running now ?


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Cool Trojan Bro
New Member


Date Joined Nov 2012
Total Posts : 4
 
   Posted 11/12/2012 7:19 PM (GMT +3)    Quote: Trojan Affection Steam?Alert an admin about: Trojan Affection Steam?
Steam is now open and everything's running fine now.

Also I'm glad I've found these programs that can help uncluttered your system.

Thank you for the help with all of that Touch smile

Post Edited (Cool Trojan Bro) : 11/12/2012 5:01:20 PM GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12980
 
   Posted 11/13/2012 10:46 AM (GMT +3)    Quote: Trojan Affection Steam?Alert an admin about: Trojan Affection Steam?
My pleasure smile



Start OTL
Click on the CleanUp! button.

You'll be asked if you want to Begin cleanup process? Select Yes.
This step removes the files, folders, and shortcuts created by the tools I had you download and run.

When done, you will be prompted to restart your computer. Please restart your computer.




I´ll lock this topic...........


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 
New Topic Locked Topic Printable version of : Trojan Affection Steam?
 
Forum Information
Currently it is Friday, October 24, 2014 11:34 AM (GMT +3)
There are a total of 60,692 posts in 13,332 threads.
In the last 3 days there were 1 new threads and 27 reply posts. View Active Threads
Who's Online
This forum has 36551 registered members. Please welcome our newest member, 270bajigur.
4 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Errors, warnings, infections, trojans and junk (25)10/24/2014 7:49:17 AM (Touch)
Bullguard firewall blocks dns requests for virtual machine clients (2)10/23/2014 9:24:02 PM (leok)