Trojan Affection Steam?

Posted 11/10/2012 6:15 PM
#94666
User avatar

Cool Trojan Bro Member

Date Joined Nov 2016
Total Posts: 4
I became aware of this problem yesterday when i couldn't access Steam. It got to 99% updating and then stopped and I got a Resident Shield alert that found "Trojan horse PSW.Generic.10.AIXT" filename "C:\Program Files\Steam\bin\FileSystem_Steam.dll". My system's also slower than usual. <br/> <br/>I've detected and deleted this and a similar Trojan several times with AVG and Malwarebytes but the problem is still there. <br/> <br/>I noticed once while I was running a Malwarebytes scan that my Resident Shield picked them up while the files were being scanned, but MB didn't: <br/> <br/>"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP677\A0501932.dll";"Trojan horse PSW.Generic10.AIXT";"Moved to Virus Vault" <br/>"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP677\A0501965.exe";"Trojan horse Proxy.AVIS";"Moved to Virus Vault" <br/>"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP677\A0502968.exe";"Trojan horse Proxy.AVIS";"Moved to Virus Vault" <br/>"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP677\A0503010.dll";"Trojan horse PSW.Generic10.AIXT";"Moved to Virus Vault" <br/>"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP677\A0503011.exe";"Trojan horse Proxy.AVIS";"Moved to Virus Vault" <br/>"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP678\A0503395.dll";"Trojan horse PSW.Generic10.AIXT";"Moved to Virus Vault" <br/>"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP680\A0503589.exe";"Trojan horse Proxy.AVIS";"Moved to Virus Vault" <br/>"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP682\A0504105.exe";"Trojan horse Proxy.AVIS";"Moved to Virus Vault" <br/>"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP682\A0504123.dll";"Trojan horse PSW.Generic10.AIXT";"Moved to Virus Vault" <br/> <br/>Anyway here are the logs: <br/> <br/>Malwarebytes Anti-Malware 1.65.1.1000 <br/>www.malwarebytes.org <br/> <br/>Database version: v2012.11.10.06 <br/> <br/>Windows XP Service Pack 3 x86 NTFS <br/>Internet Explorer 6.0.2900.3264 <br/>Administrator :: HP13888241712 [administrator] <br/> <br/>10/11/2012 15:28:02 <br/>mbam-log-2012-11-10 (15-28-02).txt <br/> <br/>Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|) <br/>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM <br/>Scan options disabled: P2P <br/>Objects scanned: 312267 <br/>Time elapsed: 1 hour(s), 28 minute(s), 34 second(s) <br/> <br/>Memory Processes Detected: 0 <br/>(No malicious items detected) <br/> <br/>Memory Modules Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Keys Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Values Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Data Items Detected: 0 <br/>(No malicious items detected) <br/> <br/>Folders Detected: 0 <br/>(No malicious items detected) <br/> <br/>Files Detected: 0 <br/>(No malicious items detected) <br/> <br/>(end) <br/> <br/>DDS (Ver_2012-11-07.01) - NTFS_x86 <br/>Internet Explorer: 6.0.2900.3264 BrowserJavaVersion: 10.7.2 <br/>Run by Administrator at 17:04:26 on 2012-11-10 <br/>Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2021 [GMT 0:00] <br/>. <br/>AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} <br/>. <br/>============== Running Processes ================ <br/>. <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\SMINST\Scheduler.exe <br/>C:\Program Files\btbb_wcm\McciTrayApp.exe <br/>C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe <br/>C:\PROGRA~1\AVG\AVG8\avgtray.exe <br/>C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>C:\Program Files\Canon\MyPrinter\BJMyPrt.exe <br/>C:\Program Files\AVG Secure Search\vprot.exe <br/>C:\Program Files\DivX\DivX Update\DivXUpdate.exe <br/>C:\WINDOWS\system32\RunDLL32.exe <br/>C:\PROGRA~1\Yahoo!\browser\ycommon.exe <br/>C:\Program Files\Common Files\Java\Java Update\jusched.exe <br/>C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe <br/>C:\PROGRA~1\AVG\AVG8\avgrsx.exe <br/>C:\PROGRA~1\AVG\AVG8\avgnsx.exe <br/>C:\Program Files\RayV\RayV\RayV.exe <br/>C:\Program Files\Java\jre7\bin\jqs.exe <br/>C:\Program Files\Common Files\Motive\McciCMService.exe <br/>C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe <br/>C:\Program Files\PDF Complete\pdfsvc.exe <br/>C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe <br/>C:\Program Files\CyberLink\Shared files\RichVideo.exe <br/>C:\PROGRA~1\AVG\AVG8\avgemc.exe <br/>C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe <br/>C:\Program Files\Windows Media Player\WMPNetwk.exe <br/>C:\Program Files\AVG\AVG8\avgcsrvx.exe <br/>C:\WINDOWS\System32\alg.exe <br/>C:\Program Files\Common Files\Java\Java Update\jucheck.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Program Files\Mozilla Firefox\plugin-container.exe <br/>C:\WINDOWS\system32\taskmgr.exe <br/>C:\WINDOWS\system32\wbem\wmiprvse.exe <br/>C:\WINDOWS\System32\svchost.exe -k netsvcs <br/>C:\WINDOWS\system32\svchost.exe -k NetworkService <br/>C:\WINDOWS\system32\svchost.exe -k LocalService <br/>C:\WINDOWS\System32\svchost.exe -k HTTPFilter <br/>C:\WINDOWS\system32\svchost.exe -k imgsvc <br/>. <br/>============== Pseudo HJT Report =============== <br/>. <br/>uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop <br/>uSearch Bar = hxxp://www.yahoo.com/search/ie.html <br/>mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop <br/>mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop <br/>uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop <br/>uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ <br/>uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll <br/>uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> <br/>dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> <br/>BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll <br/>BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll <br/>BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll <br/>BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll <br/>BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll <br/>BHO: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll <br/>BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> <br/>BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll <br/>BHO: AOL Toolbar BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll <br/>BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned> <br/>BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll <br/>BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll <br/>BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll <br/>BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - <orphaned> <br/>BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll <br/>BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - <orphaned> <br/>BHO: GretechBHO Class: {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - c:\program files\gretech\gompicker\GomPickerBHO.dll <br/>BHO: SidebarAutoLaunch Class: {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll <br/>TB: &Save Flash: {4064EA35-578D-4073-A834-C96D82CBCF40} - <br/>TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll <br/>TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll <br/>TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> <br/>TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll <br/>TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll <br/>TB: &Save Flash: {4064EA35-578D-4073-A834-C96D82CBCF40} - <br/>TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll <br/>uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe <br/>uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe <br/>uRun: [Octoshape Streaming Services] "c:\documents and settings\administrator\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun <br/>uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" <br/>uRun: [RayV] c:\program files\rayv\rayv\RayV.exe /background <br/>uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork <br/>uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet <br/>uRun: [Steam] "c:\program files\steam\Steam.exe" -silent <br/>mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe <br/>mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe <br/>mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe <br/>mRun: [Recguard] c:\windows\sminst\Recguard.exe <br/>mRun: [Reminder] c:\windows\creator\Remind_XP.exe <br/>mRun: [Scheduler] c:\windows\sminst\Scheduler.exe <br/>mRun: [btbb_wcm_McciTrayApp] c:\program files\btbb_wcm\McciTrayApp.exe <br/>mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe <br/>mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe <br/>mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe" <br/>mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon <br/>mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon <br/>mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot <br/>mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe" <br/>mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime <br/>mRun: [vProt] "c:\program files\avg secure search\vprot.exe" <br/>mRun: [ISTray] "c:\knowhow\sdscanner\pctsTray.exe" <br/>mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 <br/>mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW <br/>mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup <br/>mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login <br/>mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet <br/>mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 <br/>mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" <br/>mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" <br/>mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent <br/>dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE <br/>StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe <br/>StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe <br/>StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\btbroa~1.lnk - c:\program files\bt home hub\help\bin\matcli.exe <br/>uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 <br/>uPolicies-Explorer: NoDrives = dword:0 <br/>uPolicies-Explorer: NoDriveAutoRun = dword:67108863 <br/>mPolicies-Explorer: NoDrives = dword:0 <br/>mPolicies-Explorer: NoDriveAutoRun = dword:67108863 <br/>mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 <br/>mPolicies-System: EnableLUA = dword:0 <br/>mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 <br/>mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 <br/>mPolicies-Explorer: NoDriveAutoRun = dword:67108863 <br/>IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-gb\local\search.html <br/>IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 <br/>IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll <br/>IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll <br/>IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll <br/>IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll <br/>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} <br/>IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll <br/>IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe <br/>IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe <br/>. <br/>INFO: HKCU has more than 50 listed domains. <br/>If you wish to scan all of them, select the 'Force scan all domains' option. <br/>. <br/>. <br/>INFO: HKLM has more than 50 listed domains. <br/> If you wish to scan all of them, select the 'Force scan all domains' option. <br/>. <br/>DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab <br/>DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB <br/>DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab <br/>TCP: NameServer = 192.168.1.254 <br/>TCP: Interfaces\{8E0C87BC-10EE-4EF6-89E3-EF5F48018F23} : DHCPNameServer = 192.168.1.254 <br/>Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll <br/>Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll <br/>Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll <br/>Notify: avgrsstarter - avgrsstx.dll <br/>Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll <br/>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll <br/>LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg <br/>Hosts: 127.0.0.1 www.spywareinfo.com <br/>. <br/>================= FIREFOX =================== <br/>. <br/>FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\yyr3iipu.default\ <br/>FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2447621&SearchSource=3&q={searchTerms} <br/>FF - prefs.js: browser.search.selectedEngine - 2Shared Customized Web Search <br/>FF - prefs.js: browser.startup.homepage - bbc.co.uk <br/>FF - prefs.js: network.proxy.http - 127.0.0.1 <br/>FF - prefs.js: network.proxy.http_port - 50370 <br/>FF - prefs.js: network.proxy.type - 4 <br/>FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll <br/>FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npoctoshape.dll <br/>FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll <br/>FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll <br/>FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll <br/>FF - plugin: c:\program files\common files\gretech\npgomtvx_nie.dll <br/>FF - plugin: c:\program files\common files\motive\npMotive.dll <br/>FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll <br/>FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll <br/>FF - plugin: c:\program files\download manager\npfpdlm.dll <br/>FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll <br/>FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll <br/>FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll <br/>FF - plugin: c:\program files\rayv\rayv\plugins\nprayvplugin.dll <br/>FF - plugin: c:\windows\system32\npDeployJava1.dll <br/>FF - plugin: c:\windows\system32\npptools.dll <br/>. <br/>============= SERVICES / DRIVERS =============== <br/>. <br/>R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-1-17 207792] <br/>R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-26 335240] <br/>R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-26 27784] <br/>R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-26 108552] <br/>R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-4 26984] <br/>R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-2-24 33856] <br/>R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-26 908056] <br/>R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-26 297752] <br/>R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-11-26 576024] <br/>R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-11-26 156160] <br/>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] <br/>S3 cpuz130;cpuz130;\??\c:\docume~1\admini~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz130\cpuz_x32.sys [?] <br/>S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] <br/>S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 167264] <br/>S4 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-9 711112] <br/>. <br/>=============== File Associations =============== <br/>. <br/>ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe" <br/>ShellExec: pdfvista.exe: Open="c:\program files\pdf complete\pdfvista.exe" <br/>ShellExec: pdfvista.exe: Read="c:\program files\pdf complete\pdfvista.exe" <br/>. <br/>=============== Created Last 30 ================ <br/>. <br/>2012-11-10 12:27:47 -------- d-----w- c:\program files\CCleaner <br/>2012-11-10 12:12:25 -------- d-----w- c:\program files\trend micro <br/>2012-11-10 11:44:23 -------- d-----w- c:\program files\Steam <br/>2012-11-09 23:27:32 -------- d-----w- c:\program files\common files\Steam <br/>2012-11-07 19:09:03 -------- d-----w- c:\program files\iPod <br/>2012-11-07 19:08:55 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1 <br/>2012-11-07 19:03:23 -------- d-----w- c:\program files\Bonjour <br/>2012-11-03 18:12:10 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Sun <br/>2012-11-03 18:09:52 746984 ----a-w- c:\windows\system32\deployJava1.dll <br/>2012-11-03 18:09:51 821736 ----a-w- c:\windows\system32\npDeployJava1.dll <br/>2012-11-03 18:09:39 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll <br/>2012-10-22 14:02:15 -------- d-----w- c:\program files\BT Broadband Desktop Help <br/>2012-10-22 14:01:37 -------- d-----w- c:\program files\Citrix <br/>2012-10-22 14:01:28 -------- d-----w- c:\program files\BTHomeHub <br/>. <br/>==================== Find3M ==================== <br/>. <br/>2012-11-09 09:59:32 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys <br/>2012-11-03 18:09:21 143872 ----a-w- c:\windows\system32\javacpl.cpl <br/>2012-09-29 19:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2012-08-21 13:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys <br/>2012-08-21 13:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll <br/>2008-11-26 23:16:01 7332072 -c--a-w- c:\program files\Firefox Setup 3.0.4.exe <br/>2008-11-26 20:52:06 50689960 ----a-w- c:\program files\avg_free_stf_en_8_173a1373.exe <br/>. <br/>============= FINISH: 17:05:01.84 =============== <br/> <br/> <br/> <br/>. <br/>UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. <br/>IF REQUESTED, ZIP IT UP & ATTACH IT <br/>. <br/>DDS (Ver_2012-11-07.01) <br/>. <br/>Microsoft Windows XP Professional <br/>Boot Device: \Device\HarddiskVolume1 <br/>Install Date: 11/26/2008 7:11:03 AM <br/>System Uptime: 11/10/2012 12:48:23 PM (5 hours ago) <br/>. <br/>Motherboard: OEM_MB | | 2A72h <br/>Processor: AMD Athlon(tm) Dual Core Processor 4450B | Socket AM2 | 1801/200mhz <br/>. <br/>==== Disk Partitions ========================= <br/>. <br/>C: is FIXED (NTFS) - 139 GiB total, 46.807 GiB free. <br/>D: is FIXED (NTFS) - 10 GiB total, 2.534 GiB free. <br/>E: is CDROM () <br/>F: is CDROM () <br/>G: is Removable <br/>. <br/>==== Disabled Device Manager Items ============= <br/>. <br/>==== System Restore Points =================== <br/>. <br/>RP667: 10/10/2012 11:03:12 PM - Software Distribution Service 3.0 <br/>RP668: 10/17/2012 4:28:23 AM - System Checkpoint <br/>RP669: 10/23/2012 6:24:13 AM - System Checkpoint <br/>RP670: 10/25/2012 5:06:01 PM - System Checkpoint <br/>RP671: 10/27/2012 3:24:42 AM - System Checkpoint <br/>RP672: 10/30/2012 3:29:33 AM - System Checkpoint <br/>RP673: 11/3/2012 6:12:24 AM - System Checkpoint <br/>RP674: 11/3/2012 6:09:09 PM - Installed Java 7 Update 7 <br/>RP675: 11/3/2012 8:49:45 PM - Installed DirectX <br/>RP676: 11/6/2012 11:09:59 AM - System Checkpoint <br/>RP677: 11/7/2012 7:06:39 PM - Installed iTunes <br/>RP678: 11/9/2012 11:07:27 PM - Removed TubeHunter Ultra <br/>RP679: 11/9/2012 11:19:21 PM - Removed Hi-Command <br/>RP680: 11/9/2012 11:20:01 PM - Removed Steam <br/>RP681: 11/9/2012 11:27:30 PM - Installed Steam <br/>RP682: 11/9/2012 11:34:08 PM - Removed Steam <br/>RP683: 11/10/2012 11:44:21 AM - Installed Steam <br/>. <br/>==== Installed Programs ====================== <br/>. <br/>Adobe AIR <br/>Adobe Flash Player 10 ActiveX <br/>Adobe Flash Player 11 Plugin <br/>Adobe Reader 8 <br/>Adobe Shockwave Player 11.5 <br/>Afterfall InSanity DEMO <br/>Amazon Kindle <br/>AMD Processor Driver <br/>AOL Toolbar 5.0 <br/>Apple Application Support <br/>Apple Mobile Device Support <br/>Apple Software Update <br/>µTorrent <br/>AVG Free 8.5 <br/>AVG Security Toolbar <br/>BattlEye (A2Free) Uninstall <br/>Bonjour <br/>Braid (Version 1.015) <br/>BT Broadband Desktop Help <br/>BT Broadband Talk Softphone 2.0 <br/>BT Home Hub <br/>BT Wireless Connection Manager <br/>BT Yahoo! Applications <br/>BTHomeHub <br/>Canon MP Navigator EX 1.0 <br/>Canon MP520 series <br/>Canon MP520 series User Registration <br/>Canon My Printer <br/>Canon Utilities Easy-PhotoPrint EX <br/>Canon Utilities Solution Menu <br/>CCleaner <br/>CoreAAC <br/>CoView <br/>CutePDF Writer 2.8 <br/>CyberLink PowerDVD 8 <br/>Deus Ex - Game of the Year Edition <br/>Direct Show Ogg Vorbis Filter (remove only) <br/>DivX Converter <br/>DivX Plus DirectShow Filters <br/>DivX Setup <br/>DivX Version Checker <br/>Download Manager 2.3.10 <br/>Droid Assault (remove only) <br/>dtvblizzcon Player <br/>Dual-Core Optimizer <br/>Fps Terminator <br/>Fraps <br/>Futuremark SystemInfo <br/>GOG.com Downloader version 3.0.40 <br/>GOM PICKER <br/>GOM Player <br/>GOM Video Converter <br/>GOMTV Plug-in <br/>GOMTV Streamer <br/>Google Chrome <br/>Google Update Helper <br/>GoToAssist Corporate <br/>Half-Life Uplink <br/>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) <br/>Hotfix for Windows XP (KB952117-v2) <br/>Hotfix for Windows XP (KB954550-v5) <br/>HP Backup and Recovery Manager <br/>HP Help and Support <br/>iTunes <br/>Java 7 Update 7 <br/>Java Auto Updater <br/>Java(TM) 6 Update 16 <br/>Java(TM) 6 Update 2 <br/>Junk Mail filter update <br/>LDC Driving Test Complete <br/>League of Legends <br/>LucasArts' Grim Fandango <br/>Machinarium <br/>Malwarebytes Anti-Malware version 1.65.1.1000 <br/>Microsoft .NET Framework 1.1 <br/>Microsoft .NET Framework 2.0 Service Pack 2 <br/>Microsoft .NET Framework 3.0 Service Pack 2 <br/>Microsoft .NET Framework 3.5 SP1 <br/>Microsoft .NET Framework 4 Client Profile <br/>Microsoft .NET Framework 4 Extended <br/>Microsoft Application Error Reporting <br/>Microsoft Chart Controls for Microsoft .NET Framework 3.5 <br/>Microsoft Choice Guard <br/>Microsoft Compression Client Pack 1.0 for Windows XP <br/>Microsoft Games for Windows - LIVE <br/>Microsoft Games for Windows - LIVE Redistributable <br/>Microsoft IntelliPoint 6.3 <br/>Microsoft Internationalized Domain Names Mitigation APIs <br/>Microsoft National Language Support Downlevel APIs <br/>Microsoft Office 2007 Service Pack 3 (SP3) <br/>Microsoft Office Excel MUI (English) 2007 <br/>Microsoft Office File Validation Add-In <br/>Microsoft Office Home and Student 2007 <br/>Microsoft Office OneNote MUI (English) 2007 <br/>Microsoft Office PowerPoint MUI (English) 2007 <br/>Microsoft Office Proof (English) 2007 <br/>Microsoft Office Proof (French) 2007 <br/>Microsoft Office Proof (Spanish) 2007 <br/>Microsoft Office Proofing (English) 2007 <br/>Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) <br/>Microsoft Office Shared MUI (English) 2007 <br/>Microsoft Office Shared Setup Metadata MUI (English) 2007 <br/>Microsoft Office Word MUI (English) 2007 <br/>Microsoft Silverlight <br/>Microsoft Software Update for Web Folders (English) 12 <br/>Microsoft User-Mode Driver Framework Feature Pack 1.0 <br/>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 <br/>Microsoft Visual C++ 2005 Redistributable <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 <br/>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 <br/>Microsoft Windows Media Video 9 VCM <br/>Microsoft XNA Framework Redistributable 3.0 <br/>Microsoft XNA Framework Redistributable 3.1 <br/>Microsoft XNA Framework Redistributable 4.0 <br/>mIRC <br/>MouseMaestro Input Device Driver V2.0.1-145AA MUL <br/>Mozilla Firefox 16.0.2 (x86 en-US) <br/>Mozilla Maintenance Service <br/>MPEG2 Codec(libmpeg2/mad) <br/>MSVCRT <br/>MSXML 6.0 Parser (KB925673) <br/>Mumble 1.2.3 <br/>NVIDIA Control Panel 296.10 <br/>NVIDIA Display Control Panel <br/>NVIDIA Drivers <br/>NVIDIA Graphics Driver 296.10 <br/>NVIDIA HD Audio Driver 1.3.12.0 <br/>NVIDIA Install Application <br/>NVIDIA nView 136.18 <br/>NVIDIA nView Desktop Manager <br/>NVIDIA PhysX <br/>NVIDIA PhysX System Software 9.12.0213 <br/>NVIDIA Update 1.7.11 <br/>NVIDIA Update Components <br/>Octoshape add-in for Adobe Flash Player <br/>Octoshape Streaming Services <br/>OpenAL <br/>PDF Complete <br/>Peggle Deluxe 1.01 <br/>Penumbra <br/>Pocket RAR documentation <br/>PunkBuster Services <br/>Quake Live Mozilla Plugin <br/>QuickTime <br/>RayViewer 1.08 <br/>Real Alternative 1.9.0 <br/>RealNetworks - Microsoft Visual C++ 2008 Runtime <br/>RealPlayer <br/>Realtek High Definition Audio Driver <br/>RealUpgrade 1.1 <br/>S.T.A.L.K.E.R. - Shadow of Chernobyl <br/>Save Flash 4.2 <br/>ScanSoft OmniPage SE 4 <br/>Security Update for CAPICOM (KB931906) <br/>Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition <br/>Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition <br/>Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition <br/>Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition <br/>Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition <br/>Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition <br/>Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition <br/>Segoe UI <br/>Skype Click to Call <br/>Skype™ 5.5 <br/>Spotify <br/>Spybot - Search & Destroy <br/>Steam <br/>System Requirements Lab <br/>System Requirements Lab CYRI <br/>TeamSpeak 2 RC2 <br/>TrueCrypt <br/>UE3Redist <br/>Unity Web Player <br/>Update for 2007 Microsoft Office System (KB967642) <br/>USB 2.0 Card Reader <br/>VC80CRTRedist - 8.0.50727.6195 <br/>Ventrilo Client <br/>Ventrilo Server <br/>Veoh Web Player <br/>VLC media player 0.9.9 <br/>WebFldrs XP <br/>Windows Genuine Advantage Validation Tool (KB892130) <br/>Windows Live Call <br/>Windows Live Communications Platform <br/>Windows Live Essentials <br/>Windows Live Mail <br/>Windows Live Messenger <br/>Windows Live Sign-in Assistant <br/>Windows Live Upload Tool <br/>Windows Media Format 11 runtime <br/>Windows Media Player 11 <br/>Windows Presentation Foundation <br/>Windows XP Service Pack 3 <br/>WinRAR archiver <br/>XML Paper Specification Shared Components Pack 1.0 <br/>Yahoo! Toolbar <br/>YouTube Downloader 2.5.5 <br/>. <br/>==== Event Viewer Messages From Past Week ======== <br/>. <br/>11/9/2012 9:29:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} <br/>11/9/2012 9:28:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} <br/>11/9/2012 9:28:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT oreans32 RasAcd Rdbss sptd Tcpip truecrypt <br/>11/9/2012 9:28:21 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. <br/>11/9/2012 9:28:21 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>11/9/2012 9:28:21 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>11/9/2012 9:28:21 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. <br/>11/9/2012 9:28:21 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>11/9/2012 9:28:21 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>11/9/2012 9:27:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} <br/>11/9/2012 9:27:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} <br/>11/9/2012 9:27:26 PM, error: sptd [4] - Driver detected an internal error in its data structures for . <br/>11/9/2012 7:27:51 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period. <br/>11/9/2012 2:44:00 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s). <br/>11/9/2012 2:39:50 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'FileSystem_Steam.dll' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. <br/>11/9/2012 10:55:58 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bd03d83b, parameter3 b13e25e4, parameter4 00000000. <br/>11/9/2012 10:13:37 AM, error: Service Control Manager [7034] - The vToolbarUpdater13.2.0 service terminated unexpectedly. It has done this 1 time(s). <br/>11/9/2012 10:13:34 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). <br/>11/8/2012 9:37:20 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). <br/>11/4/2012 10:07:56 AM, error: Service Control Manager [7034] - The vToolbarUpdater12.2.6 service terminated unexpectedly. It has done this 1 time(s). <br/>11/4/2012 10:07:54 AM, error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s). <br/>11/4/2012 10:07:53 AM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s). <br/>11/4/2012 10:07:53 AM, error: Service Control Manager [7034] - The Hi-Rez Studios Authenticate and Update Service service terminated unexpectedly. It has done this 1 time(s). <br/>11/4/2012 10:07:50 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>11/4/2012 10:05:05 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool. <br/>11/3/2012 8:39:07 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>11/3/2012 4:12:10 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>11/3/2012 4:12:04 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s). <br/>. <br/>==== End Of File =========================== <br/> <br/> <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.4 <br/>Scan saved at 17:27:42, on 10/11/2012 <br/>Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\SMINST\Scheduler.exe <br/>C:\Program Files\btbb_wcm\McciTrayApp.exe <br/>C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe <br/>C:\PROGRA~1\AVG\AVG8\avgtray.exe <br/>C:\Program Files\Canon\MyPrinter\BJMyPrt.exe <br/>C:\Program Files\AVG Secure Search\vprot.exe <br/>C:\WINDOWS\system32\RunDLL32.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe <br/>C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe <br/>C:\PROGRA~1\Yahoo!\browser\ycommon.exe <br/>C:\Program Files\RayV\RayV\RayV.exe <br/>C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Common Files\Motive\McciCMService.exe <br/>C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe <br/>C:\PROGRA~1\AVG\AVG8\avgrsx.exe <br/>C:\PROGRA~1\AVG\AVG8\avgnsx.exe <br/>C:\Program Files\PDF Complete\pdfsvc.exe <br/>C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe <br/>C:\Program Files\CyberLink\Shared files\RichVideo.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\PROGRA~1\AVG\AVG8\avgemc.exe <br/>C:\Program Files\AVG\AVG8\avgcsrvx.exe <br/>C:\WINDOWS\system32\taskmgr.exe <br/>C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>C:\WINDOWS\system32\msiexec.exe <br/>C:\Program Files\Java\jre7\bin\jqs.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Documents and Settings\Administrator\Desktop\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local <br/>R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll <br/>R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) <br/>O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll <br/>O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll <br/>O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) <br/>O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll <br/>O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll <br/>O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll <br/>O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll <br/>O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file) <br/>O2 - BHO: GomPicker - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files\GRETECH\GomPicker\GomPickerBHO.dll <br/>O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll <br/>O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll <br/>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll <br/>O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (file missing) <br/>O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll <br/>O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe <br/>O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe <br/>O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe <br/>O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe <br/>O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe <br/>O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe <br/>O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe <br/>O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe <br/>O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe <br/>O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" <br/>O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon <br/>O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon <br/>O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot <br/>O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime <br/>O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" <br/>O4 - HKLM\..\Run: [ISTray] "C:\KnowHow\sdscanner\pctsTray.exe" <br/>O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 <br/>O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login <br/>O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet <br/>O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 <br/>O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe <br/>O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun <br/>O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" <br/>O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background <br/>O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork <br/>O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet <br/>O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent <br/>O4 - HKUS\S-1-5-21-1276635300-2826307005-1031441524-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') <br/>O4 - HKUS\S-1-5-21-1276635300-2826307005-1031441524-1006\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet (User 'UpdatusUser') <br/>O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') <br/>O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') <br/>O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe <br/>O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe <br/>O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe <br/>O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-GB\local\search.html <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll <br/>O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll <br/>O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll <br/>O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll <br/>O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL <br/>O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com <br/>O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll <br/>O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll <br/>O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll <br/>O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) <br/>O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll <br/>O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll <br/>O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe <br/>O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe <br/>O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe <br/>O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe <br/>O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe <br/>O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe <br/>O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe <br/>O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe <br/>O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe <br/>O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe <br/>O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe <br/>O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE <br/> <br/>-- <br/>End of file - 14229 bytes
Posted 11/11/2012 8:52 PM
#94674
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello Cool Trojan Bro :smile: <br/> <br/> <br/> <br/> <br/>[blue]"C:\Program Files\Steam\bin\FileSystem_Steam.dll"[/blue]. <<<--- Sounds like a false positive <br/> <br/> <br/>[blue] My system's also slower than usual. [/blue] <br/> <br/> <br/>Ok, We need to get a comprehensive report of what is present in your system. <br/> <br/> <br/> <br/>Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe <br/>• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. <br/>• Select All Users <br/>• Under the Custom Scan box paste this in: <br/> <br/>netsvcs <br/>activex <br/>msconfig <br/>%SYSTEMDRIVE%\*. <br/>%PROGRAMFILES%\*.exe <br/>%LOCALAPPDATA%\*.exe <br/>%windir%\Installer\*.* <br/>%windir%\system32\tasks\*.* <br/>%systemroot%\Fonts\*.exe <br/>%systemroot%\*. /mp /s <br/>/md5start <br/>consrv.dll <br/>explorer.exe <br/>winlogon.exe <br/>regedit.exe <br/>Userinit.exe <br/>svchost.exe <br/>MRESP50.SYS <br/>CBPSp50.sys <br/>/md5stop <br/>C:\Windows\assembly\tmp\U\*.* /s <br/>%Temp%\smtmp\1\*.* <br/>%Temp%\smtmp\2\*.* <br/>%Temp%\smtmp\3\*.* <br/>%Temp%\smtmp\4\*.* <br/>>C:\commands.txt echo list vol /raw /hide /c <br/>/wait <br/>>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c <br/>/wait <br/>type c:\diskreport.txt /c <br/>/wait <br/>erase c:\commands.txt /hide /c <br/>/wait <br/>erase c:\diskreport.txt /hide /c <br/>CREATERESTOREPOINT <br/> <br/> <br/> <br/>• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. <br/>• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. <br/> <br/>• Post both logs

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/12/2012 9:27 AM
#94676
User avatar

Cool Trojan Bro Member

Date Joined Nov 2016
Total Posts: 4
Thanks for replying, here are the two logs from OTL. <br/> <br/> <br/>OTL logfile created on: 12/11/2012 09:10:51 - Run 1 <br/>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop <br/>Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation <br/>Internet Explorer (Version = 6.0.2900.3264) <br/>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy <br/> <br/>3.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.08% Memory free <br/>4.84 Gb Paging File | 4.26 Gb Available in Paging File | 88.01% Paging File free <br/>Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files <br/>Drive C: | 139.04 Gb Total Space | 50.14 Gb Free Space | 36.06% Space Free | Partition Type: NTFS <br/>Drive D: | 10.00 Gb Total Space | 2.53 Gb Free Space | 25.33% Space Free | Partition Type: NTFS <br/>Drive G: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.79% Space Free | Partition Type: FAT32 <br/> <br/>Computer Name: HP13888241712 | User Name: Administrator | Logged in as Administrator. <br/>Boot Mode: Normal | Scan Mode: Current user <br/>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days <br/> <br/>[color=#E56717]========== Processes (SafeList) ==========[/color] <br/> <br/>PRC - [2012/11/12 09:09:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe <br/>PRC - [2012/11/10 17:21:03 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe <br/>PRC - [2012/11/09 09:59:29 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe <br/>PRC - [2012/02/29 23:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe <br/>PRC - [2011/10/18 10:41:46 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe <br/>PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe <br/>PRC - [2010/10/11 21:45:44 | 002,839,848 | ---- | M] (RayV) -- C:\Program Files\RayV\RayV\RayV.exe <br/>PRC - [2009/08/29 15:30:44 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe <br/>PRC - [2009/08/29 15:30:43 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe <br/>PRC - [2009/08/29 15:30:40 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe <br/>PRC - [2009/08/29 15:30:31 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe <br/>PRC - [2009/08/29 15:30:09 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe <br/>PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe <br/>PRC - [2009/01/08 13:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe <br/>PRC - [2008/04/07 15:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe <br/>PRC - [2007/12/01 00:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe <br/>PRC - [2007/04/03 16:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE <br/>PRC - [2006/12/08 06:45:41 | 000,543,232 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\btbb_wcm\McciTrayApp.exe <br/>PRC - [2006/07/21 16:19:46 | 000,129,536 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe <br/>PRC - [2006/07/10 10:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe <br/>PRC - [2006/03/03 13:18:10 | 000,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe <br/>PRC - [2006/02/02 16:59:32 | 000,192,512 | ---- | M] () -- C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe <br/> <br/> <br/>[color=#E56717]========== Modules (No Company Name) ==========[/color] <br/> <br/>MOD - [2012/11/09 09:59:32 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll <br/>MOD - [2012/11/09 09:59:31 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll <br/>MOD - [2012/11/09 09:59:29 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe <br/>MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll <br/>MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll <br/>MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll <br/>MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe <br/>MOD - [2010/10/11 21:45:38 | 001,680,915 | ---- | M] () -- C:\Program Files\RayV\RayV\avcodec-tiny3-52.dll <br/>MOD - [2010/10/11 21:45:38 | 000,102,931 | ---- | M] () -- C:\Program Files\RayV\RayV\avutil-tiny3-50.dll <br/>MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll <br/>MOD - [2006/07/10 10:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe <br/>MOD - [2006/02/23 16:13:02 | 000,038,912 | ---- | M] () -- C:\Program Files\Yahoo!\browser\YCommonPS.dll <br/>MOD - [2006/02/02 16:59:32 | 000,192,512 | ---- | M] () -- C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe <br/>MOD - [2006/02/02 16:59:32 | 000,057,344 | ---- | M] () -- C:\Program Files\BT Home Hub\Help\bin\AsstCatalog.dll <br/> <br/> <br/>[color=#E56717]========== Services (SafeList) ==========[/color] <br/> <br/>SRV - [2012/11/10 17:21:03 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) <br/>SRV - [2012/11/09 09:59:28 | 000,711,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) <br/>SRV - [2012/10/27 15:45:14 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) <br/>SRV - [2012/10/22 14:01:47 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist) <br/>SRV - [2012/02/29 23:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) <br/>SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) <br/>SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) <br/>SRV - [2009/08/29 15:30:31 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc) <br/>SRV - [2009/08/29 15:30:09 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) <br/>SRV - [2008/04/07 15:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) <br/>SRV - [2003/05/19 16:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService) <br/> <br/> <br/>[color=#E56717]========== Driver Services (SafeList) ==========[/color] <br/> <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) <br/>DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) <br/>DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) <br/>DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130) <br/>DRV - File not found [Kernel | System | Stopped] -- -- (Changer) <br/>DRV - File not found [Kernel | On_Demand | Unknown] -- -- (adpsr3oj) <br/>DRV - [2012/11/09 09:59:32 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp) <br/>DRV - [2012/01/17 12:45:58 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) <br/>DRV - [2011/05/26 15:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) <br/>DRV - [2011/05/26 15:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) <br/>DRV - [2010/12/01 13:57:05 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt) <br/>DRV - [2010/07/09 18:14:20 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) <br/>DRV - [2010/05/30 15:45:20 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) <br/>DRV - [2010/05/30 15:45:19 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) <br/>DRV - [2010/02/24 16:27:08 | 000,033,856 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32) <br/>DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) <br/>DRV - [2009/08/29 15:30:44 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86) <br/>DRV - [2009/08/29 15:30:44 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86) <br/>DRV - [2009/05/09 10:04:35 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX) <br/>DRV - [2008/06/04 14:05:58 | 000,156,160 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR) <br/>DRV - [2007/11/06 17:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) <br/>DRV - [2007/07/30 12:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) <br/>DRV - [2007/07/30 12:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) <br/>DRV - [2007/06/29 22:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD) <br/>DRV - [2006/12/08 06:45:41 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5) <br/>DRV - [2006/07/02 06:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) <br/>DRV - [2006/03/24 16:53:07 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5) <br/>DRV - [2004/08/04 00:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) <br/>DRV - [2004/08/04 00:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) <br/>DRV - [2004/08/04 00:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) <br/>DRV - [2004/08/04 00:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) <br/>DRV - [2004/08/04 00:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) <br/>DRV - [2004/08/04 00:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) <br/>DRV - [2004/08/04 00:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) <br/>DRV - [2004/08/04 00:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) <br/>DRV - [2004/08/04 00:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) <br/>DRV - [2004/08/04 00:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) <br/>DRV - [2004/08/04 00:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) <br/>DRV - [2004/08/04 00:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) <br/>DRV - [2004/08/04 00:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) <br/>DRV - [2004/08/04 00:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) <br/>DRV - [2004/08/04 00:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) <br/>DRV - [2002/04/04 05:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi) <br/> <br/> <br/>[color=#E56717]========== Standard Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== Internet Explorer ==========[/color] <br/> <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop <br/>IE - HKLM\..\SearchScopes,DefaultScope = {D8C323FA-4384-4FBD-B702-56EC42EFE512} <br/>IE - HKLM\..\SearchScopes\{D8C323FA-4384-4FBD-B702-56EC42EFE512}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmdtie7-en-gb <br/> <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html <br/>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop <br/>IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found <br/>IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) <br/>IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} <br/>IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} <br/>IE - HKCU\..\SearchScopes\{52C44DD7-36D1-467A-AEBC-5492674D4CA4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 <br/>IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={0B1AB77F-4989-40C6-860B-203F03D316A3}&mid=29f91fa93287ec5ac038cfcac4d6badc-50548208d82a7e4dce6fd3caa3c5e637daa1c79f&lang=us&ds=AVG&pr=fr&d=2012-01-03 17:13:08&v=12.2.5.32&sap=dsp&q={searchTerms} <br/>IE - HKCU\..\SearchScopes\{D8C323FA-4384-4FBD-B702-56EC42EFE512}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmdtie7-en-gb <br/>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local <br/> <br/>[color=#E56717]========== FireFox ==========[/color] <br/> <br/>FF - prefs.js..browser.search.defaultthis.engineName: "2Shared Customized Web Search" <br/>FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2447621&SearchSource=3&q={searchTerms}" <br/>FF - prefs.js..browser.search.selectedEngine: "2Shared Customized Web Search" <br/>FF - prefs.js..browser.search.suggest.enabled: false <br/>FF - prefs.js..browser.startup.homepage: "bbc.co.uk" <br/>FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 <br/>FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6 <br/>FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 <br/>FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.3.9 <br/>FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 <br/>FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 <br/>FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 <br/>FF - prefs.js..network.proxy.http: "127.0.0.1" <br/>FF - prefs.js..network.proxy.http_port: 50370 <br/>FF - prefs.js..network.proxy.type: 4 <br/>FF - user.js - File not found <br/> <br/>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () <br/>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found <br/>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () <br/>FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () <br/>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) <br/>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found <br/>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) <br/>FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment) <br/>FF - HKLM\Software\MozillaPlugins\@gomtv.com/gomtvx-plugin: C:\Program Files\Common Files\GRETECH\npgomtvx_nie.dll ((주) 그래텍) <br/>FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll ( ) <br/>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV) <br/>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found <br/>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found <br/>FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll File not found <br/>FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYVerInfo.dll File not found <br/>FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) <br/>FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll File not found <br/> <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/09 10:01:25 | 000,000,000 | ---D | M] <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/25 14:07:07 | 000,000,000 | ---D | M] <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 15:45:15 | 000,000,000 | ---D | M] <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/03 18:09:51 | 000,000,000 | ---D | M] <br/> <br/>[2009/05/03 20:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions <br/>[2009/05/03 20:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org <br/>[2012/11/03 17:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions <br/>[2012/05/03 11:29:07 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} <br/>[2009/11/11 22:10:06 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions\firefox@tvunetworks.com <br/>[2012/09/13 06:56:33 | 000,621,521 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions\testpilot@labs.mozilla.com.xpi <br/>[2012/11/03 17:18:31 | 000,530,388 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi <br/>[2012/07/25 16:18:38 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi <br/>[2010/10/12 18:00:58 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\searchplugins\conduit.xml <br/>[2012/10/27 15:45:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions <br/>[2012/10/27 15:45:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} <br/>[2012/03/25 14:07:07 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 <br/>[2012/10/27 15:45:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll <br/>[2012/11/09 10:00:05 | 000,003,572 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml <br/>[2012/08/30 07:23:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml <br/>[2012/10/12 17:10:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml <br/> <br/>[color=#E56717]========== Chrome ==========[/color] <br/> <br/>CHR - homepage: http://www.google.com <br/>CHR - default_search_provider: Google (Enabled) <br/>CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} <br/>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} <br/>CHR - homepage: http://www.google.com <br/>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer <br/>CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll <br/>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll <br/>CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll <br/>CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll <br/>CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npoctoshape.dll <br/>CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll <br/>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll <br/>CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll <br/>CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll <br/>CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll <br/>CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL <br/>CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll <br/>CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll <br/>CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll <br/>CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll <br/>CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll <br/>CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll <br/>CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll <br/>CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll <br/>CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll <br/>CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll <br/>CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll <br/>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll <br/>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll <br/>CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll <br/>CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll <br/>CHR - plugin: QUAKE LIVE (Enabled) = C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll <br/>CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll <br/>CHR - plugin: gomtvx NIE Module (Enabled) = C:\Program Files\Common Files\GRETECH\npgomtvx_nie.dll <br/>CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll <br/>CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll <br/>CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll <br/>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll <br/>CHR - plugin: RayV Plugin (Enabled) = C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll <br/>CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll <br/>CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll <br/>CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll <br/>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll <br/>CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ <br/>CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ <br/>CHR - Extension: AVG Secure Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\ <br/>CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ <br/>CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ <br/> <br/>O1 HOSTS File: ([2011/04/05 11:46:54 | 000,424,767 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts <br/>O1 - Hosts: 127.0.0.1 localhost <br/>O1 - Hosts: 127.0.0.1 www.007guard.com <br/>O1 - Hosts: 127.0.0.1 007guard.com <br/>O1 - Hosts: 127.0.0.1 008i.com <br/>O1 - Hosts: 127.0.0.1 www.008k.com <br/>O1 - Hosts: 127.0.0.1 008k.com <br/>O1 - Hosts: 127.0.0.1 www.00hq.com <br/>O1 - Hosts: 127.0.0.1 00hq.com <br/>O1 - Hosts: 127.0.0.1 010402.com <br/>O1 - Hosts: 127.0.0.1 www.032439.com <br/>O1 - Hosts: 127.0.0.1 032439.com <br/>O1 - Hosts: 127.0.0.1 www.0scan.com <br/>O1 - Hosts: 127.0.0.1 0scan.com <br/>O1 - Hosts: 127.0.0.1 1000gratisproben.com <br/>O1 - Hosts: 127.0.0.1 www.1000gratisproben.com <br/>O1 - Hosts: 127.0.0.1 www.1001namen.com <br/>O1 - Hosts: 127.0.0.1 1001namen.com <br/>O1 - Hosts: 127.0.0.1 www.100888290cs.com <br/>O1 - Hosts: 127.0.0.1 100888290cs.com <br/>O1 - Hosts: 127.0.0.1 www.100sexlinks.com <br/>O1 - Hosts: 127.0.0.1 100sexlinks.com <br/>O1 - Hosts: 127.0.0.1 www.10sek.com <br/>O1 - Hosts: 127.0.0.1 10sek.com <br/>O1 - Hosts: 127.0.0.1 www.1-2005-search.com <br/>O1 - Hosts: 127.0.0.1 1-2005-search.com <br/>O1 - Hosts: 14640 more lines... <br/>O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) <br/>O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) <br/>O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) <br/>O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) <br/>O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) <br/>O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. <br/>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) <br/>O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) <br/>O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. <br/>O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () <br/>O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) <br/>O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. <br/>O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) <br/>O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found. <br/>O2 - BHO: (GretechBHO Class) - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files\GRETECH\GomPicker\GomPickerBHO.dll (Gretech Corporation) <br/>O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.) <br/>O3 - HKLM\..\Toolbar: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll File not found <br/>O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () <br/>O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) <br/>O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) <br/>O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. <br/>O3 - HKCU\..\Toolbar\ShellBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) <br/>O3 - HKCU\..\Toolbar\WebBrowser: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll File not found <br/>O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) <br/>O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) <br/>O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe File not found <br/>O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) <br/>O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) <br/>O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.) <br/>O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) <br/>O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) <br/>O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () <br/>O4 - HKLM..\Run: [ISTray] "C:\KnowHow\sdscanner\pctsTray.exe" File not found <br/>O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) <br/>O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) <br/>O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () <br/>O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" File not found <br/>O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) <br/>O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe () <br/>O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () <br/>O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe () <br/>O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe () <br/>O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe () <br/>O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe () <br/>O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) <br/>O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () <br/>O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.) <br/>O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork File not found <br/>O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) <br/>O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV) <br/>O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) <br/>O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) <br/>O4 - HKCU..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" File not found <br/>O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe () <br/>O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe () <br/>O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe (Motive Communications, Inc.) <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 <br/>O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 <br/>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 <br/>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 <br/>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 <br/>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 <br/>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 <br/>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 <br/>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 <br/>O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-GB\local\search.html () <br/>O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) <br/>O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) <br/>O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) <br/>O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) <br/>O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) <br/>O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) <br/>O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB (Reg Error: Key error.) <br/>O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.) <br/>O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.) <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E0C87BC-10EE-4EF6-89E3-EF5F48018F23}: DhcpNameServer = 192.168.1.254 <br/>O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) <br/>O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) <br/>O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () <br/>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) <br/>O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) <br/>O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) <br/>O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) <br/>O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) <br/>O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp <br/>O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp <br/>O32 - HKLM CDRom: AutoRun - 1 <br/>O34 - HKLM BootExecute: (autocheck autochk *) <br/>O35 - HKLM\..comfile [open] -- "%1" %* <br/>O35 - HKLM\..exefile [open] -- "%1" %* <br/>O37 - HKLM\...com [@ = ComFile] -- "%1" %* <br/>O37 - HKLM\...exe [@ = exefile] -- "%1" %* <br/>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) <br/>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) <br/> <br/>NetSvcs: 6to4 - File not found <br/>NetSvcs: Ias - File not found <br/>NetSvcs: Iprip - File not found <br/>NetSvcs: Irmon - File not found <br/>NetSvcs: NWCWorkstation - File not found <br/>NetSvcs: Nwsapagent - File not found <br/>NetSvcs: WmdmPmSp - File not found <br/> <br/>ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. <br/>ActiveX: {0430454D-47EA-11D6-AD58-00010333D0AD} - Reg Error: Value error. <br/>ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM <br/>ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) <br/>ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error. <br/>ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow <br/>ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 <br/>ActiveX: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - Reg Error: Value error. <br/>ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation <br/>ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll <br/>ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. <br/>ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. <br/>ActiveX: {34C70B70-8FFF-4179-A2EB-0819FFA38126} - Reg Error: Value error. <br/>ActiveX: {362A5D5E-1BF6-4CA7-87B4-B6686F3C1BEF} - Reg Error: Value error. <br/>ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java <br/>ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack <br/>ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe <br/>ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework <br/>ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) <br/>ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring <br/>ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install <br/>ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT <br/>ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow <br/>ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX <br/>ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx <br/>ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help <br/>ActiveX: {4a01a151-e350-4839-a2b8-03dc39d6c8e5} - Reg Error: Value error. <br/>ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf <br/>ActiveX: {4DAEE2D4-A471-42AC-97A2-4C2A79C77648} - Reg Error: Value error. <br/>ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes <br/>ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 <br/>ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser <br/>ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW <br/>ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools <br/>ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements <br/>ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player <br/>ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access <br/>ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework <br/>ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders <br/>ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install <br/>ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll <br/>ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe <br/>ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install <br/>ActiveX: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - Reg Error: Value error. <br/>ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding <br/>ActiveX: {944D7BBB-EA1D-43EB-B49F-F517CF2B6C9D} - Reg Error: Value error. <br/>ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error. <br/>ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error. <br/>ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework <br/>ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework <br/>ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts <br/>ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework <br/>ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler <br/>ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 <br/>ActiveX: {CE734E0A-D6D3-4A92-AF9F-499BE87A025C} - Reg Error: Value error. <br/>ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player <br/>ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help <br/>ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. <br/>ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface <br/>ActiveX: {F53CE5EC-1CD8-41EB-A220-F8EA247E3A06} - Reg Error: Value error. <br/>ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe <br/>ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP <br/>ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE <br/>ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP <br/>ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE <br/> <br/>MsConfig - Services: "PnkBstrA" <br/>MsConfig - Services: "vToolbarUpdater13.2.0" <br/>MsConfig - Services: "iPod Service" <br/>MsConfig - Services: "Bonjour Service" <br/>MsConfig - Services: "AVG Security Toolbar Service" <br/>MsConfig - StartUpReg: btbb_McciTrayApp - hkey= - key= - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent) <br/>MsConfig - StartUpReg: BtcMouseMaestro - hkey= - key= - C:\Program Files\MMaestro\KMaestro.exe (BTC) <br/>MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) <br/>MsConfig - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) <br/>MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) <br/>MsConfig - StartUpReg: Motive SmartBridge - hkey= - key= - C:\Program Files\BT Home Hub\Help\SmartBridge\BTHelpNotifier.exe (Motive) <br/>MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) <br/>MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.) <br/>MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) <br/>MsConfig - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Documents and Settings\Administrator\Application Data\Spotify\Data\SpotifyWebHelper.exe () <br/>MsConfig - State: "system.ini" - 0 <br/>MsConfig - State: "win.ini" - 0 <br/>MsConfig - State: "bootini" - 0 <br/>MsConfig - State: "services" - 2 <br/>MsConfig - State: "startup" - 2 <br/> <br/>CREATERESTOREPOINT <br/>Restore point Set: OTL Restore Point <br/> <br/>[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] <br/> <br/>[2012/11/12 09:09:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe <br/>[2012/11/12 09:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink PowerDVD 8 <br/>[2012/11/10 17:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java <br/>[2012/11/10 17:21:25 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe <br/>[2012/11/10 17:21:25 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl <br/>[2012/11/10 17:21:16 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe <br/>[2012/11/10 17:21:16 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe <br/>[2012/11/10 17:21:16 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll <br/>[2012/11/10 17:07:51 | 000,895,464 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\Administrator\Desktop\jxpiinstall(2).exe <br/>[2012/11/10 17:03:32 | 000,688,901 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr <br/>[2012/11/10 13:50:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent <br/>[2012/11/10 12:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner <br/>[2012/11/10 12:27:18 | 004,011,968 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup324.exe <br/>[2012/11/10 12:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro <br/>[2012/11/10 12:12:25 | 000,000,000 | ---D | C] -- C:\rsit <br/>[2012/11/10 11:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\backups <br/>[2012/11/10 11:51:33 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe <br/>[2012/11/10 11:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\Steam <br/>[2012/11/10 11:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steam <br/>[2012/11/09 23:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam <br/>[2012/11/07 19:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes <br/>[2012/11/07 19:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod <br/>[2012/11/07 19:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 <br/>[2012/11/07 19:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update <br/>[2012/11/07 19:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer <br/>[2012/11/07 19:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour <br/>[2012/11/03 18:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun <br/>[2012/11/03 18:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun <br/>[2012/11/03 18:09:52 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll <br/>[2012/11/03 18:09:51 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll <br/>[2012/10/27 15:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox <br/>[2012/10/22 14:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BT Broadband Desktop Help <br/>[2012/10/22 14:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\BT Broadband Desktop Help <br/>[2012/10/22 14:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix <br/>[2012/10/22 14:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BTHomeHub <br/>[2012/10/22 14:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\BTHomeHub <br/>[2008/11/26 23:15:45 | 007,332,072 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.4.exe <br/>[2008/11/26 20:51:56 | 050,689,960 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_173a1373.exe <br/>[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] <br/>[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] <br/> <br/>[color=#E56717]========== Files - Modified Within 30 Days ==========[/color] <br/> <br/>[2012/11/12 09:12:46 | 060,433,531 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm <br/>[2012/11/12 09:09:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe <br/>[2012/11/12 09:08:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job <br/>[2012/11/12 09:08:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job <br/>[2012/11/12 09:05:53 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\tasks\ce32849a.job <br/>[2012/11/12 09:05:53 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1276635300-2826307005-1031441524-500.job <br/>[2012/11/12 09:05:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat <br/>[2012/11/12 09:05:45 | 3219,640,320 | -HS- | M] () -- C:\hiberfil.sys <br/>[2012/11/11 09:49:54 | 000,042,060 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\raKs9.jpg <br/>[2012/11/10 17:21:04 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll <br/>[2012/11/10 17:21:02 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll <br/>[2012/11/10 17:21:02 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe <br/>[2012/11/10 17:21:02 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe <br/>[2012/11/10 17:21:02 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe <br/>[2012/11/10 17:21:02 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl <br/>[2012/11/10 17:21:01 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll <br/>[2012/11/10 17:07:52 | 000,895,464 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Administrator\Desktop\jxpiinstall(2).exe <br/>[2012/11/10 17:03:32 | 000,688,901 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr <br/>[2012/11/10 13:55:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk <br/>[2012/11/10 12:46:33 | 000,000,293 | RHS- | M] () -- C:\boot.ini <br/>[2012/11/10 12:27:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk <br/>[2012/11/10 12:27:19 | 004,011,968 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup324.exe <br/>[2012/11/10 12:15:09 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe <br/>[2012/11/10 12:11:52 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RSIT.exe <br/>[2012/11/10 11:44:27 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk <br/>[2012/11/09 23:26:23 | 001,606,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SteamInstall.msi <br/>[2012/11/09 20:14:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk <br/>[2012/11/09 09:59:32 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys <br/>[2012/11/08 20:36:52 | 001,200,649 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\abstract-fractal-gears.jpg <br/>[2012/11/02 21:19:20 | 000,038,026 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LiveLeak-dot-com-9d93e9b8b90e-110620_meghan_mccain_ap_465.jpg <br/>[2012/11/02 14:42:15 | 000,098,015 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HjIWI.jpg <br/>[2012/10/30 23:25:55 | 000,222,135 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cSd0k.jpg <br/>[2012/10/30 22:55:23 | 000,353,918 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JcumG.png <br/>[2012/10/28 10:33:13 | 000,102,127 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wU1Zx.jpg <br/>[2012/10/28 10:11:28 | 000,502,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat <br/>[2012/10/28 10:11:28 | 000,087,802 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat <br/>[2012/10/27 11:48:19 | 000,485,523 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\beJWq.jpg <br/>[2012/10/25 07:46:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1276635300-2826307005-1031441524-500.job <br/>[2012/10/22 14:04:14 | 000,001,087 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BT Broadband Desktop Help.lnk <br/>[2012/10/22 14:01:32 | 000,001,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BT email & search.LNK <br/>[2012/10/22 14:01:32 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My BT.LNK <br/>[2012/10/22 13:48:46 | 000,111,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini <br/>[2012/10/20 23:50:18 | 000,502,606 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ko9pj.jpg <br/>[2012/10/19 11:39:00 | 000,509,601 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LzuQu.gif <br/>[2012/10/18 15:30:58 | 000,699,708 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\vaRRv.png <br/>[2012/10/17 12:25:13 | 000,075,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\xRsr5.jpg <br/>[2012/10/16 18:34:58 | 000,767,015 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\6R215.jpg <br/>[2012/10/15 10:04:03 | 000,058,552 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\710ZP.jpg <br/>[2012/10/15 10:03:51 | 000,225,746 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\6mW9L.jpg <br/>[2012/10/14 11:34:26 | 000,089,583 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sZUSg.jpg <br/>[2012/10/13 17:44:56 | 000,191,167 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\J4dYo.jpg <br/>[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] <br/>[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] <br/> <br/>[color=#E56717]========== Files Created - No Company Name ==========[/color] <br/> <br/>[2012/11/11 09:49:52 | 000,042,060 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\raKs9.jpg <br/>[2012/11/10 12:27:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk <br/>[2012/11/10 12:11:51 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RSIT.exe <br/>[2012/11/10 11:44:27 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk <br/>[2012/11/09 23:26:22 | 001,606,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SteamInstall.msi <br/>[2012/11/09 22:53:47 | 3219,640,320 | -HS- | C] () -- C:\hiberfil.sys <br/>[2012/11/09 21:23:48 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk <br/>[2012/11/08 20:36:51 | 001,200,649 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\abstract-fractal-gears.jpg <br/>[2012/11/02 21:19:20 | 000,038,026 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LiveLeak-dot-com-9d93e9b8b90e-110620_meghan_mccain_ap_465.jpg <br/>[2012/11/02 14:42:15 | 000,098,015 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HjIWI.jpg <br/>[2012/10/30 23:25:54 | 000,222,135 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cSd0k.jpg <br/>[2012/10/30 22:55:22 | 000,353,918 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JcumG.png <br/>[2012/10/28 10:33:12 | 000,102,127 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wU1Zx.jpg <br/>[2012/10/27 11:48:14 | 000,485,523 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\beJWq.jpg <br/>[2012/10/22 14:04:14 | 000,001,087 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BT Broadband Desktop Help.lnk <br/>[2012/10/22 14:01:32 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BT email & search.LNK <br/>[2012/10/22 14:01:32 | 000,001,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My BT.LNK <br/>[2012/10/20 23:50:17 | 000,502,606 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ko9pj.jpg <br/>[2012/10/19 11:38:58 | 000,509,601 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LzuQu.gif <br/>[2012/10/18 15:30:57 | 000,699,708 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vaRRv.png <br/>[2012/10/17 12:25:12 | 000,075,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\xRsr5.jpg <br/>[2012/10/16 18:34:57 | 000,767,015 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\6R215.jpg <br/>[2012/10/15 10:04:03 | 000,058,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\710ZP.jpg <br/>[2012/10/15 10:03:50 | 000,225,746 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\6mW9L.jpg <br/>[2012/10/14 11:34:21 | 000,089,583 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sZUSg.jpg <br/>[2012/10/13 17:44:55 | 000,191,167 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\J4dYo.jpg <br/>[2012/10/13 17:05:46 | 000,199,667 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\aaaaaaaaaa.png <br/>[2012/01/18 09:13:06 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin <br/>[2012/01/18 09:13:06 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin <br/>[2012/01/18 09:13:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin <br/>[2012/01/18 09:12:25 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data <br/>[2012/01/17 19:48:36 | 000,261,232 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat <br/>[2011/11/15 04:01:36 | 000,002,107 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ENGDEMO.2011-10.pl.nicolasgames_BF405A2F-B199-4DA6-895E-3ADBB640ACA6.swidtag <br/>[2011/10/15 13:25:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat <br/>[2011/09/28 09:44:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat <br/>[2011/07/11 10:46:32 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll <br/>[2011/02/17 07:58:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat <br/>[2010/12/26 18:13:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat <br/>[2010/04/01 21:03:59 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrator\test.ps <br/>[2010/02/27 18:01:23 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini <br/>[2009/10/13 10:57:56 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\Administrator\Administrator.rar <br/>[2009/03/01 22:11:10 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys <br/>[2008/12/03 23:25:39 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini <br/> <br/>[color=#E56717]========== ZeroAccess Check ==========[/color] <br/> <br/>[2008/11/26 01:39:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] <br/>"" = %SystemRoot%\system32\shdocvw.dll -- [2007/12/01 00:25:54 | 001,498,112 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Apartment <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] <br/>"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2007/12/01 00:25:36 | 000,472,064 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Free <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] <br/>"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2007/12/01 00:26:08 | 000,273,920 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Both <br/> <br/>[color=#E56717]========== Custom Scans ==========[/color] <br/> <br/>[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color] <br/>[2012/11/11 16:57:56 | 000,000,000 | -H-D | M] -- C:\$AVG8.VAULT$ <br/>[2010/06/01 02:10:08 | 000,000,000 | ---D | M] -- C:\057acc536f83d14fdcc3b2dc0e46 <br/>[2008/12/14 13:44:18 | 000,000,000 | RHSD | M] -- C:\cmdcons <br/>[2008/12/15 15:52:48 | 000,000,000 | ---D | M] -- C:\ComboFix <br/>[2008/11/26 01:47:29 | 000,000,000 | ---D | M] -- C:\Compaq <br/>[2012/11/10 17:21:35 | 000,000,000 | -HSD | M] -- C:\Config.Msi <br/>[2009/11/08 23:50:47 | 000,000,000 | ---D | M] -- C:\CoView <br/>[2012/05/19 11:32:53 | 000,000,000 | ---D | M] -- C:\DirectX9 <br/>[2012/05/19 11:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings <br/>[2010/05/04 20:50:00 | 000,000,000 | ---D | M] -- C:\Downloads <br/>[2011/07/23 10:58:38 | 000,000,000 | ---D | M] -- C:\Fraps <br/>[2011/10/13 01:11:37 | 000,000,000 | ---D | M] -- C:\Games <br/>[2008/11/26 01:48:12 | 000,000,000 | -H-D | M] -- C:\hp <br/>[2008/11/26 01:32:26 | 000,000,000 | ---D | M] -- C:\i386 <br/>[2012/01/17 20:21:48 | 000,000,000 | ---D | M] -- C:\KnowHow <br/>[2008/11/30 16:11:21 | 000,000,000 | RH-D | M] -- C:\MSOCache <br/>[2012/05/19 11:08:47 | 000,000,000 | ---D | M] -- C:\NVIDIA <br/>[2012/11/10 17:09:51 | 000,000,000 | R--D | M] -- C:\Program Files <br/>[2008/12/15 15:52:46 | 000,000,000 | ---D | M] -- C:\Qoobox <br/>[2008/12/15 16:38:15 | 000,000,000 | -HSD | M] -- C:\RECYCLER <br/>[2012/11/10 12:12:43 | 000,000,000 | ---D | M] -- C:\rsit <br/>[2011/09/28 13:17:54 | 000,000,000 | ---D | M] -- C:\Sierra <br/>[2011/11/26 20:45:19 | 000,000,000 | ---D | M] -- C:\StealthBastard <br/>[2011/07/16 13:51:55 | 000,000,000 | -HSD | M] -- C:\System Volume Information <br/>[2008/11/26 08:47:35 | 000,000,000 | -H-D | M] -- C:\system.sav <br/>[2011/08/20 14:59:54 | 000,000,000 | ---D | M] -- C:\UDK <br/>[2012/11/10 17:51:14 | 000,000,000 | ---D | M] -- C:\WINDOWS <br/> <br/>[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color] <br/>[2008/11/26 20:52:06 | 050,689,960 | ---- | M] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_173a1373.exe <br/>[2008/11/26 23:16:01 | 007,332,072 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.4.exe <br/>Invalid Environment Variable: LOCALAPPDATA <br/> <br/>[color=#A23BEC]< %windir%\Installer\*.* >[/color] <br/>[2011/07/07 13:03:35 | 003,537,408 | ---- | M] () -- C:\WINDOWS\Installer\10b482.msi <br/>[2012/05/10 15:41:54 | 020,343,808 | R--- | M] () -- C:\WINDOWS\Installer\114abad.msp <br/>[2012/02/17 07:45:24 | 002,299,392 | R--- | M] () -- C:\WINDOWS\Installer\114abbd.msp <br/>[2012/04/28 20:43:58 | 008,459,264 | R--- | M] () -- C:\WINDOWS\Installer\114abcf.msp <br/>[2012/03/15 01:24:28 | 001,795,584 | R--- | M] () -- C:\WINDOWS\Installer\114abe1.msp <br/>[2012/04/04 21:38:16 | 003,620,864 | R--- | M] () -- C:\WINDOWS\Installer\114abf3.msp <br/>[2012/04/28 20:44:02 | 009,586,176 | R--- | M] () -- C:\WINDOWS\Installer\114ac06.msp <br/>[2012/04/28 20:44:02 | 009,101,824 | R--- | M] () -- C:\WINDOWS\Installer\114ac18.msp <br/>[2012/04/04 21:38:44 | 002,831,360 | R--- | M] () -- C:\WINDOWS\Installer\114ac2a.msp <br/>[2011/11/30 14:02:21 | 001,655,808 | ---- | M] () -- C:\WINDOWS\Installer\1177d0.msi <br/>[2010/10/23 15:29:53 | 000,058,880 | ---- | M] () -- C:\WINDOWS\Installer\1329229.msi <br/>[2010/10/23 15:30:00 | 000,083,456 | ---- | M] () -- C:\WINDOWS\Installer\1329234.msi <br/>[2010/10/23 15:30:10 | 000,149,504 | ---- | M] () -- C:\WINDOWS\Installer\1329241.msi <br/>[2010/10/23 15:30:24 | 000,027,136 | ---- | M] () -- C:\WINDOWS\Installer\132924e.msi <br/>[2010/10/23 15:30:45 | 000,429,056 | ---- | M] () -- C:\WINDOWS\Installer\1329278.msi <br/>[2010/10/23 15:31:19 | 000,022,016 | ---- | M] () -- C:\WINDOWS\Installer\1329281.msi <br/>[2010/10/23 15:31:31 | 000,735,744 | ---- | M] () -- C:\WINDOWS\Installer\13292b0.msi <br/>[2010/08/13 17:00:36 | 009,404,928 | R--- | M] () -- C:\WINDOWS\Installer\13bbb37.msp <br/>[2010/08/13 17:02:20 | 002,545,664 | R--- | M] () -- C:\WINDOWS\Installer\13bbb49.msp <br/>[2010/08/13 16:59:46 | 008,182,272 | R--- | M] () -- C:\WINDOWS\Installer\13bbb5b.msp <br/>[2010/08/13 17:01:28 | 008,993,280 | R--- | M] () -- C:\WINDOWS\Installer\13bbb6d.msp <br/>[2006/04/26 00:41:10 | 000,264,704 | ---- | M] () -- C:\WINDOWS\Installer\14804.msi <br/>[2010/02/21 00:03:34 | 004,472,832 | R--- | M] () -- C:\WINDOWS\Installer\16e059.msp <br/>[2010/03/22 15:03:14 | 011,732,992 | R--- | M] () -- C:\WINDOWS\Installer\16e06b.msp <br/>[2008/11/30 16:11:47 | 002,397,184 | ---- | M] () -- C:\WINDOWS\Installer\17ba8c.msi <br/>[2008/11/30 16:11:56 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\17ba92.msi <br/>[2008/11/30 16:12:02 | 001,713,152 | ---- | M] () -- C:\WINDOWS\Installer\17ba98.msi <br/>[2008/11/30 16:12:08 | 001,640,960 | ---- | M] () -- C:\WINDOWS\Installer\17ba9e.msi <br/>[2008/11/30 16:12:16 | 001,640,960 | ---- | M] () -- C:\WINDOWS\Installer\17baa4.msi <br/>[2008/11/30 16:12:21 | 000,048,128 | ---- | M] () -- C:\WINDOWS\Installer\17baad.msi <br/>[2008/11/30 16:12:31 | 000,513,024 | ---- | M] () -- C:\WINDOWS\Installer\17bab3.msi <br/>[2008/11/30 16:12:40 | 000,516,608 | ---- | M] () -- C:\WINDOWS\Installer\17baba.msi <br/>[2008/11/30 16:12:49 | 000,506,880 | ---- | M] () -- C:\WINDOWS\Installer\17bac1.msi <br/>[2008/11/30 16:12:54 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\17bac7.msi <br/>[2008/11/30 16:12:58 | 001,652,736 | ---- | M] () -- C:\WINDOWS\Installer\17bacd.msi <br/>[2008/11/30 16:13:59 | 009,613,312 | ---- | M] () -- C:\WINDOWS\Installer\17bad8.msi <br/>[2012/11/03 18:12:39 | 000,022,528 | ---- | M] () -- C:\WINDOWS\Installer\1aebdf7.msi <br/>[2011/03/17 17:38:30 | 020,308,992 | R--- | M] () -- C:\WINDOWS\Installer\1c46276.msp <br/>[2011/11/13 18:44:14 | 000,751,616 | ---- | M] () -- C:\WINDOWS\Installer\1d71040.msi <br/>[2009/10/16 07:09:28 | 002,518,016 | R--- | M] () -- C:\WINDOWS\Installer\1edcfd5.msp <br/>[2010/09/02 17:56:09 | 020,303,872 | R--- | M] () -- C:\WINDOWS\Installer\1f5f216.msp <br/>[2009/03/05 11:06:04 | 000,140,288 | ---- | M] () -- C:\WINDOWS\Installer\204f0f.msi <br/>[2012/11/07 19:01:06 | 001,547,776 | ---- | M] () -- C:\WINDOWS\Installer\209f8d4.msi <br/>[2012/11/07 19:03:26 | 002,002,432 | ---- | M] () -- C:\WINDOWS\Installer\209f919.msi <br/>[2012/11/07 19:04:36 | 001,716,736 | ---- | M] () -- C:\WINDOWS\Installer\209f97c.msi <br/>[2012/11/07 19:06:05 | 001,769,984 | ---- | M] () -- C:\WINDOWS\Installer\209fa0a.msi <br/>[2012/11/07 19:10:55 | 004,736,000 | ---- | M] () -- C:\WINDOWS\Installer\20a0203.msi <br/>[2010/03/26 21:11:13 | 000,892,416 | ---- | M] () -- C:\WINDOWS\Installer\219686f.msi <br/>[2009/07/29 02:00:40 | 000,248,832 | ---- | M] () -- C:\WINDOWS\Installer\22985ce.msi <br/>[2011/01/06 00:42:03 | 020,304,384 | R--- | M] () -- C:\WINDOWS\Installer\2309be8.msp <br/>[2011/07/21 12:34:34 | 003,456,000 | R--- | M] () -- C:\WINDOWS\Installer\2592df.msp <br/>[2012/09/14 08:08:12 | 000,022,016 | ---- | M] () -- C:\WINDOWS\Installer\25bcf8.msi <br/>[2009/02/01 19:48:19 | 000,683,008 | ---- | M] () -- C:\WINDOWS\Installer\2627b8.msi <br/>[2007/06/01 15:54:52 | 009,626,624 | R--- | M] () -- C:\WINDOWS\Installer\268a96b.msp <br/>[2008/04/18 14:56:18 | 006,215,680 | R--- | M] () -- C:\WINDOWS\Installer\268a97e.msp <br/>[2008/07/29 23:18:28 | 011,933,184 | R--- | M] () -- C:\WINDOWS\Installer\268a991.msp <br/>[2008/05/21 00:45:28 | 005,246,976 | R--- | M] () -- C:\WINDOWS\Installer\268a9a8.msp <br/>[2007/10/14 23:43:14 | 229,852,160 | R--- | M] () -- C:\WINDOWS\Installer\268aa29.msp <br/>[2007/10/14 23:43:32 | 021,981,184 | R--- | M] () -- C:\WINDOWS\Installer\268aa31.msp <br/>[2007/10/14 23:43:46 | 005,749,760 | R--- | M] () -- C:\WINDOWS\Installer\268aa51.msp <br/>[2007/10/14 23:43:38 | 012,743,168 | R--- | M] () -- C:\WINDOWS\Installer\268aa63.msp <br/>[2007/10/14 23:46:48 | 000,324,608 | R--- | M] () -- C:\WINDOWS\Installer\268aa75.msp <br/>[2007/10/14 23:44:28 | 000,324,608 | R--- | M] () -- C:\WINDOWS\Installer\268aa7c.msp <br/>[2008/04/11 18:48:24 | 006,774,272 | R--- | M] () -- C:\WINDOWS\Installer\268aa90.msp <br/>[2008/09/24 12:05:44 | 016,381,440 | R--- | M] () -- C:\WINDOWS\Installer\268aaa2.msp <br/>[2008/07/29 23:20:14 | 011,767,296 | R--- | M] () -- C:\WINDOWS\Installer\268aab4.msp <br/>[2008/08/11 11:49:32 | 022,457,344 | R--- | M] () -- C:\WINDOWS\Installer\268aac6.msp <br/>[2008/04/11 18:07:02 | 013,257,728 | R--- | M] () -- C:\WINDOWS\Installer\268aada.msp <br/>[2008/08/11 11:51:14 | 015,916,544 | R--- | M] () -- C:\WINDOWS\Installer\268aaec.msp <br/>[2008/02/15 08:54:20 | 009,736,192 | R--- | M] () -- C:\WINDOWS\Installer\268aafd.msp <br/>[2009/10/16 06:08:48 | 002,237,952 | R--- | M] () -- C:\WINDOWS\Installer\284aaf9.msp <br/>[2009/12/23 03:00:42 | 000,049,664 | ---- | M] () -- C:\WINDOWS\Installer\28a2bbe.msi <br/>[2009/12/23 03:00:43 | 015,709,696 | R--- | M] () -- C:\WINDOWS\Installer\28a2bc5.msp <br/>[2010/09/30 02:00:29 | 020,303,872 | R--- | M] () -- C:\WINDOWS\Installer\2966893.msp <br/>[2010/05/31 00:13:45 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\29e9aa4.msi <br/>[2010/06/01 13:02:00 | 000,035,840 | ---- | M] () -- C:\WINDOWS\Installer\2aba6f.msi <br/>[2009/04/04 17:09:34 | 015,190,016 | R--- | M] () -- C:\WINDOWS\Installer\2c0a3ef.msp <br/>[2009/04/04 11:36:32 | 021,390,848 | R--- | M] () -- C:\WINDOWS\Installer\2c0a406.msp <br/>[2009/04/04 17:08:40 | 343,058,432 | R--- | M] () -- C:\WINDOWS\Installer\2c0a51d.msp <br/>[2009/04/04 17:10:08 | 009,926,144 | R--- | M] () -- C:\WINDOWS\Installer\2c0a529.msp <br/>[2009/04/04 17:10:16 | 007,888,384 | R--- | M] () -- C:\WINDOWS\Installer\2c0a534.msp <br/>[2009/04/04 17:10:24 | 001,282,560 | R--- | M] () -- C:\WINDOWS\Installer\2c0a53d.msp <br/>[2010/06/01 02:07:08 | 000,088,576 | ---- | M] () -- C:\WINDOWS\Installer\2d36a6b.msi <br/>[2008/07/30 00:31:05 | 006,083,072 | R--- | M] () -- C:\WINDOWS\Installer\2d36a6c.msp <br/>[2008/07/30 00:37:10 | 000,911,360 | R--- | M] () -- C:\WINDOWS\Installer\2d36a6d.msp <br/>[2008/07/30 00:33:06 | 000,506,368 | R--- | M] () -- C:\WINDOWS\Installer\2d36a6e.msp <br/>[2008/07/30 00:43:20 | 001,013,248 | R--- | M] () -- C:\WINDOWS\Installer\2d36a6f.msp <br/>[2008/07/30 00:35:08 | 000,553,472 | R--- | M] () -- C:\WINDOWS\Installer\2d36a70.msp <br/>[2008/07/30 00:39:12 | 003,403,264 | R--- | M] () -- C:\WINDOWS\Installer\2d36a71.msp <br/>[2008/07/30 00:41:15 | 006,487,040 | R--- | M] () -- C:\WINDOWS\Installer\2d36a72.msp <br/>[2008/07/30 00:29:02 | 002,926,080 | R--- | M] () -- C:\WINDOWS\Installer\2d36a73.msp <br/>[2008/07/30 00:45:26 | 002,543,616 | R--- | M] () -- C:\WINDOWS\Installer\2d36a74.msp <br/>[2010/06/01 02:11:14 | 000,137,728 | ---- | M] () -- C:\WINDOWS\Installer\2d91ea0.msi <br/>[2008/07/30 04:07:18 | 000,023,040 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea1.msp <br/>[2008/07/30 02:18:47 | 003,376,640 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea2.msp <br/>[2008/07/30 03:22:41 | 004,137,984 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea3.msp <br/>[2008/07/30 02:34:27 | 001,448,448 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea4.msp <br/>[2008/07/30 04:15:12 | 003,697,664 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea5.msp <br/>[2008/07/30 02:40:37 | 000,291,840 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea6.msp <br/>[2008/07/30 03:37:55 | 002,679,808 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea7.msp <br/>[2008/07/30 04:28:09 | 000,278,016 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea8.msp <br/>[2008/07/30 02:26:24 | 001,043,456 | R--- | M] () -- C:\WINDOWS\Installer\2d91ea9.msp <br/>[2008/07/30 04:23:11 | 000,250,880 | R--- | M] () -- C:\WINDOWS\Installer\2d91eaa.msp <br/>[2010/06/01 02:12:28 | 000,648,192 | ---- | M] () -- C:\WINDOWS\Installer\2daa4eb.msi <br/>[2011/11/29 01:10:55 | 000,178,176 | ---- | M] () -- C:\WINDOWS\Installer\2e1a7a4.msi <br/>[2008/11/26 20:53:20 | 000,337,408 | ---- | M] () -- C:\WINDOWS\Installer\2e867b.msi <br/>[2010/07/23 01:03:24 | 000,338,432 | R--- | M] () -- C:\WINDOWS\Installer\2ebe696.msp <br/>[2010/06/04 02:00:30 | 020,242,432 | R--- | M] () -- C:\WINDOWS\Installer\2ec6f64.msp <br/>[2010/05/31 01:45:24 | 071,266,304 | ---- | M] () -- C:\WINDOWS\Installer\2f1dab5.msi <br/>[2009/05/16 01:29:06 | 000,846,336 | ---- | M] () -- C:\WINDOWS\Installer\3004a09.msi <br/>[2009/05/16 01:29:38 | 000,824,832 | ---- | M] () -- C:\WINDOWS\Installer\3004a59.msi <br/>[2012/07/18 14:53:36 | 010,937,344 | R--- | M] () -- C:\WINDOWS\Installer\30bacdd.msp <br/>[2012/07/18 14:46:48 | 000,593,408 | R--- | M] () -- C:\WINDOWS\Installer\30bacef.msp <br/>[2012/07/25 15:59:06 | 011,032,064 | R--- | M] () -- C:\WINDOWS\Installer\30bad01.msp <br/>[2012/06/26 17:03:12 | 003,875,840 | R--- | M] () -- C:\WINDOWS\Installer\30bad13.msp <br/>[2012/07/18 14:54:24 | 002,831,360 | R--- | M] () -- C:\WINDOWS\Installer\312ec26.msp <br/>[2012/07/25 15:57:08 | 002,532,864 | R--- | M] () -- C:\WINDOWS\Installer\312ec38.msp <br/>[2012/07/18 14:55:46 | 009,585,664 | R--- | M] () -- C:\WINDOWS\Installer\312ec4b.msp <br/>[2012/10/22 14:01:37 | 000,083,456 | ---- | M] () -- C:\WINDOWS\Installer\3175b3.msi <br/>[2010/05/18 11:55:39 | 000,301,056 | ---- | M] () -- C:\WINDOWS\Installer\318a5.msi <br/>[2010/05/18 11:59:42 | 001,299,456 | ---- | M] () -- C:\WINDOWS\Installer\318ab.msi <br/>[2011/03/27 12:39:12 | 000,092,672 | ---- | M] () -- C:\WINDOWS\Installer\31c78e.msi <br/>[2011/03/27 12:39:42 | 000,018,944 | ---- | M] () -- C:\WINDOWS\Installer\31c799.msi <br/>[2012/04/04 21:37:40 | 002,540,544 | R--- | M] () -- C:\WINDOWS\Installer\330cf45.msp <br/>[2012/06/19 11:54:40 | 002,239,488 | R--- | M] () -- C:\WINDOWS\Installer\330cf57.msp <br/>[2010/04/24 16:10:46 | 008,486,400 | R--- | M] () -- C:\WINDOWS\Installer\3644a3a.msp <br/>[2010/04/24 16:07:04 | 010,118,144 | R--- | M] () -- C:\WINDOWS\Installer\3644a4d.msp <br/>[2010/04/24 16:07:58 | 004,667,392 | R--- | M] () -- C:\WINDOWS\Installer\3644a5f.msp <br/>[2010/03/24 17:54:54 | 002,516,992 | R--- | M] () -- C:\WINDOWS\Installer\3644a71.msp <br/>[2010/04/24 16:08:48 | 009,129,984 | R--- | M] () -- C:\WINDOWS\Installer\3644a83.msp <br/>[2010/04/24 16:09:46 | 011,750,912 | R--- | M] () -- C:\WINDOWS\Installer\3644a95.msp <br/>[2009/08/18 12:08:34 | 001,373,696 | R--- | M] () -- C:\WINDOWS\Installer\368c795.msp <br/>[2009/07/27 03:31:24 | 003,738,624 | R--- | M] () -- C:\WINDOWS\Installer\368c7a8.msp <br/>[2009/08/05 06:49:32 | 003,457,024 | R--- | M] () -- C:\WINDOWS\Installer\368c7bd.msp <br/>[2011/10/14 02:00:27 | 020,333,568 | R--- | M] () -- C:\WINDOWS\Installer\3716445.msp <br/>[2008/10/20 10:18:14 | 006,474,240 | R--- | M] () -- C:\WINDOWS\Installer\3767b7.msp <br/>[2008/10/20 10:16:58 | 013,211,648 | R--- | M] () -- C:\WINDOWS\Installer\3767ca.msp <br/>[2008/10/20 10:21:40 | 011,937,280 | R--- | M] () -- C:\WINDOWS\Installer\3767dc.msp <br/>[2008/10/20 10:22:54 | 011,758,592 | R--- | M] () -- C:\WINDOWS\Installer\3767ee.msp <br/>[2012/11/10 17:21:00 | 000,873,984 | ---- | M] () -- C:\WINDOWS\Installer\3935b.msi <br/>[2012/11/10 17:21:35 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Installer\39361.msi <br/>[2010/07/10 19:06:20 | 010,120,192 | R--- | M] () -- C:\WINDOWS\Installer\39896c8.msp <br/>[2010/07/10 19:14:14 | 002,850,816 | R--- | M] () -- C:\WINDOWS\Installer\39896da.msp <br/>[2010/08/04 14:13:04 | 000,686,080 | R--- | M] () -- C:\WINDOWS\Installer\3ac5b72.msp <br/>[2010/11/20 22:33:46 | 001,980,928 | R--- | M] () -- C:\WINDOWS\Installer\3d80ba6.msp <br/>[2011/07/27 06:39:50 | 009,892,352 | R--- | M] () -- C:\WINDOWS\Installer\3d80bb8.msp <br/>[2011/09/06 20:48:02 | 008,181,248 | R--- | M] () -- C:\WINDOWS\Installer\3d80bca.msp <br/>[2011/04/29 11:27:04 | 004,158,464 | R--- | M] () -- C:\WINDOWS\Installer\3d80bdd.msp <br/>[2011/08/10 16:42:04 | 007,070,208 | R--- | M] () -- C:\WINDOWS\Installer\3d80bef.msp <br/>[2011/10/04 02:02:31 | 020,333,056 | R--- | M] () -- C:\WINDOWS\Installer\3d80bfb.msp <br/>[2011/09/06 20:46:22 | 009,006,080 | R--- | M] () -- C:\WINDOWS\Installer\3d80c0c.msp <br/>[2011/04/29 11:28:40 | 001,995,264 | R--- | M] () -- C:\WINDOWS\Installer\3d80c1e.msp <br/>[2011/08/10 16:43:30 | 003,795,968 | R--- | M] () -- C:\WINDOWS\Installer\3d80c30.msp <br/>[2008/11/26 01:39:22 | 003,444,224 | ---- | M] () -- C:\WINDOWS\Installer\3dd66.msi <br/>[2009/08/18 12:57:54 | 009,122,304 | R--- | M] () -- C:\WINDOWS\Installer\3f454.msp <br/>[2009/08/18 12:58:56 | 008,301,056 | R--- | M] () -- C:\WINDOWS\Installer\3f466.msp <br/>[2012/01/03 20:53:53 | 001,527,808 | ---- | M] () -- C:\WINDOWS\Installer\41378.msi <br/>[2012/01/03 20:54:18 | 001,252,864 | ---- | M] () -- C:\WINDOWS\Installer\4138e.msi <br/>[2008/12/16 17:50:33 | 000,470,528 | ---- | M] () -- C:\WINDOWS\Installer\4174e30.msi <br/>[2012/03/25 14:05:56 | 000,178,688 | ---- | M] () -- C:\WINDOWS\Installer\458f2.msi <br/>[2008/11/26 01:39:50 | 019,210,240 | R--- | M] () -- C:\WINDOWS\Installer\491d7.msp <br/>[2011/11/14 08:52:18 | 000,019,968 | ---- | M] () -- C:\WINDOWS\Installer\4a25c.msi <br/>[2009/04/24 11:29:02 | 009,013,760 | R--- | M] () -- C:\WINDOWS\Installer\4dc59d.msp <br/>[2009/05/26 17:53:56 | 000,579,072 | R--- | M] () -- C:\WINDOWS\Installer\4dc5af.msp <br/>[2009/04/24 11:30:16 | 002,583,552 | R--- | M] () -- C:\WINDOWS\Installer\4dc5c3.msp <br/>[2009/05/04 06:47:22 | 009,124,864 | R--- | M] () -- C:\WINDOWS\Installer\4dc5d6.msp <br/>[2009/05/04 06:46:14 | 008,299,008 | R--- | M] () -- C:\WINDOWS\Installer\4dc5e9.msp <br/>[2011/09/15 17:37:28 | 016,691,712 | R--- | M] () -- C:\WINDOWS\Installer\4f274.msp <br/>[2011/09/15 17:37:52 | 034,428,416 | R--- | M] () -- C:\WINDOWS\Installer\4f288.msp <br/>[2011/09/15 17:34:54 | 428,804,608 | R--- | M] () -- C:\WINDOWS\Installer\4f3bc.msp <br/>[2011/11/11 16:16:20 | 008,458,240 | R--- | M] () -- C:\WINDOWS\Installer\54e2a7.msp <br/>[2011/11/11 16:15:00 | 001,795,584 | R--- | M] () -- C:\WINDOWS\Installer\54e2b9.msp <br/>[2011/11/01 13:34:30 | 002,531,840 | R--- | M] () -- C:\WINDOWS\Installer\54e2cb.msp <br/>[2011/11/11 16:14:40 | 009,096,192 | R--- | M] () -- C:\WINDOWS\Installer\54e2dd.msp <br/>[2011/11/01 13:34:28 | 002,247,168 | R--- | M] () -- C:\WINDOWS\Installer\54e2ef.msp <br/>[2011/11/01 13:34:56 | 004,250,112 | R--- | M] () -- C:\WINDOWS\Installer\54e303.msp <br/>[2009/02/25 18:08:18 | 008,311,808 | R--- | M] () -- C:\WINDOWS\Installer\558bc7.msp <br/>[2011/10/05 08:47:54 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\55a429.msi <br/>[2009/12/23 16:13:26 | 000,219,648 | ---- | M] () -- C:\WINDOWS\Installer\55fe92d.msi <br/>[2009/05/09 11:34:51 | 000,096,256 | ---- | M] () -- C:\WINDOWS\Installer\560c26.msi <br/>[2010/10/07 18:43:04 | 001,980,416 | R--- | M] () -- C:\WINDOWS\Installer\5b1831.msp <br/>[2010/09/17 06:04:16 | 009,401,856 | R--- | M] () -- C:\WINDOWS\Installer\5b1843.msp <br/>[2011/09/15 17:38:04 | 010,838,528 | R--- | M] () -- C:\WINDOWS\Installer\62a57.msp <br/>[2011/09/15 17:39:22 | 011,163,136 | R--- | M] () -- C:\WINDOWS\Installer\62a63.msp <br/>[2011/09/15 17:40:36 | 007,959,552 | R--- | M] () -- C:\WINDOWS\Installer\62a6d.msp <br/>[2009/02/01 13:16:30 | 000,367,104 | ---- | M] () -- C:\WINDOWS\Installer\6a7cd0.msi <br/>[2010/05/30 14:03:01 | 000,030,208 | ---- | M] () -- C:\WINDOWS\Installer\6f771d.msi <br/>[2010/06/24 22:49:03 | 000,213,504 | ---- | M] () -- C:\WINDOWS\Installer\71ba7ce.msi <br/>[2011/11/01 12:34:26 | 001,169,920 | R--- | M] () -- C:\WINDOWS\Installer\74fa3a.msp <br/>[2012/03/23 13:59:02 | 007,899,648 | R--- | M] () -- C:\WINDOWS\Installer\74fa4c.msp <br/>[2009/11/23 09:42:18 | 000,107,008 | ---- | M] () -- C:\WINDOWS\Installer\7b479b.msi <br/>[2009/11/23 09:42:47 | 000,202,752 | ---- | M] () -- C:\WINDOWS\Installer\7b47b3.msi <br/>[2009/11/23 09:43:02 | 000,155,648 | ---- | M] () -- C:\WINDOWS\Installer\7b47ce.msi <br/>[2008/12/03 19:27:46 | 006,318,592 | ---- | M] () -- C:\WINDOWS\Installer\82e92.msi <br/>[2010/02/21 01:00:02 | 008,480,768 | R--- | M] () -- C:\WINDOWS\Installer\8733a22.msp <br/>[2010/02/04 17:24:30 | 009,122,304 | R--- | M] () -- C:\WINDOWS\Installer\8733a34.msp <br/>[2009/11/20 23:46:06 | 011,524,608 | R--- | M] () -- C:\WINDOWS\Installer\8733a46.msp <br/>[2009/01/29 12:59:31 | 000,867,840 | ---- | M] () -- C:\WINDOWS\Installer\948a7f.msi <br/>[2009/01/29 13:00:35 | 001,142,784 | ---- | M] () -- C:\WINDOWS\Installer\948a8b.msi <br/>[2008/12/15 17:39:27 | 009,685,504 | ---- | M] () -- C:\WINDOWS\Installer\9ecd99.msi <br/>[2012/11/10 11:44:23 | 001,065,984 | ---- | M] () -- C:\WINDOWS\Installer\a03560.msi <br/>[2012/05/07 13:17:37 | 000,926,720 | ---- | M] () -- C:\WINDOWS\Installer\a529b2.msi <br/>[2011/11/27 12:02:59 | 000,160,768 | ---- | M] () -- C:\WINDOWS\Installer\a663fa.msi <br/>[2011/11/13 13:16:44 | 001,160,192 | ---- | M] () -- C:\WINDOWS\Installer\a9300f.msi <br/>[2011/11/13 13:20:12 | 000,492,544 | ---- | M] () -- C:\WINDOWS\Installer\a93016.msi <br/>[2010/04/02 14:42:01 | 009,472,000 | ---- | M] () -- C:\WINDOWS\Installer\af4064.msi <br/>[2010/01/21 03:00:23 | 015,710,720 | R--- | M] () -- C:\WINDOWS\Installer\b3ec44.msp <br/>[2012/05/19 11:11:50 | 001,553,408 | ---- | M] () -- C:\WINDOWS\Installer\bad62.msi <br/>[2009/04/24 11:28:00 | 004,450,816 | R--- | M] () -- C:\WINDOWS\Installer\ceb6a6.msp <br/>[2012/02/25 10:17:22 | 020,333,056 | R--- | M] () -- C:\WINDOWS\Installer\d2620.msp <br/>[2009/11/04 06:28:56 | 000,216,576 | ---- | M] () -- C:\WINDOWS\Installer\d523c88.msi <br/>[2009/11/04 06:31:21 | 000,027,648 | ---- | M] () -- C:\WINDOWS\Installer\d523ca6.msi <br/>[2009/02/25 18:07:14 | 011,646,464 | R--- | M] () -- C:\WINDOWS\Installer\d8e66e.msp <br/>[2009/02/25 18:05:14 | 011,840,000 | R--- | M] () -- C:\WINDOWS\Installer\d8e680.msp <br/>[2012/01/06 13:33:42 | 001,636,352 | ---- | M] () -- C:\WINDOWS\Installer\f55dd.msi <br/>[2011/11/13 13:16:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{3C3901C5-3455-3E0A-A214-0B093A5070A6}.SchedServiceConfig.rmi <br/>[2010/06/01 02:11:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.SchedServiceConfig.rmi <br/>[2009/10/15 02:58:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}.SchedServiceConfig.rmi <br/>[2010/04/02 14:39:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{B5C3B892-0849-476C-9F46-B12F84819D57}.SchedServiceConfig.rmi <br/>[2012/11/07 19:04:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}.SchedServiceConfig.rmi <br/> <br/>[color=#A23BEC]< %windir%\system32\tasks\*.* >[/color] <br/> <br/>[color=#A23BEC]< %systemroot%\Fonts\*.exe >[/color] <br/> <br/>[color=#A23BEC]< %systemroot%\*. /mp /s >[/color] <br/> <br/>[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] <br/>[2004/08/04 07:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe <br/>[2007/12/01 00:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=E0EE428F4777A3CD8760BAD61F87ABED -- C:\WINDOWS\explorer.exe <br/>[2007/12/01 00:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=E0EE428F4777A3CD8760BAD61F87ABED -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe <br/> <br/>[color=#A23BEC]< MD5 for: MRESP50.SYS >[/color] <br/>[2011/05/26 15:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) MD5=07C02C892E8E1A72D6BF35004F0E9C5E -- C:\Program Files\Common Files\Motive\MRESP50.sys <br/> <br/>[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color] <br/>[2007/12/01 00:26:46 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=6A05DE27DCBD8256845782943BEBC572 -- C:\WINDOWS\regedit.exe <br/>[2007/12/01 00:26:46 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=6A05DE27DCBD8256845782943BEBC572 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe <br/>[2006/02/28 12:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\i386\REGEDIT.EXE <br/>[2006/02/28 12:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe <br/> <br/>[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] <br/>[2007/12/01 00:26:52 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=0C82B0AE50BB2BC8A96A753F4EDC495F -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe <br/>[2007/12/01 00:26:52 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=0C82B0AE50BB2BC8A96A753F4EDC495F -- C:\WINDOWS\system32\svchost.exe <br/>[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe <br/>[2004/08/04 07:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe <br/> <br/>[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] <br/>[2004/08/04 07:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe <br/>[2007/12/01 00:26:54 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=813B2E9C4CAEA05FBA51A442FAB7A95D -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe <br/>[2007/12/01 00:26:54 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=813B2E9C4CAEA05FBA51A442FAB7A95D -- C:\WINDOWS\system32\userinit.exe <br/> <br/>[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] <br/>[2004/08/04 07:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe <br/>[2007/12/01 00:26:58 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=45FFE966290B9C4BA659325561DE4830 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe <br/>[2007/12/01 00:26:58 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=45FFE966290B9C4BA659325561DE4830 -- C:\WINDOWS\system32\winlogon.exe <br/>[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe <br/> <br/>[color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color] <br/> <br/>[color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color] <br/> <br/>[color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color] <br/> <br/>[color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color] <br/> <br/>[color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color] <br/> <br/>[color=#A23BEC]< type c:\diskreport.txt /c >[/color] <br/>Microsoft DiskPart version 5.1.3565 <br/>Copyright (C) 1999-2003 Microsoft Corporation. <br/>On computer: HP13888241712 <br/> Volume ### Ltr Label Fs Type Size Status Info <br/> ---------- --- ----------- ----- ---------- ------- --------- -------- <br/> Volume 0 E DVD-ROM 0 B <br/> Volume 1 F DVD-ROM 0 B <br/> Volume 2 C NTFS Partition 139 GB Healthy System <br/> Volume 3 D HP_RECOVERY NTFS Partition 10 GB Healthy <br/> Volume 4 G 01256816966 FAT32 Removeable 3820 MB <br/> <br/>[color=#E56717]========== Alternate Data Streams ==========[/color] <br/> <br/>@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2 <br/> <br/>< End of report > <br/> <br/> <br/>OTL Extras logfile created on: 12/11/2012 09:10:51 - Run 1 <br/>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop <br/>Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation <br/>Internet Explorer (Version = 6.0.2900.3264) <br/>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy <br/> <br/>3.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.08% Memory free <br/>4.84 Gb Paging File | 4.26 Gb Available in Paging File | 88.01% Paging File free <br/>Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files <br/>Drive C: | 139.04 Gb Total Space | 50.14 Gb Free Space | 36.06% Space Free | Partition Type: NTFS <br/>Drive D: | 10.00 Gb Total Space | 2.53 Gb Free Space | 25.33% Space Free | Partition Type: NTFS <br/>Drive G: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.79% Space Free | Partition Type: FAT32 <br/> <br/>Computer Name: HP13888241712 | User Name: Administrator | Logged in as Administrator. <br/>Boot Mode: Normal | Scan Mode: Current user <br/>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days <br/> <br/>[color=#E56717]========== Extra Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== File Associations ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] <br/>.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* <br/>.html [@ = YBrowser.HTML] -- C:\Program Files\Yahoo!\browser\ybrowser.exe (Yahoo!, Inc.) <br/>.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] <br/>.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) <br/> <br/>[color=#E56717]========== Shell Spawning ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] <br/>batfile [open] -- "%1" %* <br/>cmdfile [open] -- "%1" %* <br/>comfile [open] -- "%1" %* <br/>cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* <br/>exefile [open] -- "%1" %* <br/>htmlfile [edit] -- Reg Error: Key error. <br/>InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l <br/>piffile [open] -- "%1" %* <br/>regfile [merge] -- Reg Error: Key error. <br/>scrfile [config] -- "%1" <br/>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l <br/>scrfile [open] -- "%1" /S <br/>txtfile [edit] -- Reg Error: Key error. <br/>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 <br/>Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () <br/>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () <br/>Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) <br/>Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) <br/>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/> <br/>[color=#E56717]========== Security Center Settings ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] <br/>"FirstRunDisabled" = 1 <br/>"AntiVirusDisableNotify" = 0 <br/>"FirewallDisableNotify" = 0 <br/>"UpdatesDisableNotify" = 0 <br/>"AntiVirusOverride" = 0 <br/>"FirewallOverride" = 0 <br/>"UacDisableNotify" = 1 <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] <br/> <br/>[color=#E56717]========== System Restore Settings ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] <br/>"DisableSR" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] <br/>"Start" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] <br/>"Start" = 2 <br/> <br/>[color=#E56717]========== Firewall Settings ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] <br/>"DoNotAllowExceptions" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] <br/>"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 <br/>"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 <br/>"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service <br/>"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service <br/>"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service <br/>"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service <br/>"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service <br/>"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] <br/>"EnableFirewall" = 1 <br/>"DoNotAllowExceptions" = 0 <br/>"DisableNotifications" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] <br/>"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 <br/>"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 <br/>"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724 <br/>"8370:TCP" = 8370:TCP:*:Enabled:League of Legends Launcher <br/>"8370:UDP" = 8370:UDP:*:Enabled:League of Legends Launcher <br/>"8372:TCP" = 8372:TCP:*:Enabled:League of Legends Launcher <br/>"8372:UDP" = 8372:UDP:*:Enabled:League of Legends Launcher <br/>"43795:TCP" = 43795:TCP:*:Enabled:utorrent <br/>"20919:TCP" = 20919:TCP:*:Enabled:BitComet 20919 TCP <br/>"20919:UDP" = 20919:UDP:*:Enabled:BitComet 20919 UDP <br/>"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service <br/>"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service <br/>"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service <br/>"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service <br/>"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service <br/>"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service <br/>"25565:TCP" = 25565:TCP:*:Enabled:Minecraft Multiplayer <br/>"27015:TCP" = 27015:TCP:*:Enabled:Steam <br/>"27014:TCP" = 27014:TCP:*:Enabled:Steam Client <br/>"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 <br/>"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 <br/>"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 <br/>"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 <br/> <br/>[color=#E56717]========== Authorized Applications List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] <br/>"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) <br/>"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) <br/>"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] <br/>"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) <br/>"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- () <br/>"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) <br/>"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- () <br/>"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.) <br/>"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) <br/>"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) <br/>"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) <br/>"C:\Program Files\World of Warcraft\Repair.exe" = C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility <br/>"C:\Program Files\THQ\Dawn Of War\W40k.exe" = C:\Program Files\THQ\Dawn Of War\W40k.exe:*:Enabled:W40k <br/>"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" = C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade <br/>"C:\Documents and Settings\Administrator\Local Settings\temp\Blizzard Launcher Temporary - c3abbc60\Launcher.exe" = C:\Documents and Settings\Administrator\Local Settings\temp\Blizzard Launcher Temporary - c3abbc60\Launcher.exe:*:Enabled:Blizzard Launcher <br/>"C:\Program Files\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe" = C:\Program Files\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe:*:Enabled:DOW2 <br/>"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- () <br/>"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- () <br/>"C:\Documents and Settings\Administrator\Local Settings\temp\Blizzard Launcher Temporary - 0ec68050\Launcher.exe" = C:\Documents and Settings\Administrator\Local Settings\temp\Blizzard Launcher Temporary - 0ec68050\Launcher.exe:*:Enabled:Blizzard Launcher <br/>"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- () <br/>"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- () <br/>"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) <br/>"C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Disabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS) <br/>"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III <br/>"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader <br/>"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher <br/>"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) <br/>"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) <br/>"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- () <br/>"C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS) <br/>"C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe:*:Enabled:Blizzard Downloader <br/>"C:\Documents and Settings\Administrator\Desktop\WowExpansionMaster_1024_2100_B_English-avi-downloader.exe" = C:\Documents and Settings\Administrator\Desktop\WowExpansionMaster_1024_2100_B_English-avi-downloader.exe:*:Enabled:Blizzard Downloader <br/>"C:\Documents and Settings\Administrator\Desktop\WoW-Intro-enGB-downloader.exe" = C:\Documents and Settings\Administrator\Desktop\WoW-Intro-enGB-downloader.exe:*:Enabled:Blizzard Downloader <br/>"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader <br/>"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader <br/>"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader <br/>"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader <br/>"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player <br/>"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby <br/>"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client <br/>"C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary <br/>"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) <br/>"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation) <br/>"C:\Program Files\NAMCO BANDAI Games\Warhammer Mark of Chaos\Warhammer.exe" = C:\Program Files\NAMCO BANDAI Games\Warhammer Mark of Chaos\Warhammer.exe:*:Enabled:Warhammer®: Mark of Chaos™ <br/>"C:\Documents and Settings\Administrator\My Documents\Downloads\SC2-battlereport-4_PEGI-downloader.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\SC2-battlereport-4_PEGI-downloader.exe:*:Enabled:Blizzard Downloader <br/>"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) <br/>"C:\Documents and Settings\Administrator\My Documents\Downloads\Terran_Demo_English_EU.avi-downloader.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\Terran_Demo_English_EU.avi-downloader.exe:*:Enabled:Blizzard Downloader <br/>"C:\Program Files\TmNationsForever\TmForever.exe" = C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever <br/>"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe <br/>"C:\Program Files\StarCraft II Beta\StarCraft II.exe" = C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher <br/>"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary <br/>"C:\Program Files\Bumblebee Studios\Bloodline Champions Beta\Binary\BloodlineChampionsLoader.exe" = C:\Program Files\Bumblebee Studios\Bloodline Champions Beta\Binary\BloodlineChampionsLoader.exe:*:Enabled:BloodlineChampionsLoader <br/>"C:\UDK\The Ball UDK Demo\Binaries\Win32\UDK.exe" = C:\UDK\The Ball UDK Demo\Binaries\Win32\UDK.exe:*:Enabled:UDK <br/>"C:\Program Files\Steam\steamapps\etherloper\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\etherloper\team fortress 2\hl2.exe:*:Enabled:hl2 <br/>"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe -- (Microsoft Corporation) <br/>"C:\Program Files\id Software\Quake 4 Multiplayer Demo\Quake4.exe" = C:\Program Files\id Software\Quake 4 Multiplayer Demo\Quake4.exe:*:Enabled:Quake 4 <br/>"C:\Documents and Settings\Administrator\Application Data\GameRanger\GameRanger\GameRanger.exe" = C:\Documents and Settings\Administrator\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger <br/>"C:\Program Files\AoE2\empires2.exe" = C:\Program Files\AoE2\empires2.exe:*:Enabled:Age of Empires II <br/>"C:\Program Files\AoE2\age2_x1\age2_x1.exe" = C:\Program Files\AoE2\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion <br/>"C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV -- (RayV) <br/>"C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV -- (RayV) <br/>"C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm <br/>"C:\Program Files\GRETECH\GomTVStreamer\GomTVStreamerLive.exe" = C:\Program Files\GRETECH\GomTVStreamer\GomTVStreamerLive.exe:*:Enabled:GomTVStreamerLive.exe -- () <br/>"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) <br/>"C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*:Disabled:Java(TM) Web Start Launcher <br/>"C:\Documents and Settings\Administrator\Application Data\RayV\Viewer\RayV.dll" = C:\Documents and Settings\Administrator\Application Data\RayV\Viewer\RayV.dll:*:Enabled:RayV <br/>"C:\Games\World_of_Tanks_closed_Beta\WorldOfTanks.exe" = C:\Games\World_of_Tanks_closed_Beta\WorldOfTanks.exe:*:Enabled:World of Tanks <br/>"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager <br/>"C:\Program Files\THQ\Dawn Of War\W40kWA.exe" = C:\Program Files\THQ\Dawn Of War\W40kWA.exe:*:Enabled:W40kWA <br/>"C:\UDK\Fps Terminator\Binaries\Win32\UDK.exe" = C:\UDK\Fps Terminator\Binaries\Win32\UDK.exe:*:Enabled:UDK -- (Epic Games, Inc.) <br/>"C:\Documents and Settings\Administrator\Desktop\Gang Garrison 2\Gang Garrison 2.exe" = C:\Documents and Settings\Administrator\Desktop\Gang Garrison 2\Gang Garrison 2.exe:*:Enabled:Gang Garrison 2 <br/>"C:\Program Files\Steam\steamapps\common\hacker evolution untold - demo\Hacker Evolution Untold.exe" = C:\Program Files\Steam\steamapps\common\hacker evolution untold - demo\Hacker Evolution Untold.exe:*:Enabled:Hacker Evolution: Untold - Demo <br/>"C:\Program Files\Steam\steamapps\common\wasteland angel - demo\bin\x86\dx9\Angel.exe" = C:\Program Files\Steam\steamapps\common\wasteland angel - demo\bin\x86\dx9\Angel.exe:*:Enabled:Wasteland Angel - Demo <br/>"C:\Games\World_of_Tanks\WorldOfTanks.exe" = C:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks <br/>"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.) <br/>"C:\Program Files\Steam\steamapps\common\the ball demo\Binaries\Win32\TheBall.exe" = C:\Program Files\Steam\steamapps\common\the ball demo\Binaries\Win32\TheBall.exe:*:Enabled:The Ball Demo <br/>"C:\Program Files\Steam\steamapps\common\dungeon defenders demo\Binaries\Win32\DunDefGame.exe" = C:\Program Files\Steam\steamapps\common\dungeon defenders demo\Binaries\Win32\DunDefGame.exe:*:Enabled:DunDefGame <br/>"C:\Program Files\Steam\steamapps\common\dungeons the dark lord demo\dungeons-server.exe" = C:\Program Files\Steam\steamapps\common\dungeons the dark lord demo\dungeons-server.exe:*:Enabled:Dungeons - The Dark Lord Demo Server <br/>"C:\Program Files\Steam\steamapps\common\defcon\defcon.exe" = C:\Program Files\Steam\steamapps\common\defcon\defcon.exe:*:Enabled:Defcon <br/>"C:\Program Files\Steam\steamapps\common\oddworld abes oddysee demo\AbeDemo.exe" = C:\Program Files\Steam\steamapps\common\oddworld abes oddysee demo\AbeDemo.exe:*:Enabled:Oddworld: Abe's Oddysee Demo <br/>"C:\Program Files\Hi-Rez Studios\games\tribes alpha\Binaries\Win32\TribesAscend.exe" = C:\Program Files\Hi-Rez Studios\games\tribes alpha\Binaries\Win32\TribesAscend.exe:*:Enabled:TribesAscend <br/>"C:\Program Files\Steam\steamapps\common\hoard\win32\Reuben.exe" = C:\Program Files\Steam\steamapps\common\hoard\win32\Reuben.exe:*:Enabled:HOARD - Demo <br/>"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) <br/>"C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd) <br/>"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation) <br/>"C:\Program Files\Steam\steamapps\common\the void\bin\win32\Game.exe" = C:\Program Files\Steam\steamapps\common\the void\bin\win32\Game.exe:*:Enabled:The Void <br/>"C:\Program Files\Steam\steamapps\common\the void\bin\win32\Config.exe" = C:\Program Files\Steam\steamapps\common\the void\bin\win32\Config.exe:*:Enabled:The Void <br/>"C:\Program Files\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe" = C:\Program Files\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe:*:Enabled:FTL: Faster Than Light <br/>"C:\Program Files\Steam\steamapps\common\bastion\Bastion.exe" = C:\Program Files\Steam\steamapps\common\bastion\Bastion.exe:*:Enabled:Bastion <br/>"C:\Program Files\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe" = C:\Program Files\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe:*:Enabled:BioShock <br/>"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) <br/>"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.) <br/>"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) <br/>"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) <br/> <br/> <br/>[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam <br/>"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable <br/>"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended <br/>"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes <br/>"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series <br/>"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter <br/>"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 <br/>"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.5 <br/>"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server <br/>"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 <br/>"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool <br/>"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT <br/>"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 <br/>"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime <br/>"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 <br/>"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 <br/>"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 <br/>"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform <br/>"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP <br/>"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 <br/>"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile <br/>"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager <br/>"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker <br/>"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 <br/>"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.0.40 <br/>"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials <br/>"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater <br/>"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE <br/>"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support <br/>"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail <br/>"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist <br/>"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable <br/>"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 <br/>"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime <br/>"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client <br/>"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update <br/>"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour <br/>"{79A2AB22-00D8-4F09-A00A-F1CB7DB3E916}_is1" = Penumbra <br/>"{7B63B2922B174135AFC0E1377DD81EC2}" = <br/>"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends <br/>"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight <br/>"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update <br/>"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 <br/>"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 <br/>"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 <br/>"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 <br/>"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 <br/>"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) <br/>"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 <br/>"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) <br/>"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 <br/>"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) <br/>"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 <br/>"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 <br/>"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 <br/>"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 <br/>"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In <br/>"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 <br/>"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 <br/>"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant <br/>"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting <br/>"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 <br/>"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab <br/>"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI <br/>"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR <br/>"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 <br/>"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable <br/>"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper <br/>"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support <br/>"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 <br/>"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8 <br/>"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter <br/>"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10 <br/>"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10 <br/>"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18 <br/>"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 <br/>"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11 <br/>"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0 <br/>"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application <br/>"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components <br/>"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy <br/>"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin <br/>"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3 <br/>"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger <br/>"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call <br/>"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation <br/>"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo <br/>"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 <br/>"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver <br/>"{C59E50F4-0AE2-4742-8059-9EF67E379AFB}" = RayViewer 1.08 <br/>"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3 <br/>"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 <br/>"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 <br/>"{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader <br/>"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support <br/>"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX <br/>"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate <br/>"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4 <br/>"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI <br/>"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call <br/>"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 <br/>"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard <br/>"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver <br/>"{F8EE079D-A1A6-48A0-8B02-5CC7E1FEE342}" = Afterfall InSanity DEMO <br/>"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer <br/>"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 <br/>"Adobe AIR" = Adobe AIR <br/>"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX <br/>"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin <br/>"Adobe Shockwave Player" = Adobe Shockwave Player 11.5 <br/>"Amazon Kindle" = Amazon Kindle <br/>"AOL Toolbar" = AOL Toolbar 5.0 <br/>"AVG Secure Search" = AVG Security Toolbar <br/>"AVG8Uninstall" = AVG Free 8.5 <br/>"BattlEye A2 Free" = BattlEye (A2Free) Uninstall <br/>"Braid_is1" = Braid (Version 1.015) <br/>"BT Broadband Desktop Help" = BT Broadband Desktop Help <br/>"BT Broadband Talk Softphone Frontier_is1" = BT Broadband Talk Softphone 2.0 <br/>"BT Home Hub" = BT Home Hub <br/>"BT Wireless Connection Manager" = BT Wireless Connection Manager <br/>"BT Yahoo! Applications" = BT Yahoo! Applications <br/>"BtcMouseMaestro" = MouseMaestro Input Device Driver V2.0.1-145AA MUL <br/>"BTHomeHub" = BTHomeHub <br/>"Canon MP520 series User Registration" = Canon MP520 series User Registration <br/>"CanonMyPrinter" = Canon My Printer <br/>"CanonSolutionMenu" = Canon Utilities Solution Menu <br/>"CCleaner" = CCleaner <br/>"CoreAAC" = CoreAAC <br/>"CoView_is1" = CoView <br/>"CutePDF Writer Installation" = CutePDF Writer 2.8 <br/>"Deus Ex - Game of the Year Edition_is1" = Deus Ex - Game of the Year Edition <br/>"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters <br/>"DivX Setup" = DivX Setup <br/>"Download Manager" = Download Manager 2.3.10 <br/>"DroidAssault" = Droid Assault (remove only) <br/>"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX <br/>"Fraps" = Fraps <br/>"GOM Picker" = GOM PICKER <br/>"GOM Player" = GOM Player <br/>"GOM Video Converter" = GOM Video Converter <br/>"GomTV Launcher Plugin" = GOMTV Plug-in <br/>"GomTVStreamer" = GOMTV Streamer <br/>"Google Chrome" = Google Chrome <br/>"GoToAssist" = GoToAssist Corporate <br/>"Half-Life Uplink" = Half-Life Uplink <br/>"HOMESTUDENTR" = Microsoft Office Home and Student 2007 <br/>"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs <br/>"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 <br/>"LDC Driving Test Complete2.2" = LDC Driving Test Complete <br/>"LucasArts' Grim Fandango" = LucasArts' Grim Fandango <br/>"Machinarium" = Machinarium <br/>"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 <br/>"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 <br/>"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 <br/>"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile <br/>"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended <br/>"mIRC" = mIRC <br/>"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US) <br/>"MozillaMaintenanceService" = Mozilla Maintenance Service <br/>"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 <br/>"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad) <br/>"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP <br/>"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs <br/>"NVIDIA Display Control Panel" = NVIDIA Display Control Panel <br/>"NVIDIA Drivers" = NVIDIA Drivers <br/>"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager <br/>"OggDS" = Direct Show Ogg Vorbis Filter (remove only) <br/>"OpenAL" = OpenAL <br/>"PDF Complete" = PDF Complete <br/>"Peggle Deluxe 1.01" = Peggle Deluxe 1.01 <br/>"PocketRAR" = Pocket RAR documentation <br/>"PunkBusterSvc" = PunkBuster Services <br/>"RayV" = dtvblizzcon Player <br/>"RealAlt_is1" = Real Alternative 1.9.0 <br/>"RealPlayer 12.0" = RealPlayer <br/>"Save Flash" = Save Flash 4.2 <br/>"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 <br/>"TrueCrypt" = TrueCrypt <br/>"UDK-06f58e28-1a8c-4631-ae8f-7bb68abcf9df" = Fps Terminator <br/>"uTorrent" = µTorrent <br/>"Veoh Web Player Beta" = Veoh Web Player <br/>"VLC media player" = VLC media player 0.9.9 <br/>"Windows Media Format Runtime" = Windows Media Format 11 runtime <br/>"Windows Media Player" = Windows Media Player 11 <br/>"Windows XP Service Pack" = Windows XP Service Pack 3 <br/>"WinLiveSuite_Wave3" = Windows Live Essentials <br/>"WinRAR archiver" = WinRAR archiver <br/>"WMFDist11" = Windows Media Format 11 runtime <br/>"wmp11" = Windows Media Player 11 <br/>"WMV9_VCM" = Microsoft Windows Media Video 9 VCM <br/>"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 <br/>"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 <br/>"Yahoo! Toolbar" = Yahoo! Toolbar <br/> <br/>[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist <br/>"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player <br/>"Octoshape Streaming Services" = Octoshape Streaming Services <br/>"Spotify" = Spotify <br/>"UnityWebPlayer" = Unity Web Player <br/> <br/>[color=#E56717]========== Last 20 Event Log Errors ==========[/color] <br/> <br/>[ Application Events ] <br/>Error - 02/11/2012 07:11:15 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: Continuously busy for more than a second <br/> <br/>Error - 02/11/2012 07:11:15 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledEvent 6094 <br/> <br/>Error - 02/11/2012 07:11:15 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledSPRetry 6094 <br/> <br/>Error - 02/11/2012 07:11:17 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: Continuously busy for more than a second <br/> <br/>Error - 02/11/2012 07:11:18 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledEvent 8172 <br/> <br/>Error - 02/11/2012 07:11:18 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledSPRetry 8172 <br/> <br/>Error - 03/11/2012 06:01:58 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: Continuously busy for more than a second <br/> <br/>Error - 03/11/2012 06:01:58 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledEvent 1953 <br/> <br/>Error - 03/11/2012 06:01:58 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledSPRetry 1953 <br/> <br/>Error - 03/11/2012 12:22:54 | Computer Name = HP13888241712 | Source = Application Error | ID = 1000 <br/>Description = Faulting application bioshock.exe, version 1.0.0.0, faulting module <br/> msvcr80.dll, version 8.0.50727.6195, fault address 0x0001500a. <br/> <br/>[ Application Events ] <br/>Error - 02/11/2012 07:11:15 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: Continuously busy for more than a second <br/> <br/>Error - 02/11/2012 07:11:15 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledEvent 6094 <br/> <br/>Error - 02/11/2012 07:11:15 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledSPRetry 6094 <br/> <br/>Error - 02/11/2012 07:11:17 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: Continuously busy for more than a second <br/> <br/>Error - 02/11/2012 07:11:18 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledEvent 8172 <br/> <br/>Error - 02/11/2012 07:11:18 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledSPRetry 8172 <br/> <br/>Error - 03/11/2012 06:01:58 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: Continuously busy for more than a second <br/> <br/>Error - 03/11/2012 06:01:58 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledEvent 1953 <br/> <br/>Error - 03/11/2012 06:01:58 | Computer Name = HP13888241712 | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledSPRetry 1953 <br/> <br/>Error - 03/11/2012 12:22:54 | Computer Name = HP13888241712 | Source = Application Error | ID = 1000 <br/>Description = Faulting application bioshock.exe, version 1.0.0.0, faulting module <br/> msvcr80.dll, version 8.0.50727.6195, fault address 0x0001500a. <br/> <br/>[ OSession Events ] <br/>Error - 17/12/2009 10:51:00 | Computer Name = HP13888241712 | Source = Microsoft Office 12 Sessions | ID = 7001 <br/>Description = ID: 0, Application Name: Microsoft Office Word, Application Version: <br/> 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 243 <br/> seconds with 180 seconds of active time. This session ended with a crash. <br/> <br/>Error - 17/12/2009 10:51:11 | Computer Name = HP13888241712 | Source = Microsoft Office 12 Sessions | ID = 7001 <br/>Description = ID: 0, Application Name: Microsoft Office Word, Application Version: <br/> 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 <br/> seconds with 0 seconds of active time. This session ended with a crash. <br/> <br/>Error - 17/12/2009 10:51:34 | Computer Name = HP13888241712 | Source = Microsoft Office 12 Sessions | ID = 7001 <br/>Description = ID: 0, Application Name: Microsoft Office Word, Application Version: <br/> 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 <br/> seconds with 0 seconds of active time. This session ended with a crash. <br/> <br/>[ System Events ] <br/>Error - 10/11/2012 17:55:30 | Computer Name = HP13888241712 | Source = System Error | ID = 1003 <br/>Description = Error code 1000008e, parameter1 c0000005, parameter2 bd03d83b, parameter3 <br/> b0cae324, parameter4 00000000. <br/> <br/>Error - 11/11/2012 04:46:35 | Computer Name = HP13888241712 | Source = DCOM | ID = 10016 <br/>Description = The application-specific permission settings do not grant Local Launch <br/> permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} <br/> <br/> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be <br/> modified using the Component Services administrative tool. <br/> <br/>Error - 11/11/2012 04:47:54 | Computer Name = HP13888241712 | Source = DCOM | ID = 10016 <br/>Description = The application-specific permission settings do not grant Local Launch <br/> permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} <br/> <br/> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be <br/> modified using the Component Services administrative tool. <br/> <br/>Error - 11/11/2012 12:52:39 | Computer Name = HP13888241712 | Source = atapi | ID = 262153 <br/>Description = The device, \Device\Ide\IdePort1, did not respond within the timeout <br/> period. <br/> <br/>Error - 11/11/2012 12:53:06 | Computer Name = HP13888241712 | Source = Service Control Manager | ID = 7034 <br/>Description = The NVIDIA Update Service Daemon service terminated unexpectedly. <br/> It has done this 1 time(s). <br/> <br/>Error - 11/11/2012 12:55:20 | Computer Name = HP13888241712 | Source = DCOM | ID = 10016 <br/>Description = The application-specific permission settings do not grant Local Launch <br/> permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} <br/> <br/> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be <br/> modified using the Component Services administrative tool. <br/> <br/>Error - 11/11/2012 12:55:47 | Computer Name = HP13888241712 | Source = atapi | ID = 262153 <br/>Description = The device, \Device\Ide\IdePort1, did not respond within the timeout <br/> period. <br/> <br/>Error - 11/11/2012 12:57:02 | Computer Name = HP13888241712 | Source = DCOM | ID = 10016 <br/>Description = The application-specific permission settings do not grant Local Launch <br/> permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} <br/> <br/> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be <br/> modified using the Component Services administrative tool. <br/> <br/>Error - 12/11/2012 05:05:49 | Computer Name = HP13888241712 | Source = DCOM | ID = 10016 <br/>Description = The application-specific permission settings do not grant Local Launch <br/> permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} <br/> <br/> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be <br/> modified using the Component Services administrative tool. <br/> <br/>Error - 12/11/2012 05:07:15 | Computer Name = HP13888241712 | Source = DCOM | ID = 10016 <br/>Description = The application-specific permission settings do not grant Local Launch <br/> permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} <br/> <br/> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be <br/> modified using the Component Services administrative tool. <br/> <br/> <br/>< End of report >
Posted 11/12/2012 1:19 PM
#94678
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
We need to run an OTL Fix <br/> <br/>• Please reopen OTL on your desktop. <br/>• Copy and Paste the following into the Custom Scan textbox. ^ <br/> <br/>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ <br/> <br/>:Services <br/> <br/>:OTL <br/>O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB (Reg Error: Key error.) <br/>O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.) <br/> [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] <br/> :Reg <br/> :Files <br/>C:\Program Files\Bonjour <br/>ipconfig /flushdns /c <br/>:Commands <br/>[purity] <br/>[resethosts] <br/>[CreateRestorePoint] <br/>[emptytemp] <br/>[EMPTYFLASH] <br/> <br/>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ <br/> <br/>Push Run Fix Button <br/> <br/>• OTL may ask to reboot the machine. Please do so if asked. <br/>• Click OK. <br/>• A report will open. Copy and Paste that report in your next reply. <br/>• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run. <br/> <br/> <br/> <br/> <br/>Please download Combofix from: http://download.bleepingcomputer.com/sUBs/ComboFix.exe <br/> <br/> And save to the desktop. <br/> <br/>After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC: <br/>Exit all windows that are currently open on your computer. <br/>To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer. <br/> <br/> <br/>Double-click on the combofix icon found on your desktop. <br/> <br/>Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. <br/> <br/> When finished, it will produce a logfile located at C:\combofix.txt. <br/> <br/> <br/>Post the contents of that log in your next reply <br/> <br/>The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/12/2012 3:28 PM
#94679
User avatar

Cool Trojan Bro Member

Date Joined Nov 2016
Total Posts: 4
All processes killed <br/>========== SERVICES/DRIVERS ========== <br/>========== OTL ========== <br/>Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71} <br/>C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found. <br/>Starting removal of ActiveX control {41564D57-9980-0010-8000-00AA00389B71} <br/>C:\WINDOWS\Downloaded Program Files\wmvadvd.inf moved successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41564D57-9980-0010-8000-00AA00389B71}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41564D57-9980-0010-8000-00AA00389B71}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found. <br/>C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll deleted successfully. <br/>C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder deleted successfully. <br/>C:\WINDOWS\8A809006C25A4A3A9DAB94659BCDB107.TMP\WiseCustomCalla.dll deleted successfully. <br/>C:\WINDOWS\8A809006C25A4A3A9DAB94659BCDB107.TMP folder deleted successfully. <br/>C:\WINDOWS\A7E07C2B2220441587E3784D5814BC93.TMP\WiseCustomCalla.dll deleted successfully. <br/>C:\WINDOWS\A7E07C2B2220441587E3784D5814BC93.TMP folder deleted successfully. <br/>C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP\WiseCustomCalla.dll deleted successfully. <br/>C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder deleted successfully. <br/>C:\WINDOWS\msdownld.tmp folder deleted successfully. <br/>========== REGISTRY ========== <br/>========== FILES ========== <br/>C:\Program Files\Bonjour\Bonjour.Resources\zh_TW.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\zh_CN.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\sv.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\ru.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\pt_PT.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\pt.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\pl.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\nl.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\nb.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\ko.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\ja.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\it.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\fr.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\fi.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\es.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\en_GB.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\en.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\de.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources\da.lproj folder moved successfully. <br/>C:\Program Files\Bonjour\Bonjour.Resources folder moved successfully. <br/>C:\Program Files\Bonjour folder moved successfully. <br/>[color=#A23BEC]< ipconfig /flushdns /c >[/color] <br/>Windows IP Configuration <br/>Successfully flushed the DNS Resolver Cache. <br/>C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully. <br/>C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully. <br/>========== COMMANDS ========== <br/>C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. <br/>HOSTS file reset successfully <br/>Restore point Set: OTL Restore Point <br/> <br/>[EMPTYTEMP] <br/> <br/>User: Administrator <br/>->Temp folder emptied: 7017233 bytes <br/>->Temporary Internet Files folder emptied: 99688 bytes <br/>->Java cache emptied: 58591583 bytes <br/>->FireFox cache emptied: 76273060 bytes <br/>->Google Chrome cache emptied: 0 bytes <br/>->Flash cache emptied: 5908032 bytes <br/> <br/>User: All Users <br/> <br/>User: Default User <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 32902 bytes <br/>->Flash cache emptied: 41044 bytes <br/> <br/>User: LocalService <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 64046 bytes <br/> <br/>User: NetworkService <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 54343693 bytes <br/> <br/>User: UpdatusUser <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 32902 bytes <br/>->Flash cache emptied: 41044 bytes <br/> <br/>%systemdrive% .tmp files removed: 0 bytes <br/>%systemroot% .tmp files removed: 0 bytes <br/>%systemroot%\System32 .tmp files removed: 12130169 bytes <br/>%systemroot%\System32\dllcache .tmp files removed: 0 bytes <br/>%systemroot%\System32\drivers .tmp files removed: 0 bytes <br/>Windows Temp folder emptied: 98950 bytes <br/>%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 19780 bytes <br/>%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes <br/>RecycleBin emptied: 14264 bytes <br/> <br/>Total Files Cleaned = 205.00 mb <br/> <br/> <br/>[EMPTYFLASH] <br/> <br/>User: Administrator <br/>->Flash cache emptied: 0 bytes <br/> <br/>User: All Users <br/> <br/>User: Default User <br/>->Flash cache emptied: 0 bytes <br/> <br/>User: LocalService <br/> <br/>User: NetworkService <br/> <br/>User: UpdatusUser <br/>->Flash cache emptied: 0 bytes <br/> <br/>Total Flash Files Cleaned = 0.00 mb <br/> <br/> <br/>OTL by OldTimer - Version 3.2.69.0 log created on 11122012_135520 <br/> <br/>Files\Folders moved on Reboot... <br/> <br/>PendingFileRenameOperations files... <br/> <br/>Registry entries deleted on Reboot... <br/> <br/> <br/> <br/>ComboFix 12-11-12.02 - Administrator 12/11/2012 15:04:22.3.2 - x86 <br/>Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2559 [GMT 0:00] <br/>Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.# <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@2C8@38C478.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@2C8@38C488.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@2C8@38C4C8.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@2C8@38C4D8.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@2C8@38C4E8.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@8FC@38C478.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@8FC@38C488.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@8FC@38C4C8.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@8FC@38C4D8.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@8FC@38C4E8.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@A14@38C478.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@A14@38C488.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@A14@38C4C8.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@A14@38C4D8.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@A14@38C4E8.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C478.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C488.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C498.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C4A8.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C4B8.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C4C8.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C4D8.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C4E8.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@FA0@38C478.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@FA0@38C488.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@FA0@38C4C8.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@FA0@38C4D8.### <br/>c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@FA0@38C4E8.### <br/>c:\documents and settings\Administrator\WINDOWS <br/>c:\documents and settings\All Users\Application Data\TEMP <br/>c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe <br/>C:\install.exe <br/>c:\program files\avg_free_stf_en_8_173a1373.exe <br/>c:\windows\system32\Cache <br/>c:\windows\system32\Cache\272512937d9e61a4.fb <br/>c:\windows\system32\Cache\287204568329e189.fb <br/>c:\windows\system32\Cache\28bc8f716fd76a47.fb <br/>c:\windows\system32\Cache\2c53092c95605355.fb <br/>c:\windows\system32\Cache\31a0997e9a5b5eb3.fb <br/>c:\windows\system32\Cache\32bd535f5cd7e5ee.fb <br/>c:\windows\system32\Cache\32c84fe32bb74d60.fb <br/>c:\windows\system32\Cache\362e8a6ae1684106.fb <br/>c:\windows\system32\Cache\3917078cb68ec657.fb <br/>c:\windows\system32\Cache\590ba23ce359fd0c.fb <br/>c:\windows\system32\Cache\600a6ffa37fe392a.fb <br/>c:\windows\system32\Cache\610289e025a3ee9a.fb <br/>c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb <br/>c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb <br/>c:\windows\system32\Cache\6d03dad1035885d3.fb <br/>c:\windows\system32\Cache\7aa9c138719c9000.fb <br/>c:\windows\system32\Cache\a8556537add6dfc5.fb <br/>c:\windows\system32\Cache\ad10a52aff5e038d.fb <br/>c:\windows\system32\Cache\c1fa887b03019701.fb <br/>c:\windows\system32\Cache\c4d28dca2e7648be.fb <br/>c:\windows\system32\Cache\cc8f2f2a26cebd47.fb <br/>c:\windows\system32\Cache\d201ef9910cd39de.fb <br/>c:\windows\system32\Cache\d2e94710a5708128.fb <br/>c:\windows\system32\Cache\d79b9dfe81484ec4.fb <br/>c:\windows\system32\Cache\dac6a74f54021d1d.fb <br/>c:\windows\system32\Cache\e0de16f883bea794.fb <br/>c:\windows\system32\Cache\f998975c9cc711ee.fb <br/>c:\windows\system32\URTTemp <br/>c:\windows\system32\URTTemp\fusion.dll <br/>c:\windows\system32\URTTemp\mscoree.dll <br/>c:\windows\system32\URTTemp\mscoree.dll.local <br/>c:\windows\system32\URTTemp\mscorsn.dll <br/>c:\windows\system32\URTTemp\mscorwks.dll <br/>c:\windows\system32\URTTemp\msvcr71.dll <br/>c:\windows\system32\URTTemp\regtlib.exe <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2012-11-12 13:55 . 2012-11-12 13:55 -------- d-----w- C:\_OTL <br/>2012-11-10 17:21 . 2012-11-10 17:21 -------- d-----w- c:\program files\Common Files\Java <br/>2012-11-10 17:21 . 2012-11-10 17:21 143872 ----a-w- c:\windows\system32\javacpl.cpl <br/>2012-11-10 17:21 . 2012-11-10 17:21 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll <br/>2012-11-10 12:27 . 2012-11-10 12:27 -------- d-----w- c:\program files\CCleaner <br/>2012-11-10 12:12 . 2012-11-10 17:23 -------- d-----w- c:\program files\trend micro <br/>2012-11-10 12:12 . 2012-11-10 12:12 -------- d-----w- C:\rsit <br/>2012-11-10 11:44 . 2012-11-12 13:59 -------- d-----w- c:\program files\Steam <br/>2012-11-09 23:27 . 2012-11-09 23:27 -------- d-----w- c:\program files\Common Files\Steam <br/>2012-11-07 19:09 . 2012-11-07 19:09 -------- d-----w- c:\program files\iPod <br/>2012-11-07 19:08 . 2012-11-07 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 <br/>2012-11-07 19:06 . 2012-11-07 19:06 -------- d-----w- c:\program files\Apple Software Update <br/>2012-11-07 19:04 . 2012-11-07 19:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer <br/>2012-11-03 18:12 . 2012-11-03 18:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun <br/>2012-11-03 18:09 . 2012-11-10 17:21 746984 ----a-w- c:\windows\system32\deployJava1.dll <br/>2012-11-03 18:09 . 2012-11-10 17:21 821736 ----a-w- c:\windows\system32\npDeployJava1.dll <br/>2012-10-22 14:02 . 2012-10-22 14:02 -------- d-----w- c:\program files\BT Broadband Desktop Help <br/>2012-10-22 14:01 . 2012-10-22 14:01 -------- d-----w- c:\program files\Citrix <br/>2012-10-22 14:01 . 2012-10-22 14:01 -------- d-----w- c:\program files\BTHomeHub <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2012-11-09 09:59 . 2012-09-04 15:37 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys <br/>2012-09-29 19:54 . 2008-12-14 13:22 22856 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2012-08-21 13:01 . 2009-10-15 02:59 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys <br/>2012-08-21 13:01 . 2009-10-15 02:59 106928 ----a-w- c:\windows\system32\GEARAspi.dll <br/>2008-11-26 23:16 . 2008-11-26 23:15 7332072 -c--a-w- c:\program files\Firefox Setup 3.0.4.exe <br/>2012-10-27 15:45 . 2012-10-27 15:45 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] <br/>2012-11-09 09:59 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <br/>"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] <br/>[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] <br/>[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] <br/>"Octoshape Streaming Services"="c:\documents and settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488] <br/>"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] <br/>"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688] <br/>"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856] <br/>"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448] <br/>"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-08 543232] <br/>"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536] <br/>"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] <br/>"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696] <br/>"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152] <br/>"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] <br/>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] <br/>"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-09 997320] <br/>"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-25 928096] <br/>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464] <br/>"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352] <br/>"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112] <br/>"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048] <br/>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] <br/>. <br/>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2007-12-01 15360] <br/>. <br/>c:\documents and settings\All Users\Start Menu\Programs\Startup\ <br/>Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] <br/>Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] <br/>2012-10-22 14:01 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll <br/>. <br/>[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk] <br/>path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk <br/>backup=c:\windows\pss\BT Broadband Desktop Help.lnkCommon Startup <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] <br/>2012-08-27 21:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp] <br/>2011-05-26 15:04 1590144 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtcMouseMaestro] <br/>2005-11-09 09:18 286720 ------w- c:\program files\MMaestro\Kmaestro.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] <br/>2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] <br/>2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] <br/>2009-01-07 19:46 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] <br/>2012-09-09 23:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] <br/>2006-02-06 18:52 462935 ----a-w- c:\progra~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] <br/>2007-12-01 00:26 1695232 ------w- c:\program files\Messenger\msmsgs.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV] <br/>2010-10-11 21:45 2839848 ----a-w- c:\program files\RayV\RayV\RayV.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] <br/>2008-03-20 20:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] <br/>2011-10-13 09:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] <br/>2012-05-16 10:42 932528 ----a-w- c:\documents and settings\Administrator\Application Data\Spotify\Data\SpotifyWebHelper.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] <br/>2012-11-10 11:44 1353080 ----a-w- c:\program files\Steam\Steam.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] <br/>2005-08-31 17:11 2478080 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\ypager.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] <br/>"PnkBstrA"=2 (0x2) <br/>"vToolbarUpdater13.2.0"=2 (0x2) <br/>"iPod Service"=3 (0x3) <br/>"Bonjour Service"=2 (0x2) <br/>"AVG Security Toolbar Service"=3 (0x3) <br/>. <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] <br/>"EnableFirewall"= 0 (0x0) <br/>. <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\WINDOWS\\SMINST\\Scheduler.exe"= <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"= <br/>"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= <br/>"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"= <br/>"c:\\Program Files\\Ventrilo\\Ventrilo.exe"= <br/>"c:\\WINDOWS\\system32\\PnkBstrA.exe"= <br/>"c:\\WINDOWS\\system32\\PnkBstrB.exe"= <br/>"c:\\Program Files\\Mozilla Firefox\\firefox.exe"= <br/>"c:\\Program Files\\LimeWire\\LimeWire.exe"= <br/>"c:\\Program Files\\Messenger\\msmsgs.exe"= <br/>"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= <br/>"c:\\Documents and Settings\\Administrator\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"= <br/>"c:\\WINDOWS\\system32\\dpvsetup.exe"= <br/>"c:\\Program Files\\uTorrent\\uTorrent.exe"= <br/>"c:\\Program Files\\RayV\\RayV\\RayV.exe"= <br/>"c:\\Program Files\\RayV\\RayV\\RayV.dll"= <br/>"c:\\Program Files\\GRETECH\\GomTVStreamer\\GomTVStreamerLive.exe"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= <br/>"c:\\UDK\\Fps Terminator\\Binaries\\Win32\\UDK.exe"= <br/>"c:\\Program Files\\mIRC\\mirc.exe"= <br/>"c:\\Program Files\\Skype\\Phone\\Skype.exe"= <br/>"c:\\Documents and Settings\\Administrator\\Application Data\\Spotify\\spotify.exe"= <br/>"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= <br/>"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= <br/>"c:\\Program Files\\iTunes\\iTunes.exe"= <br/>"c:\\Program Files\\Steam\\Steam.exe"= <br/>. <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] <br/>"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 <br/>"8370:TCP"= 8370:TCP:League of Legends Launcher <br/>"8370:UDP"= 8370:UDP:League of Legends Launcher <br/>"8372:TCP"= 8372:TCP:League of Legends Launcher <br/>"8372:UDP"= 8372:UDP:League of Legends Launcher <br/>"43795:TCP"= 43795:TCP:utorrent <br/>"20919:TCP"= 20919:TCP:BitComet 20919 TCP <br/>"20919:UDP"= 20919:UDP:BitComet 20919 UDP <br/>"25565:TCP"= 25565:TCP:Minecraft Multiplayer <br/>"27015:TCP"= 27015:TCP:Steam <br/>"27014:TCP"= 27014:TCP:Steam Client <br/>. <br/>R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/17/2012 5:24 PM 207792] <br/>R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/9/2010 6:14 PM 697328] <br/>R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/4/2012 3:37 PM 26984] <br/>R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2/24/2010 4:27 PM 33856] <br/>R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [11/26/2008 1:47 AM 576024] <br/>R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [11/26/2008 1:45 AM 156160] <br/>S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] <br/>S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?] <br/>S4 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/9/2012 10:00 AM 711112] <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>. <br/>2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-20 14:46] <br/>. <br/>2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-20 14:46] <br/>. <br/>2012-11-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1276635300-2826307005-1031441524-500.job <br/>- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25] <br/>. <br/>2012-10-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1276635300-2826307005-1031441524-500.job <br/>- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop <br/>mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop <br/>uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop <br/>uInternet Settings,ProxyOverride = *.local <br/>uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ <br/>IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-GB\local\search.html <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>TCP: DhcpNameServer = 192.168.1.254 <br/>Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll <br/>DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab <br/>FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\ <br/>FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2447621&SearchSource=3&q={searchTerms} <br/>FF - prefs.js: browser.search.selectedEngine - 2Shared Customized Web Search <br/>FF - prefs.js: browser.startup.homepage - bbc.co.uk <br/>FF - prefs.js: network.proxy.http - 127.0.0.1 <br/>FF - prefs.js: network.proxy.http_port - 50370 <br/>FF - prefs.js: network.proxy.type - 4 <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/>. <br/>BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) <br/>WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) <br/>WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) <br/>HKCU-Run-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe <br/>HKLM-Run-amd_dc_opt - c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe <br/>HKLM-Run-ISTray - c:\knowhow\sdscanner\pctsTray.exe <br/>Notify-avgrsstarter - (no file) <br/>MSConfigStartUp-igndlm - c:\program files\Download Manager\DLM.exe <br/>MSConfigStartUp-OpwareSE4 - c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe <br/>AddRemove-BattlEye A2 Free - c:\program files\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exe <br/>AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe <br/>AddRemove-Veoh Web Player Beta - c:\program files\Veoh Networks\VeohWebPlayer\uninst.exe <br/>AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe <br/>AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe <br/>. <br/>. <br/>. <br/>************************************************************************** <br/>. <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2012-11-12 15:10 <br/>Windows 5.1.2600 Service Pack 3, v.3264 NTFS <br/>. <br/>scanning hidden processes ... <br/>. <br/>scanning hidden autostart entries ... <br/>. <br/>scanning hidden files ... <br/>. <br/>scan completed successfully <br/>hidden files: 0 <br/>. <br/>************************************************************************** <br/>. <br/>[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pdfcDispatcher] <br/>"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_USERS\S-1-5-21-1276635300-2826307005-1031441524-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] <br/>"??"=hex:0b,82,b2,24,76,08,6c,c5,ee,ae,80,07,3a,94,e7,8a,5f,33,cf,19,da,18,00, <br/> 42,c1,93,b4,ec,1d,2c,61,a4,56,54,17,d2,2c,4d,f6,b1,0e,79,99,f3,1d,df,aa,dc,\ <br/>"??"=hex:22,11,6d,13,5d,78,2e,2a,4f,3f,43,f1,2a,61,06,69 <br/>. <br/>[HKEY_USERS\S-1-5-21-1276635300-2826307005-1031441524-500\Software\SecuROM\License information*] <br/>"datasecu"=hex:fa,bb,23,6e,34,e5,84,bb,ab,2b,bf,d0,5f,b9,a2,6d,18,ed,26,81,c5, <br/> 47,f9,15,a8,74,5d,69,7e,c3,21,c5,f0,b9,f0,b4,5a,3e,e1,9a,b9,23,79,4c,df,44,\ <br/>"rkeysecu"=hex:ec,12,aa,77,44,6f,a9,79,7e,41,f0,aa,1d,11,ba,e7 <br/>. <br/>--------------------- DLLs Loaded Under Running Processes --------------------- <br/>. <br/>- - - - - - - > 'winlogon.exe'(772) <br/>c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll <br/>. <br/>Completion time: 2012-11-12 15:12:51 <br/>ComboFix-quarantined-files.txt 2012-11-12 15:12 <br/>ComboFix2.txt 2008-12-15 15:52 <br/>ComboFix3.txt 2008-12-14 13:48 <br/>. <br/>Pre-Run: 54,985,019,392 bytes free <br/>Post-Run: 54,920,589,312 bytes free <br/>. <br/>- - End Of File - - 6A1C6464A86DAAAF8336E6FAD855602F
Posted 11/12/2012 3:55 PM
#94680
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Looks clean to me, please tell how things are running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/12/2012 4:19 PM
#94681
User avatar

Cool Trojan Bro Member

Date Joined Nov 2016
Total Posts: 4
Steam is now open and everything's running fine now. <br/> <br/>Also I'm glad I've found these programs that can help uncluttered your system. <br/> <br/>Thank you for the help with all of that Touch :smile:
Posted 11/13/2012 7:46 AM
#94683
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
My pleasure :smile: <br/> <br/> <br/> <br/>Start OTL <br/>Click on the CleanUp! button. <br/> <br/>You'll be asked if you want to Begin cleanup process? Select Yes. <br/>This step removes the files, folders, and shortcuts created by the tools I had you download and run. <br/> <br/>When done, you will be prompted to restart your computer. Please restart your computer. <br/> <br/> <br/> <br/> <br/>I´ll lock this topic...........

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, December 9, 2016, 2:33 PM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,969 registered members. Please welcome our newest member, Heisenberg.
There are currently no users on-line.