PC wireless connectivity post malware

[plumtast]

Using PC running XP SP3 with Thomson router wirless and had malware infection (related to live security platinum - forget exact name) while using Firefox. MS security essentials was already installed but not sure whether working properly. Previously had AVG and have since reinstalled it post-malware but showing driver problem. Malwarebytes and anvi smart defender have since been used to try to remove malware and seemed to have worked to some extent because PC no longer locked with ransom screen asking you to pay for the rogue security software. However, the most recent problem is inability to connect to our home wireless network. When trying 'repair', it tries to renew IP address but gets stuck and when ask for details, get error message about IP address, subnet mask, and default gateway (and in fact today, it's not even showing the wireless connections in range - i.e. no list - and just says cannot configure connection). I did an ipconfg command prompt and got the following info:

Windows IP Configuration Host Name . . . . . . . . . . . . : mesh Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : NVIDIA nForce Networking Controller Physical Address. . . . . . . . . : 00-17-31-2F-AB-F7Ethernet adapter Local Area Connection 3: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Bluetooth PAN Network Adapter Physical Address. . . . . . . . . : 00-03-0D-00-00-01Ethernet adapter Wireless Network Connection 12: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : ADD-GWP110v4 PCI Wireless LAN Card Physical Address. . . . . . . . . : 00-A1-B0-25-29-C4 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 0.0.0.0 Subnet Mask . . . . . . . . . . . : 0.0.0.0 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 255.255.255.255

Any help much appreciated

 

[KenB]

Hi and welcome to FpcH

Did you have help to get rid of the malware or did you just rely on MBAM and your AV ?
=============
Please try an ethernet cable direct to the router and let me know if you can access the net this way

=============

Please click on the orange Network Test in my signature ( bottom of this post )
You will need to save it to a memory stick (or run it from the wired connection) and run the software from there.
Copy and post the result here please.

 

[plumtast]

Hi and welcome to FpcH

Did you have help to get rid of the malware or did you just rely on MBAM and your AV ?
=============
No help, just those. Not sure it's gone - how can I test?


Please try an ethernet cable direct to the router and let me know if you can access the net this way

=============
Yes that works

Please click on the orange Network Test in my signature ( bottom of this post )
You will need to save it to a memory stick (or run it from the wired connection) and run the software from there.
Copy and post the result here please.

===============
I've run this - I'll PM results to you.

 

[KenB]

Post them here - there is nothing personal

I will ask one of our security guys to advise you further if necessary regarding the malware issue.

 

[plumtast]

Ok - my name was on one of the files but I've asterisked that.




Windows IP Configuration






Host Name . . . . . . . . . . . . : mesh


Primary Dns Suffix . . . . . . . :


Node Type . . . . . . . . . . . . : Unknown


IP Routing Enabled. . . . . . . . : No


WINS Proxy Enabled. . . . . . . . : No


DNS Suffix Search List. . . . . . : lan






Ethernet adapter Local Area Connection:






Connection-specific DNS Suffix . : lan


Description . . . . . . . . . . . : NVIDIA nForce Networking Controller


Physical Address. . . . . . . . . : 00-17-31-2F-AB-F7


Dhcp Enabled. . . . . . . . . . . : Yes


Autoconfiguration Enabled . . . . : Yes


IP Address. . . . . . . . . . . . : 192.168.1.64


Subnet Mask . . . . . . . . . . . : 255.255.255.0


Default Gateway . . . . . . . . . : 192.168.1.254


DHCP Server . . . . . . . . . . . : 192.168.1.254


DNS Servers . . . . . . . . . . . : 192.168.1.254


Lease Obtained. . . . . . . . . . : 29 October 2012 17:09:01


Lease Expires . . . . . . . . . . : 30 October 2012 17:09:01






Ethernet adapter Wireless Network Connection 13:






Connection-specific DNS Suffix . :


Description . . . . . . . . . . . : ADD-GWP110v4 PCI Wireless LAN Card


Physical Address. . . . . . . . . : 00-A1-B0-25-29-C4


Dhcp Enabled. . . . . . . . . . . : Yes


Autoconfiguration Enabled . . . . : Yes


Autoconfiguration IP Address. . . : 169.254.118.97


Subnet Mask . . . . . . . . . . . : 255.255.0.0


Default Gateway . . . . . . . . . :






Ethernet adapter Local Area Connection 3:






Media State . . . . . . . . . . . : Media disconnected


Description . . . . . . . . . . . : Bluetooth PAN Network Adapter


Physical Address. . . . . . . . . : 00-03-0D-00-00-01






Pinging 194.119.131.66 with 32 bytes of data:






Reply from 194.119.131.66: bytes=32 time=18ms TTL=55


Reply from 194.119.131.66: bytes=32 time=18ms TTL=55


Reply from 194.119.131.66: bytes=32 time=17ms TTL=55


Reply from 194.119.131.66: bytes=32 time=18ms TTL=55






Ping statistics for 194.119.131.66:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),


Approximate round trip times in milli-seconds:


Minimum = 17ms, Maximum = 18ms, Average = 17ms






Pinging plus.net [212.159.8.2] with 32 bytes of data:






Reply from 212.159.8.2: bytes=32 time=28ms TTL=248


Reply from 212.159.8.2: bytes=32 time=28ms TTL=248


Reply from 212.159.8.2: bytes=32 time=28ms TTL=248


Reply from 212.159.8.2: bytes=32 time=27ms TTL=248






Ping statistics for 212.159.8.2:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),


Approximate round trip times in milli-seconds:


Minimum = 27ms, Maximum = 28ms, Average = 27ms






Tracing route to cns1.uk.vianw.net [194.119.131.66]


over a maximum of 30 hops:






1 6 ms 99 ms 99 ms dsldevice.lan [192.168.1.254]


2 18 ms 23 ms 19 ms lo0-central10.ptw-ag03.plus.net [195.166.128.197]


3 20 ms 33 ms 19 ms link9-central10.ptw-gw01.plus.net [84.93.248.80]


4 64 ms 19 ms 19 ms xe-7-2-0.ptw-cr01.plus.net [212.159.1.20]


5 19 ms 18 ms 19 ms g1-1-1-t40-br3.router.uk.clara.net [195.66.224.66]


6 19 ms 19 ms 20 ms ten1-0-0-t40-cr1.router.uk.clara.net [195.8.68.85]


7 111 ms 55 ms 55 ms ten2-0-0-t6-cr2.router.uk.clara.net [195.8.68.118]


8 20 ms 19 ms 19 ms g6-1-t6-ar12.router.uk.clara.net [195.157.0.245]


9 18 ms 18 ms 18 ms cns1.uk.vianw.net [194.119.131.66]






Trace complete.


These Windows services are started:


Akamai NetSession Interface
Apple Mobile Device
Ati HotKey Poller
AVG WatchDog
BlueSoleil Hid Service
Bonjour Service
COM+ Event System
Cryptographic Services
CyberLink Background Capture Service (CBCS)
CyberLink Media Library Service
CyberLink Task Scheduler (CTS)
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Fast User Switching Compatibility
Frontier Compute Engine
Frontier Update Service
Help and Support
HTTP SSL
Indexing Service
IPSEC Services
Java Quick Starter
Network Connections
Network Location Awareness (NLA)
Plug and Play
Pml Driver HPZ12
PnkBstrA
Print Spooler
Protected Storage
Ralink Registry Writer
Remote Access Connection Manager
Remote Procedure Call (RPC)
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
SSDP Discovery Service
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
Ulead Burning Helper
Universal Plug and Play Device Host
Viewpoint Manager Service
vToolbarUpdater13.2.0
WebClient
Windows Audio
Windows Image Acquisition (WIA)
Windows Installer
Windows Management Instrumentation
Windows Media Player Network Sharing Service
Windows Time
Workstation


The command completed successfully.




Microsoft Windows XP [Version 5.1.2600]
The following command was not found: interface ipv4 show subinterfaces.
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 31 2f ab f7 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
0x3 ...00 a1 b0 25 29 c4 ...... ADD-GWP110v4 PCI Wireless LAN Card - Packet Scheduler Miniport
0x4 ...00 03 0d 00 00 01 ...... Bluetooth PAN Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.118.97 169.254.118.97 20
169.254.118.97 255.255.255.255 127.0.0.1 127.0.0.1 25
169.254.255.255 255.255.255.255 169.254.118.97 169.254.118.97 25
192.168.1.0 255.255.255.0 192.168.1.64 192.168.1.64 20
192.168.1.64 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.64 192.168.1.64 20
224.0.0.0 240.0.0.0 169.254.118.97 169.254.118.97 25
224.0.0.0 240.0.0.0 192.168.1.64 192.168.1.64 20
255.255.255.255 255.255.255.255 169.254.118.97 169.254.118.97 1
255.255.255.255 255.255.255.255 192.168.1.64 192.168.1.64 1
255.255.255.255 255.255.255.255 192.168.1.64 4 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None

Local Area Connection:
Node IpAddress: [192.168.1.64] Scope Id: []






No Connections



Wireless Network Connection 13:
Node IpAddress: [169.254.118.97] Scope Id: []






No Connections



Local Area Connection 3:
Node IpAddress: [0.0.0.0] Scope Id: []






No Connections




! REG.EXE VERSION 3.0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PCMService REG_SZ "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
{1290A33C-85F5-4164-A1BE-7DD299D4986A} REG_SZ "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
Ptipbmf REG_SZ rundll32.exe ptipbmf.dll,SetWriteCacheMode
SoundMan REG_SZ SOUNDMAN.EXE
ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
TkBellExe REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
boincmgr REG_SZ "C:\Program Files\BOINC\boincmgr.exe" /a /s
boinctray REG_SZ "C:\Program Files\BOINC\boinctray.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
KeePass 2 PreLoad REG_SZ "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
My Web Search Bar Search Scope Monitor REG_SZ "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
DivXUpdate REG_SZ "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
<NO NAME> REG_SZ
ApnUpdater REG_SZ "C:\Program Files\Ask.com\Updater\Updater.exe"
MSC REG_SZ "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Regedit32 REG_SZ C:\WINDOWS\system32\regedit.exe
Anvi Smart Defender REG_SZ C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
AVG_UI REG_SZ "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
vProt REG_SZ "C:\Program Files\AVG Secure Search\vprot.exe"
ROC_roc_ssl_v12 REG_SZ "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe"


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents


! REG.EXE VERSION 3.0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce


! REG.EXE VERSION 3.0


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
Power2GoExpress REG_SZ
BullGuard REG_SZ "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
MyWebSearch Email Plugin REG_SZ C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
Akamai NetSession Interface REG_SZ "C:\Documents and Settings\**********\Local Settings\Application Data\Akamai\netsession_win.exe"


! REG.EXE VERSION 3.0


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce


Microsoft Windows XP [Version 5.1.2600]

 

[KenB]

Hi

This was done with the wired connection by the looks of it.

What does this look like if you do it wireless ( no wired connection ) Clicl on Wireless Test below.

 

[KenB]

Hi
I have deleted the latest log that you posted as it was exactly the same as the first.
I should have asked you to download the Wireless Test whilst connected with the cable then disconnect the cable and run the test software.

I want to compare the two.

===============

Also .....start > type in .....devmgmt.msc .....Enter
Click the + next to Network Adapters.

Please post what is listed.

Are there any yellow exclamation marks or red Xs ?

===============

If this is a laptop - is the wireless switch in the ON position ?

 

[plumtast]

Hi
I have deleted the latest log that you posted as it was exactly the same as the first.
I should have asked you to download the Wireless Test whilst connected with the cable then disconnect the cable and run the test software.

I want to compare the two.

===============

Also .....start > type in .....devmgmt.msc .....Enter
Click the + next to Network Adapters.

Please post what is listed.

Are there any yellow exclamation marks or red Xs ?

===============

If this is a laptop - is the wireless switch in the ON position ?

=======================

Not a laptop - PC
===========

Yellow exclamation mark next to: virtualbox bridged networking driver miniport #10


There are others in list if needed but no marks against them.




=================

Report as follows (though seemed to stall at one point - didn't automatically produce results though when exiting prompt it produced them!):

Windows IP Configuration






Host Name . . . . . . . . . . . . : mesh


Primary Dns Suffix . . . . . . . :


Node Type . . . . . . . . . . . . : Unknown


IP Routing Enabled. . . . . . . . : No


WINS Proxy Enabled. . . . . . . . : No






Ethernet adapter Local Area Connection:






Media State . . . . . . . . . . . : Media disconnected


Description . . . . . . . . . . . : NVIDIA nForce Networking Controller


Physical Address. . . . . . . . . : 00-17-31-2F-AB-F7






Ethernet adapter Wireless Network Connection 13:






Connection-specific DNS Suffix . :


Description . . . . . . . . . . . : ADD-GWP110v4 PCI Wireless LAN Card


Physical Address. . . . . . . . . : 00-A1-B0-25-29-C4


Dhcp Enabled. . . . . . . . . . . : Yes


Autoconfiguration Enabled . . . . : Yes


Autoconfiguration IP Address. . . : 169.254.118.97


Subnet Mask . . . . . . . . . . . : 255.255.0.0


Default Gateway . . . . . . . . . : 169.254.118.97






Ethernet adapter Local Area Connection 3:






Media State . . . . . . . . . . . : Media disconnected


Description . . . . . . . . . . . : Bluetooth PAN Network Adapter


Physical Address. . . . . . . . . : 00-03-0D-00-00-01


The following command was not found: wlan show networks mode=bssid.
The following command was not found: wlan show profile.




Pinging 194.119.131.66 with 32 bytes of data:






Request timed out.


Request timed out.


Request timed out.


Request timed out.






Ping statistics for 194.119.131.66:


Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


Ping request could not find host plus.net. Please check the name and try again.






Tracing route to 194.119.131.66 over a maximum of 30 hops






1 * * * Request timed out.


2 * * * Request timed out.


3 * * * Request timed out.


4 * * * Request timed out.


5 * * * Request timed out.


6 * * * Request timed out.


7 * * * Request timed out.


8 * * * Request timed out.


9 * * * Request timed out.


10 * * * Request timed out.


11 * * * Request timed out.


12 * * * Request timed out.


13 These Windows services are started:


Akamai NetSession Interface
Apple Mobile Device
Ati HotKey Poller
AVG WatchDog
BlueSoleil Hid Service
Bonjour Service
COM+ Event System
Cryptographic Services
CyberLink Background Capture Service (CBCS)
CyberLink Media Library Service
CyberLink Task Scheduler (CTS)
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Fast User Switching Compatibility
Frontier Compute Engine
Frontier Update Service
Help and Support
HTTP SSL
Indexing Service
IPSEC Services
Java Quick Starter
Network Connections
Network Location Awareness (NLA)
Plug and Play
Pml Driver HPZ12
PnkBstrA
Print Spooler
Protected Storage
Ralink Registry Writer
Remote Access Connection Manager
Remote Procedure Call (RPC)
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
SSDP Discovery Service
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
Ulead Burning Helper
Universal Plug and Play Device Host
Viewpoint Manager Service
vToolbarUpdater13.2.0
WebClient
Windows Audio
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Media Player Network Sharing Service
Windows Time
Workstation


The command completed successfully.




Microsoft Windows XP [Version 5.1.2600]
The following command was not found: interface ipv4 show subinterfaces.
The following command was not found: int tcp show globa.
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 31 2f ab f7 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
0x3 ...00 a1 b0 25 29 c4 ...... ADD-GWP110v4 PCI Wireless LAN Card - Packet Scheduler Miniport
0x4 ...00 03 0d 00 00 01 ...... Bluetooth PAN Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 169.254.118.97 169.254.118.97 399
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.118.97 169.254.118.97 20
169.254.118.97 255.255.255.255 127.0.0.1 127.0.0.1 25
169.254.255.255 255.255.255.255 169.254.118.97 169.254.118.97 25
224.0.0.0 240.0.0.0 169.254.118.97 169.254.118.97 25
255.255.255.255 255.255.255.255 169.254.118.97 4 1
255.255.255.255 255.255.255.255 169.254.118.97 2 1
255.255.255.255 255.255.255.255 169.254.118.97 169.254.118.97 1
Default Gateway: 169.254.118.97
===========================================================================
Persistent Routes:
None

Local Area Connection:
Node IpAddress: [0.0.0.0] Scope Id: []






No Connections



Wireless Network Connection 13:
Node IpAddress: [169.254.118.97] Scope Id: []






No Connections



Local Area Connection 3:
Node IpAddress: [0.0.0.0] Scope Id: []






No Connections


Server: UnKnown
Address: 127.0.0.1




! REG.EXE VERSION 3.0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PCMService REG_SZ "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
{1290A33C-85F5-4164-A1BE-7DD299D4986A} REG_SZ "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
Ptipbmf REG_SZ rundll32.exe ptipbmf.dll,SetWriteCacheMode
SoundMan REG_SZ SOUNDMAN.EXE
ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
TkBellExe REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
boincmgr REG_SZ "C:\Program Files\BOINC\boincmgr.exe" /a /s
boinctray REG_SZ "C:\Program Files\BOINC\boinctray.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
KeePass 2 PreLoad REG_SZ "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
My Web Search Bar Search Scope Monitor REG_SZ "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
DivXUpdate REG_SZ "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
<NO NAME> REG_SZ
ApnUpdater REG_SZ "C:\Program Files\Ask.com\Updater\Updater.exe"
MSC REG_SZ "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Regedit32 REG_SZ C:\WINDOWS\system32\regedit.exe
Anvi Smart Defender REG_SZ C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
AVG_UI REG_SZ "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
vProt REG_SZ "C:\Program Files\AVG Secure Search\vprot.exe"
ROC_roc_ssl_v12 REG_SZ "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe"


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents


! REG.EXE VERSION 3.0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce


! REG.EXE VERSION 3.0


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
Power2GoExpress REG_SZ
BullGuard REG_SZ "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
MyWebSearch Email Plugin REG_SZ C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
Akamai NetSession Interface REG_SZ "C:\Documents and Settings\***********\Local Settings\Application Data\Akamai\netsession_win.exe"


! REG.EXE VERSION 3.0


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

 

[Starbuck]

Hi plumtast

Let's make sure that the malware has been removed.
Please follow these 3 steps for now.

Step 1
Download RogueKiller and save it to your desktop.

• Close all the running processes
• Double click RogueKiller icon to run the program
  Vista/Win7 users should right click the icon and select Run as Administrator.
• When prompted, type 1 (SCAN) and then press Enter
• A report will open, please copy and paste this report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.


Step 2
Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Search.
• A logfile will automatically open after the scan has finished.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[R1].txt as well.

Step 3
Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Please post the 3 reports in your next reply.

Thanks

 

[plumtast]

Hi plumtast

Let's make sure that the malware has been removed.
Please follow these 3 steps for now.

Step 1
Download RogueKiller and save it to your desktop.

• Close all the running processes
• Double click RogueKiller icon to run the program
  Vista/Win7 users should right click the icon and select Run as Administrator.
• When prompted, type 1 (SCAN) and then press Enter
• A report will open, please copy and paste this report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.


Step 2
Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Search.
• A logfile will automatically open after the scan has finished.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[R1].txt as well.

Step 3
Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Please post the 3 reports in your next reply.

Thanks

Rogue Killer


RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com


Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User :[Admin rights]
Mode : Scan -- Date : 10/29/2012 21:44:59


¤¤¤ Bad processes : 4 ¤¤¤
[SUSP PATH] wcg_faah_autodock_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_6.40_windows_intelx86 -> KILLED [TermProc]
[SUSP PATH] wcg_hpf2_rosetta_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86 -> KILLED [TermProc]
[RESIDUE] wcg_faah_autodock_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_6.40_windows_intelx86 -> KILLED [TermProc]
[RESIDUE] wcg_hpf2_rosetta_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86 -> KILLED [TermProc]


¤¤¤ Registry Entries : 7 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
[TASK][SUSP PATH] {35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job : C:\WINDOWS\Ssudea.exe -> FOUND
[TASK][SUSP PATH] {22116563-108C-42c0-A7CE-60161B75E508}.job : C:\DOCUME~1\visitor\LOCALS~1\Temp\Sbx.exe -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND


¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\WINDOWS\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\WINDOWS\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\L --> FOUND


¤¤¤ Driver : [NOT LOADED] ¤¤¤


¤¤¤ Infection : ZeroAccess ¤¤¤


¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts


127.0.0.1 localhost




¤¤¤ MBR Check: ¤¤¤


+++++ PhysicalDrive0: Maxtor 6V250F0 +++++
--- User ---
[MBR] 4d9f567356a1513974290e6595d0a1a0
[BSP] d119ba93793e2a02163436fbf2281b49 : Windows Vista/7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 4502 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 9221310 | Size: 234864 Mo
User = LL1 ... OK!
User = LL2 ... OK!


Finished : << RKreport[1].txt >>
RKreport[1].txt









=======================================================


Adwcleaner:

# AdwCleaner v2.005 - Logfile created 10/29/2012 at 21:47:08
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : - MESH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\\My Documents\Downloads\AdwCleaner.exe
# Option [Search]




***** [Services] *****


Found : MyWebSearchService
Found : Viewpoint Manager Service


***** [Files / Folders] *****


File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\WINDOWS\system32\conduitEngine.tmp
File Found : C:\WINDOWS\system32\f3PSSavr.scr
File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\\Application Data\PriceGong
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\APN
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Softonic-Eng7
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\\Application Data\PriceGong
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\ConduitEngine
Folder Found : C:\Documents and Settingsz\\Local Settings\Application Data\Softonic-Eng7
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\\My Documents\I Want This
Folder Found : C:\Documents and Settings\dfgs\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\dfgs\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\dfgs\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\dfgs\Local Settings\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\visitor\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\visitor\Application Data\Mozilla\Firefox\Profiles\psfyj4ez.default\Conduit
Folder Found : C:\Documents and Settings\visitor\Application Data\Mozilla\Firefox\Profiles\psfyj4ez.default\ConduitEngine
Folder Found : C:\Documents and Settings\visitor\Application Data\PriceGong
Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\ConduitEngine
Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\Softonic-Eng7
Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\Viewpoint
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\Viewpoint
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\FunWebProducts
Folder Found : C:\Program Files\MyWebSearch
Folder Found : C:\Program Files\Softonic-Eng7
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}


***** [Registry] *****


Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\Fun Web Products
Key Found : HKCU\Software\FunWebProducts
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\VWPT
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\MyWebSearch
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\Softonic-Eng7
Key Found : HKCU\Software\Viewpoint
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0E2C3126-DDED-4A58-800E-9AEDE84EA31E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD701DC7-7CEB-462E-B66E-935C7F50E57D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Found : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin
Key Found : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller
Key Found : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\FocusInteractive
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Fun Web Products
Key Found : HKLM\Software\FunWebProducts
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{180F80D4-6370-467D-8C82-E03E8746E177}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27E8D778-A556-472E-92E8-43689D58DC15}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Found : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Found : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
Key Found : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic-Eng7 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Manager
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AD701DC7-7CEB-462E-B66E-935C7F50E57D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic-Eng7 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\MyWebSearch
Key Found : HKLM\Software\Softonic-Eng7
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Found : HKU\S-1-5-21-1646635644-807565481-2889989635-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-1646635644-807565481-2889989635-1006\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Found : HKU\S-1-5-21-1646635644-807565481-2889989635-1006\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00A6FAF6-072E-44CF-8957-5838F569A31D}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F8AD5AA5-D966-4667-9DAF-2561D68B2012}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [My Web Search Bar Search Scope Monitor]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]


***** [Internet Browsers] *****


-\\ Internet Explorer v8.0.6001.18702


[OK] Registry is clean.


-\\ Mozilla Firefox v16.0.1 (en-US)


Profile name : default
File : C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\lr2j7lup.default\prefs.js


Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("keyword.URL", "https://isearch.avg.com/search?cid={BF834818-53B8-4657-A041-7D8DCFD5FF69}&[...]


Profile name : default
File : C:\Documents and Settings\visitor\Application Data\Mozilla\Firefox\Profiles\psfyj4ez.default\prefs.js


Found : user_pref("extensions.skipscreen.hostMatchStr", "http://www.shared.com/(get|audio|file|document|dir[...]


Profile name : default
File : C:\Documents and Settings\dfgs\Application Data\Mozilla\Firefox\Profiles\nr1xmfqf.default\prefs.js


Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Found : user_pref("keyword.URL", "https://isearch.avg.com/search?cid={BF834818-53B8-4657-A041-7D8DCFD5FF69}&[...]


-\\ Google Chrome v [Unable to get version]


File : C:\Documents and Settings\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences


[OK] File is clean.


File : C:\Documents and Settings\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences


Found [l.73] : icon_url = "https://isearch.avg.com/favicon.ico",
Found [l.76] : keyword = "isearch.avg.com",
Found [l.79] : search_url = "https://isearch.avg.com/search?cid={BF834818-53B8-4657-A041-7D8DCFD5FF69}&mid=f08d936c0f5547d0a362d15e77cb4204-77589c755422fbd30a9c627f198d6086968e183c&lang=en&ds=AVG&pr=fr&d=2012-10-18 19:15:41&v=13.2.0.1&sap=dsp&q={searchTerms}",


File : C:\Documents and Settings\DLocal Settings\Application Data\Google\Chrome\User Data\Default\Preferences


/!\ Cannot open file /!\






===================================================

Farbar


Farbar Service Scanner Version: 27-10-2012
Ran by (administrator) on 29-10-2012 at 22:08:12
Running from "C:\Documents and Settings\\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************


Internet Services:
============


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.




Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.




Firewall Disabled Policy:
==================




System Restore:
============


System Restore Disabled Policy:
========================




Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.




Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.


BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.




Windows Autoupdate Disabled Policy:
============================




File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


Extra List:
=======
Avgtdix(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) VBoxNetFlt(8)
0x0A000000040000000100000002000000030000005A0000000900000005000000060000000700000008000000
IpSec Tag value is correct.


**** End of log ****

 

[Starbuck]

Hi plumtast

You actually had a very serious infection there.
Let's make a start with cleaning this system:

Step 1

• Close all the running processes
• Double click RogueKiller icon to run the program
  Vista/Win7 users should right click the icon and select Run as Administrator.
• When prompted, type 2 (DELETE) and then press Enter
• A report will open, please copy and paste this report in your next reply.

A copy of the RKreport.txt can be found on your desktop.


Step 2

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• You will be prompted to restart your computer. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please post the reports and then we'll take it from there.

I'll move this to the Malware Removal forum until we have finished the cleaning process.

 

[plumtast]

(step 1) Ran program- no prompt appeared, tried to delete using delete button on right hand side - something happened (green activity bar flashed), but files still there ...

 

[KenB]

I am adding this - more as a note to myself .....

The Wireless Zero Service is not running ( wireless connection will not be available without this )

Stay with starbuck and get the all clear before we continue.

 

[Starbuck]

Ran program- no prompt appeared, tried to delete using delete button on right hand side - something happened (green activity bar flashed), but files still there ...

Sorry i hadn't noticed that Tigzy had updated the interface.
There is no prompt now.... just the buttons on the right.
Did you allow a little time for everything to load?
This will show in the main window.
Once this has finished, you can click the delete button.

Did you try step 2?
It doesn't matter which order you perform the 2 steps.

 

[plumtast]

Sorry i hadn't noticed that Tigzy had updated the interface.
There is no prompt now.... just the buttons on the right.
Did you allow a little time for everything to load?
This will show in the main window.
Once this has finished, you can click the delete button.

Did you try step 2?
It doesn't matter which order you perform the 2 steps.

========================================

There are several roguekiller logs which are all quite similar but with slight differences. This one is one of the 7:

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com


Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : [Admin rights]
Mode : Scan -- Date : 10/30/2012 08:58:41


¤¤¤ Bad processes : 4 ¤¤¤
[SUSP PATH] wcg_faah_autodock_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_6.40_windows_intelx86 -> KILLED [TermProc]
[SUSP PATH] wcg_hpf2_rosetta_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86 -> KILLED [TermProc]
[RESIDUE] wcg_faah_autodock_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_6.40_windows_intelx86 -> KILLED [TermProc]
[RESIDUE] wcg_hpf2_rosetta_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86 -> KILLED [TermProc]


¤¤¤ Registry Entries : 7 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
[TASK][SUSP PATH] {35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job : C:\WINDOWS\Ssudea.exe -> FOUND
[TASK][SUSP PATH] {22116563-108C-42c0-A7CE-60161B75E508}.job : C:\DOCUME~1\visitor\LOCALS~1\Temp\Sbx.exe -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND


¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\WINDOWS\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\WINDOWS\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\L --> FOUND


==========================================


Here is the adware log:

# AdwCleaner v2.005 - Logfile created 10/29/2012 at 21:47:08
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : - MESH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\\My Documents\Downloads\AdwCleaner.exe
# Option [Search]




***** [Services] *****


Found : MyWebSearchService
Found : Viewpoint Manager Service


***** [Files / Folders] *****


File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\WINDOWS\system32\conduitEngine.tmp
File Found : C:\WINDOWS\system32\f3PSSavr.scr
File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\\Application Data\PriceGong
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\APN
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Local Settings\Application Data\Softonic-Eng7
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\\Application Data\PriceGong
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\ConduitEngine
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Softonic-Eng7
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\\Local Settings\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\\My Documents\I Want This
Folder Found : C:\Documents and Settings\dfgs\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\dfgs\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\dfgs\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\dfgs\Local Settings\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\visitor\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\visitor\Application Data\Mozilla\Firefox\Profiles\psfyj4ez.default\Conduit
Folder Found : C:\Documents and Settings\visitor\Application Data\Mozilla\Firefox\Profiles\psfyj4ez.default\ConduitEngine
Folder Found : C:\Documents and Settings\visitor\Application Data\PriceGong
Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\ConduitEngine
Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\Softonic-Eng7
Folder Found : C:\Documents and Settings\visitor\Local Settings\Application Data\Viewpoint
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\Viewpoint
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\FunWebProducts
Folder Found : C:\Program Files\MyWebSearch
Folder Found : C:\Program Files\Softonic-Eng7
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}


***** [Registry] *****


Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\Fun Web Products
Key Found : HKCU\Software\FunWebProducts
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\VWPT
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\MyWebSearch
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\Softonic-Eng7
Key Found : HKCU\Software\Viewpoint
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0E2C3126-DDED-4A58-800E-9AEDE84EA31E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD701DC7-7CEB-462E-B66E-935C7F50E57D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl
Key Found : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Found : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin
Key Found : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller
Key Found : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\FocusInteractive
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Fun Web Products
Key Found : HKLM\Software\FunWebProducts
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{180F80D4-6370-467D-8C82-E03E8746E177}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27E8D778-A556-472E-92E8-43689D58DC15}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Found : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Found : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
Key Found : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic-Eng7 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Manager
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AD701DC7-7CEB-462E-B66E-935C7F50E57D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic-Eng7 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\MyWebSearch
Key Found : HKLM\Software\Softonic-Eng7
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Found : HKU\S-1-5-21-1646635644-807565481-2889989635-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-1646635644-807565481-2889989635-1006\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Found : HKU\S-1-5-21-1646635644-807565481-2889989635-1006\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00A6FAF6-072E-44CF-8957-5838F569A31D}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F8AD5AA5-D966-4667-9DAF-2561D68B2012}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [My Web Search Bar Search Scope Monitor]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]


***** [Internet Browsers] *****


-\\ Internet Explorer v8.0.6001.18702


[OK] Registry is clean.


-\\ Mozilla Firefox v16.0.1 (en-US)


Profile name : default
File : C:\Documents and Settings\\Application Data\Mozilla\Firefox\Profiles\lr2j7lup.default\prefs.js


Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("keyword.URL", "https://isearch.avg.com/search?cid={BF834818-53B8-4657-A041-7D8DCFD5FF69}&[...]


Profile name : default
File : C:\Documents and Settings\visitor\Application Data\Mozilla\Firefox\Profiles\psfyj4ez.default\prefs.js


Found : user_pref("extensions.skipscreen.hostMatchStr", "http://www.4shared.com/(get|audio|file|document|dir[...]


Profile name : default
File : C:\Documents and Settings\dfgs\Application Data\Mozilla\Firefox\Profiles\nr1xmfqf.default\prefs.js


Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Found : user_pref("keyword.URL", "https://isearch.avg.com/search?cid={BF834818-53B8-4657-A041-7D8DCFD5FF69}&[...]


-\\ Google Chrome v [Unable to get version]


File : C:\Documents and Settings\\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences


[OK] File is clean.


File : C:\Documents and Settings\\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences


Found [l.73] : icon_url = "https://isearch.avg.com/favicon.ico",
Found [l.76] : keyword = "isearch.avg.com",
Found [l.79] : search_url = "https://isearch.avg.com/search?cid={BF834818-53B8-4657-A041-7D8DCFD5FF69}&mid=f08d936c0f5547d0a362d15e77cb4204-77589c755422fbd30a9c627f198d6086968e183c&lang=en&ds=AVG&pr=fr&d=2012-10-18 19:15:41&v=13.2.0.1&sap=dsp&q={searchTerms}",


File : C:\Documents and Settings\\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences


/!\ Cannot open file /!\

 

[Starbuck]

Hi

Both of those reports were created using either the 'Search' or the 'Scan' buttons.
Have you clicked the delete buttons?

Here's an updated RogueKiller delete speech to try.

• Close all the running processes
• Double click RogueKiller icon to run the program
  Vista/Win7 users should right click the icon and select Run as Administrator.
• Wait for the Prescan to finish. Then click the Scan button.
• When the scan has finished .... click the Delete button.
• A report will open, please copy and paste this report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

and the AdwCleaner delete speech again:

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• You will be prompted to restart your computer. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

It's the 2 'delete' reports i need before we can continue.

Thanks

 

[plumtast]

Hi

Both of those reports were created using either the 'Search' or the 'Scan' buttons.
Have you clicked the delete buttons?

Here's an updated RogueKiller delete speech to try.

• Close all the running processes
• Double click RogueKiller icon to run the program
  Vista/Win7 users should right click the icon and select Run as Administrator.
• Wait for the Prescan to finish. Then click the Scan button.
• When the scan has finished .... click the Delete button.
• A report will open, please copy and paste this report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

and the AdwCleaner delete speech again:

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• You will be prompted to restart your computer. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

It's the 2 'delete' reports i need before we can continue.

Thanks

==================

RogueKiller:

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : [Admin rights]
Mode : Remove -- Date : 10/30/2012 21:06:22

¤¤¤ Bad processes : 6 ¤¤¤
[SUSP PATH] wcg_hpf2_rosetta_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86 -> KILLED [TermProc]
[SUSP PATH] wcg_hfcc_autodock_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hfcc_autodock_6.40_windows_intelx86 -> KILLED [TermProc]
[RESIDUE] wcg_hpf2_rosetta_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86 -> KILLED [TermProc]
[RESIDUE] wcg_hfcc_autodock_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hfcc_autodock_6.40_windows_intelx86 -> KILLED [TermProc]
[RESIDUE] wcg_hpf2_rosetta_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86 -> KILLED [TermProc]
[RESIDUE] wcg_hfcc_autodock_6.40_windows_intelx86 -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hfcc_autodock_6.40_windows_intelx86 -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6V250F0 +++++
--- User ---
[MBR] 4d9f567356a1513974290e6595d0a1a0
[BSP] d119ba93793e2a02163436fbf2281b49 : Windows Vista/7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 4502 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 9221310 | Size: 234864 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[9].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

======================

adwCleaner - clicking delete or search - with both the green bar starts working but then after a second or two, the whole thing completely disappears off screen and can't be found. Tried a number of times and same thing each time. So never got to ok or restart prompts ...

 

[Starbuck]

Ok, no problem.
Let's move on to something a bit more powerful.
Please follow these steps in order.

Step 1
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

This is an example, you may rename ComboFix to anything you want.

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
  For more information read:
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
  Then:
  
  Double click on Combo-Fix.exe & follow the prompts.
  
  Vista/Win7 users should right click on the icon and select Run as Administrator.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.



Step 2
You mentioned that you have Malwarebytes Antimalware installed:

Please update MBAM and run another scan:
Start MBAM
Click on the Update tab

Click Check for Updates

The latest Database Version is: v2012.10.30.09

If it says that MBAM needs to close to update it... let it close and then restart.
Then click the Scan button.

Don't forget:

• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step 3

• Download OTL to your desktop.
  If using Firefox ..right click on the link and select 'Save Link/Target As'.
  
  if you have problems, try this download link:
  OTL
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check

.

.

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
  
  
  
  
  .
• Click the Run Scan button.
  
  
  
  
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

in your next reply, please submit:
Combofix.txt
New MBAM report
and both reports from OTL.

Note:
because of the size of the reports you may have to split them over 2 or 3 posts.

Thanks

 

[plumtast]

Combofix displayed the 1st screen but stopped after displaying the text 'creating system restore point'.

The other logs are as follows (one split in half - others to follow):


=============================================

OTL Log:


OTL logfile created on: 31/10/2012 12:15:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 486.04 Mb Available Physical Memory | 47.49% Memory free
2.40 Gb Paging File | 1.98 Gb Available in Paging File | 82.18% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.36 Gb Total Space | 84.97 Gb Free Space | 37.05% Space Free | Partition Type: NTFS
Drive D: | 33.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MESH | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.56_windows_intelx86 ()
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierMon.exe (Parabon Computation, Inc.)
PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierIM.exe (Parabon Computation, Inc.)
PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontier.exe (Parabon Computation, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierUpdate.exe (Parabon Computation, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Addon\Common\RaUI.exe (Addon Technology Ltd.)
PRC - C:\Program Files\Addon\Common\RaRegistry.exe (Ralink Technology, Corp.)
PRC - C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
PRC - C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
PRC - C:\Program Files\BOINC\boinc.exe (Space Sciences Laboratory)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink)
PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
MOD - C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.56_windows_intelx86 ()
MOD - C:\Program Files\Parabon\Frontier Compute Engine\bin\psens.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c1de8e1c\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_353abf6a\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fe8bae91\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_6c105c62\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_157634b6\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\WINDOWS\system32\DiagFunc.dll ()
MOD - C:\Program Files\BOINC\cudart.dll ()
MOD - C:\Program Files\BOINC\zlib1.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinwcuiDLL.dll ()
MOD - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinHWStatus.dll ()
MOD - C:\WINDOWS\system32\vmcmidiport.dll ()
MOD - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\HomeNetWorking\CLNetMedia.dll ()


========== Services (SafeList) ==========

SRV - (PEVSystemStart) -- C:\32788R22FWJFW\pev.3XE EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 C:\32788R22FWJFW\KNetSvcs.vbs File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_5891ae0.dll ()
SRV - (Frontier Compute Engine) -- C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierMon.exe (Parabon Computation, Inc.)
SRV - (asdsrv) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft)
SRV - (Frontier Update Service) -- C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierUpdate.exe (Parabon Computation, Inc.)
SRV - (RalinkRegistryWriter) -- C:\Program Files\Addon\Common\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (BlueSoleil Hid Service) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (CLSched) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (asdrs) -- C:\WINDOWS\system32\drivers\asdrs.sys (Anvisoft)
DRV - (asdrm) -- C:\WINDOWS\system32\drivers\asdrm.sys (Anvisoft)
DRV - (asdws) -- C:\WINDOWS\system32\drivers\asdws.sys ()
DRV - (VBoxDrv) -- C:\Program Files\Sun\VirtualBox OSE\VBoxDrv.sys ()
DRV - (VBoxNetFlt) -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys ()
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology, Corp.)
DRV - (Scutum50) -- C:\WINDOWS\system32\drivers\Scutum50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (wdmaud) -- C:\WINDOWS\system32\drivers\wdmaud.sys ()
DRV - (Wanarp) -- C:\WINDOWS\system32\drivers\wanarp.sys ()
DRV - (usbprint) -- C:\WINDOWS\system32\drivers\usbprint.sys ()
DRV - (WSTCODEC) -- C:\WINDOWS\system32\drivers\wstcodec.sys ()
DRV - (usbccgp) -- C:\WINDOWS\system32\drivers\usbccgp.sys ()
DRV - (USBSTOR) -- C:\WINDOWS\system32\drivers\usbstor.sys ()
DRV - (usbhub) -- C:\WINDOWS\system32\drivers\usbhub.sys ()
DRV - (usbehci) -- C:\WINDOWS\system32\drivers\usbehci.sys ()
DRV - (usbohci) -- C:\WINDOWS\system32\drivers\usbohci.sys ()
DRV - (usbscan) -- C:\WINDOWS\system32\drivers\usbscan.sys ()
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (VgaSave) -- C:\WINDOWS\system32\drivers\vga.sys ()
DRV - (VolSnap) -- C:\WINDOWS\System32\drivers\volsnap.sys ()
DRV - (Update) -- C:\WINDOWS\system32\drivers\update.sys ()
DRV - (viaagp) -- C:\WINDOWS\system32\drivers\viaagp.sys ()
DRV - (WudfRd) -- C:\WINDOWS\system32\drivers\WudfRd.sys ()
DRV - (WudfPf) -- C:\WINDOWS\system32\drivers\WudfPf.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys ()
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (BT) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys (IVT Corporation)
DRV - (BLKWGU(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation)
DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys ()
DRV - (nvnforce) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (BTHidMgr) -- C:\WINDOWS\system32\drivers\BTHidMgr.sys (IVT Corporation)
DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (m5287) -- C:\WINDOWS\system32\drivers\m5287.sys (ULi Electronics Inc.)
DRV - (m5289) -- C:\WINDOWS\system32\drivers\m5289.sys (ULi Electronics Inc.)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys ()
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys ()
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys ()
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (iComp) -- C:\WINDOWS\system32\drivers\p2usbwdm.sys (Conexant Systems Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (WS2IFSL) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys ()
DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys (Promise Technology, Inc.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (Politecnico di Torino)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (USBIO) -- C:\WINDOWS\system32\drivers\usbio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=-2sDKcDEApIF3bXpdzZjJfrBHrc?q={searchTerms}
IE - HKCU\..\SearchScopes\{C2353BDA-19DB-4F7E-936F-2EAA9D89C0AB}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=10: C:\Program Files\Google\Google Updater\2.1.810.31257\npCIDetect10.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/25 18:12:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/17 20:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\\Application Data\Mozilla\Extensions
[2012/10/30 08:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\\Application Data\Mozilla\Firefox\Profiles\lr2j7lup.default\extensions
[2012/10/25 18:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/25 18:12:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/25 18:12:28 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/07 07:29:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/25 18:12:27 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.1.810.31257\npCIDetect10.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (Net Snippets) - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\Program Files\NetSnippets\NetSnip.DLL (Net Snippets LTD.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" File not found
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Addon Wireless Utility.lnk = C:\Program Files\Addon\Common\RaUI.exe (Addon Technology Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\Program Files\NetSnippets\NetSnip.DLL (Net Snippets LTD.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Internet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156003235671 (MUWebControl Class)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave.com/content/ghostfrenzy/sis/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://cloverleafgames.com/igloader.CAB (igLoader Content on Demand)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} http://www.candystand.com/assets/activex/virtools/CacheManager.CAB (CacheManager.CacheManagerCtrl)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://msnuk.oberon-media.com/online2/MSN_INTL_UK/insaniquarium_non_zylom/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29AF84D6-C5B5-4117-B363-6E563C03BE00}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5472BD3-8BB9-4176-9B87-A8C28AB2C5CC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/25 09:00:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Nimbuzz - hkey= - key= - C:\Program Files\Nimbuzz\Nimbuzz.exe ()
MsConfig - StartUpReg: NVMixerTray - hkey= - key= - C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/31 12:13:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe
[2012/10/31 10:00:12 | 000,000,000 | --SD | C] -- C:\ComboFi
[2012/10/31 09:56:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\\Start Menu\Programs\Administrative Tools
[2012/10/31 09:54:53 | 004,991,925 | R--- | C] (Swearware) -- C:\Documents and Settings\\Desktop\ComboFi.exe
[2012/10/31 09:51:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/31 09:51:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/31 09:51:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/31 09:51:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/30 11:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Unity
[2012/10/29 21:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Desktop\RK_Quarantine
[2012/10/28 16:18:56 | 001,085,440 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2012/10/28 16:18:56 | 000,757,852 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2012/10/28 16:18:56 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2012/10/28 16:18:56 | 000,180,224 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2012/10/28 16:18:56 | 000,143,459 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2012/10/28 16:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Addon Wireless
[2012/10/28 16:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Addon Driver
[2012/10/28 16:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Addon
[2012/10/28 11:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Sun
[2012/10/26 17:54:42 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/26 17:54:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/26 17:54:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/26 17:54:22 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/25 18:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/22 20:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HideAnyWindow
[2012/10/22 20:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\HideAnyWindow
[2012/10/18 18:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\AVG2013
[2012/10/18 18:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/10/18 18:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\TuneUp Software
[2012/10/18 18:15:37 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/10/18 18:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/10/18 18:13:35 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/10/18 18:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/10/18 18:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/10/18 18:07:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/10/18 18:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\MFAData
[2012/10/18 18:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/10/18 18:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Avg2013
[2012/10/18 17:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\Malwarebytes
[2012/10/18 17:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/18 17:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/10/18 17:27:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/18 17:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/18 17:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\Anvisoft
[2012/10/18 17:01:15 | 000,022,864 | ---- | C] (Anvisoft) -- C:\WINDOWS\System32\drivers\asdrs.sys
[2012/10/18 17:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Anvisoft
[2012/10/18 17:01:14 | 000,016,208 | ---- | C] (Anvisoft) -- C:\WINDOWS\System32\drivers\asdrm.sys
[2012/10/18 17:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anvisoft
[2012/10/18 17:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2012/10/17 21:17:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/17 21:17:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/10/17 20:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\PCHealth
[2012/10/17 20:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Mozilla
[2012/10/17 19:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2012/10/17 18:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\386C33D85747E24000B1386B834FC480
[2012/10/05 02:26:22 | 000,093,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2012/10/02 02:30:38 | 000,159,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2006/06/18 16:26:36 | 000,518,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB884020-x86-enu.exe
[2006/06/18 16:24:55 | 000,163,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\pfbackup.exe
[2006/06/18 16:18:39 | 005,566,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vviewer.exe
[2006/06/18 16:15:53 | 002,176,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Windows-KB890830-V1.17.exe
[2006/06/18 16:15:10 | 004,659,000 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB908531-v2-x86-ENU.exe
[2006/06/18 16:14:04 | 001,002,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\JournalViewer1.5_KB886179_ENU.exe
[2006/06/18 16:13:17 | 002,931,992 | ---- | C] (Microsoft Corporation) -- C:\Program Files\LEO_Setup.EXE
[2006/06/18 16:11:13 | 001,389,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ppttmpl3.exe
[2006/06/18 16:10:43 | 000,480,816 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Sounds.EXE
[2006/06/18 16:09:50 | 000,330,024 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ppttpwiz.exe
[2006/06/17 17:56:41 | 002,053,688 | ---- | C] (Google) -- C:\Program Files\GoogleDesktopSetup.exe
[2006/06/15 16:29:11 | 024,070,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2006/06/15 15:37:21 | 017,357,552 | ---- | C] (The LEGO Group) -- C:\Program Files\Lego Designer.exe
[2006/06/15 15:29:04 | 037,311,488 | ---- | C] (Apple Computer, Inc. ) -- C:\Program Files\iTunesSetup.exe
[7 C:\*.tmp files -> C:\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[17 C:\Documents and Settings\ \My Documents\*.tmp files -> C:\Documents and Settings\\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/31 12:19:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/31 12:16:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D665C24D-DAD0-4076-8D6C-97D8FCC394E5}.job
[2012/10/31 12:13:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe
[2012/10/31 12:11:08 | 000,012,664 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/31 12:11:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/31 12:06:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/31 10:09:04 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\\Desktop\Shortcut to mbam.lnk
[2012/10/31 09:55:07 | 004,991,925 | R--- | M] (Swearware) -- C:\Documents and Settings\\Desktop\ComboFi.exe
[2012/10/30 22:28:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/30 21:16:09 | 000,000,678 | ---- | M] () -- C:\WINDOWS\DeleteOnReboot.bat
[2012/10/30 21:13:30 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\\Desktop\Shortcut to AdwCleaner.lnk
[2012/10/30 19:27:41 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6B9DDA16-430C-4C97-BD40-7A58000A54AD}.job
[2012/10/29 19:00:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012/10/28 16:18:53 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Addon Wireless Utility.lnk
[2012/10/28 10:13:15 | 000,427,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/28 10:13:15 | 000,069,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/26 17:54:00 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/26 17:53:58 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/10/26 17:53:58 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/10/26 17:53:58 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/26 17:53:58 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/26 17:53:58 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/26 17:53:58 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/10/20 17:27:27 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2012/10/18 18:16:14 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/10/18 18:15:14 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/10/18 17:01:15 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Anvi Smart Defender.lnk
[2012/10/17 20:03:32 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2012/10/17 19:36:18 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/17 19:31:55 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/08 20:45:06 | 000,059,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\8b780ee2e5d8e336.sys
[2012/10/08 18:19:42 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/08 18:19:41 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/05 02:26:22 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2012/10/02 02:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[7 C:\*.tmp files -> C:\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[17 C:\Documents and Settings\\My Documents\*.tmp files -> C:\Documents and Settings\\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/31 10:09:04 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\\Desktop\Shortcut to mbam.lnk
[2012/10/31 09:51:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/31 09:51:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/31 09:51:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/31 09:51:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/31 09:51:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/30 21:13:30 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\\Desktop\Shortcut to AdwCleaner.lnk
[2012/10/30 21:11:19 | 000,000,678 | ---- | C] () -- C:\WINDOWS\DeleteOnReboot.bat
[2012/10/28 16:18:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2012/10/28 16:18:56 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2012/10/28 16:18:56 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2012/10/28 16:18:53 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Addon Wireless Utility.lnk
[2012/10/28 16:18:38 | 000,500,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt61.sys
[2012/10/20 17:27:27 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2012/10/20 17:27:27 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2012/10/18 18:16:14 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/10/18 17:01:15 | 000,014,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\asdws.sys
[2012/10/18 17:01:15 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Anvi Smart Defender.lnk
[2012/10/08 20:45:06 | 000,059,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\8b780ee2e5d8e336.sys
[2012/09/12 09:58:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/20 11:31:59 | 000,019,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2012/02/26 11:28:58 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/02/15 08:38:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/16 13:19:09 | 000,829,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2870.sys
[2011/01/30 17:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2006/09/12 17:39:15 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\\Application Data\wklnhst.dat
[2006/08/19 15:54:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\n\Application Data\dm.ini
[2006/08/13 13:08:20 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 16:42:53 | 000,299,078 | ---- | C] () -- C:\Program Files\10131610.cab
[2006/06/18 16:23:42 | 006,571,008 | ---- | C] () -- C:\Program Files\Nile_Theme_EN.msi
[2006/06/18 16:22:33 | 001,638,400 | ---- | C] () -- C:\Program Files\Nature Theme 1 - Animal_EN.msi
[2006/06/18 16:19:32 | 003,830,526 | ---- | C] () -- C:\Program Files\WM Components 2.0.2.dmg
[2006/06/18 16:01:09 | 007,914,851 | ---- | C] () -- C:\Program Files\Christmas Pinball.exe
[2006/06/18 15:56:03 | 000,863,616 | ---- | C] () -- C:\Program Files\Epic Pinball.zip
[2006/06/17 16:21:23 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/15 16:12:17 | 001,062,523 | ---- | C] () -- C:\Program Files\Peps Football Pinball Game.zip
[2006/05/27 10:53:46 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2006/05/19 18:59:33 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2012/10/17 19:40:46 | 000,002,048 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\@
[2010/12/09 15:15:09 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\n
[2010/12/09 15:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\L
[2012/10/30 19:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U
[2012/10/24 16:41:23 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\00000001.@
[2012/10/30 19:17:40 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\80000000.@
[2012/10/21 09:35:06 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\800000cb.@
[2005/11/25 09:10:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/17 18:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\386C33D85747E24000B1386B834FC480
[2012/10/28 16:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Addon Driver
[2012/10/18 17:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anvisoft
[2012/10/18 18:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2009/07/25 17:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2008/04/18 18:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2012/10/31 12:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2012/10/18 18:07:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/05/21 01:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElectricSheep
[2012/06/15 15:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4D561F0001130CA00002367D151FC84
[2012/06/28 17:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\foldit
[2010/08/22 01:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2010/07/15 23:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2009/03/29 14:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\intermorphic
[2006/09/09 12:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lucasarts
[2008/02/01 19:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2007/10/05 09:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2012/10/31 10:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/10/15 17:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/12/22 18:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/09/20 17:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2006/05/25 17:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norbyte
[2008/02/24 16:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2006/06/13 18:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/07/18 23:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2006/10/03 15:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2006/11/15 17:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2011/06/16 13:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2006/06/13 17:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2012/02/29 09:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/10/07 04:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2011/04/07 09:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/05/27 09:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/10/03 22:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valve
[2010/07/06 00:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2009/02/19 14:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/10/07 04:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4CC9FFD0-2293-494C-9203-C26692235753}
[2012/10/18 17:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Anvisoft
[2012/10/18 18:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\AVG2013
[2006/05/21 14:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\AVG7
[2006/05/19 18:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\BullGuard
[2009/03/29 13:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\com.zipeg
[2008/07/03 16:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Cycling '74
[2009/03/29 14:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\data
[2006/09/24 18:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Ice Age 2 Demo
[2008/01/27 14:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\ImageBadger
[2008/04/17 07:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Leadertech
[2008/07/04 15:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\MAGIX
[2007/12/27 17:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Mattel
[2008/12/22 18:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\NCH Swift Sound
[2009/10/15 08:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\SuperDonate
[2006/09/12 17:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Template
[2012/10/18 18:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\TuneUp Software
[2006/05/27 10:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\Ulead Systems

========== Purity Check ==========

 

[plumtast]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/07/28 15:35:12 | 005,922,952 | ---- | M] (Hewlett Packard) -- C:\640-enu-xpinfu.exe
[2009/01/01 13:23:39 | 000,000,035 | ---- | M] () -- C:\aa.txt
[2012/10/29 21:47:23 | 000,031,739 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2012/10/30 19:34:48 | 000,031,739 | ---- | M] () -- C:\AdwCleaner[R2].txt
[2012/10/30 21:09:00 | 000,031,739 | ---- | M] () -- C:\AdwCleaner[R3].txt
[2012/10/30 21:15:56 | 000,002,072 | ---- | M] () -- C:\AdwCleaner[R4].txt
[2012/10/30 21:16:33 | 000,002,072 | ---- | M] () -- C:\AdwCleaner[R5].txt
[2012/10/30 21:11:47 | 000,031,779 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2012/10/30 21:14:05 | 000,002,093 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2012/10/30 21:15:13 | 000,002,093 | ---- | M] () -- C:\AdwCleaner[S3].txt
[2012/10/30 21:16:19 | 000,002,093 | ---- | M] () -- C:\AdwCleaner[S4].txt
[2005/11/25 09:00:41 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/06/19 16:48:58 | 012,242,639 | ---- | M] () -- C:\AVG7QT.DAT
[2010/08/01 00:39:14 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2005/11/25 09:00:41 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/10/17 14:52:45 | 000,002,956 | ---- | M] () -- C:\dd.jpg
[2010/10/29 17:14:05 | 000,000,144 | ---- | M] () -- C:\error.log
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2006/07/28 14:04:40 | 000,024,576 | ---- | M] () -- C:\igBrowse.exe
[2006/09/19 16:19:16 | 000,000,486 | ---- | M] () -- C:\igLoader_Log.txt
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2005/11/25 09:00:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/10/05 16:46:03 | 000,000,846 | ---- | M] () -- C:\LogFile.log
[2010/10/29 17:14:05 | 000,015,843 | ---- | M] () -- C:\menu.log
[2005/11/25 09:00:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/08/10 12:41:52 | 000,026,624 | ---- | M] (Indiepath Ltd) -- C:\npigl.dll
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/30 22:49:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/10/31 12:06:21 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2008/02/14 16:35:37 | 000,051,891 | ---- | M] () -- C:\playground.log
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2012/10/17 19:21:08 | 000,001,064 | ---- | M] () -- C:\VETlog.txt
[2006/07/28 15:23:39 | 013,706,152 | ---- | M] () -- C:\zlsSetup_65_731_000_en.exe
[7 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 13:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpzpp054.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[17 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012/10/08 20:45:06 | 000,059,776 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\8b780ee2e5d8e336.sys
[2006/04/13 00:04:39 | 000,021,568 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\HPZius12.sys
[2004/08/03 21:41:48 | 000,220,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2004/08/03 21:41:50 | 000,685,056 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2004/08/03 21:41:56 | 001,041,536 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2004/09/29 22:35:30 | 000,219,136 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys
[2004/09/29 22:34:24 | 000,702,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys
[2004/09/29 22:33:50 | 001,036,928 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\HSF_DP.sys
[2009/10/20 16:20:16 | 000,265,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\http.sys
[2008/04/13 18:41:22 | 000,008,576 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\i2omgmt.sys
[2008/04/13 18:41:22 | 000,018,560 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\i2omp.sys
[2008/04/13 19:18:00 | 000,052,480 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2004/04/20 10:13:00 | 000,472,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2008/04/13 18:40:58 | 000,042,112 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\imapi.sys
[2001/08/17 13:52:08 | 000,016,000 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ini910u.sys
[2008/04/13 18:40:29 | 000,005,504 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\intelide.sys
[2008/04/13 18:31:32 | 000,036,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008/04/13 18:53:34 | 000,036,608 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2004/08/04 12:00:00 | 000,032,896 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008/04/13 18:57:07 | 000,020,864 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008/04/13 18:57:15 | 000,152,832 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008/04/13 19:19:42 | 000,075,264 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008/04/13 18:54:28 | 000,011,264 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\irenum.sys
[2008/04/13 18:36:41 | 000,037,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008/04/13 18:39:47 | 000,024,576 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008/04/13 18:45:09 | 000,172,416 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008/04/13 19:16:36 | 000,141,056 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ks.sys
[2009/06/24 11:18:41 | 000,092,928 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2005/02/05 07:00:00 | 000,085,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\m5287.sys
[2004/12/01 10:49:00 | 000,051,840 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\m5289.sys
[2004/08/04 12:00:00 | 000,007,680 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mcd.sys
[2004/03/17 19:04:14 | 000,013,059 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2008/04/13 18:36:41 | 000,063,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mf.sys
[2004/08/04 12:00:00 | 000,004,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008/04/13 19:00:19 | 000,030,080 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\modem.sys
[2001/08/17 12:57:38 | 000,016,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\MODEMCSA.sys
[2008/04/13 18:39:47 | 000,023,040 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mouclass.sys
[2001/08/17 12:48:00 | 000,012,160 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mouhid.sys
[2008/04/13 18:39:46 | 000,042,368 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2001/08/17 13:52:12 | 000,017,280 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mraid35x.sys
[2008/04/13 18:32:44 | 000,180,608 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2011/07/15 13:29:31 | 000,456,320 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008/04/13 18:46:09 | 000,051,200 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\msdv.sys
[2008/04/13 18:32:39 | 000,019,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\msfs.sys
[2008/04/13 18:56:32 | 000,035,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\msgpc.sys
[2008/04/13 18:39:52 | 000,007,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2001/08/17 13:00:04 | 000,002,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\msmpu401.sys
[2008/04/13 18:39:50 | 000,005,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mspclock.sys
[2008/04/13 18:39:51 | 000,004,992 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mspqm.sys
[2008/04/13 18:36:46 | 000,015,488 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2008/04/13 18:39:50 | 000,005,504 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mstee.sys
[2004/08/03 21:41:40 | 000,126,686 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2004/08/03 21:41:38 | 001,309,184 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2004/08/03 21:29:38 | 000,452,736 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2011/04/21 13:37:43 | 000,105,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mup.sys
[2008/04/13 18:43:55 | 000,012,672 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2008/04/13 18:46:25 | 000,085,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nabtsfec.sys
[2008/04/13 19:20:37 | 000,182,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndis.sys
[2008/04/13 18:46:22 | 000,010,880 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndisip.sys
[2011/07/08 14:02:00 | 000,010,496 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008/04/13 18:55:58 | 000,014,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008/04/13 19:20:42 | 000,091,520 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2010/11/02 15:17:02 | 000,040,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008/04/13 18:56:02 | 000,034,688 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\netbios.sys
[2008/04/13 19:21:00 | 000,162,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/13 18:51:25 | 000,061,824 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nic1394.sys
[2004/08/04 12:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008/04/13 18:53:09 | 000,040,320 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nmnt.sys
[2003/04/04 14:07:20 | 000,030,336 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\npf.sys
[2008/04/13 18:32:39 | 000,030,848 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\npfs.sys
[2008/04/13 19:15:53 | 000,574,976 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 21:41:40 | 000,180,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2004/08/04 12:00:00 | 000,002,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\null.sys
[2004/08/03 21:29:56 | 001,897,408 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2005/07/26 06:01:56 | 000,415,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvapu.sys
[2005/07/26 06:02:36 | 000,066,688 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvarm.sys
[2005/07/26 05:58:30 | 000,053,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvax.sys
[2006/04/14 19:09:04 | 000,034,176 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\NVENETFD.sys
[2005/07/26 06:02:38 | 000,923,520 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvmcp.sys
[2006/04/14 19:09:06 | 000,013,056 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvnetbus.sys
[2006/04/14 19:08:46 | 000,305,152 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvnrm.sys
[2006/04/14 19:08:32 | 000,222,720 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvsnpu.sys
[2004/08/04 12:00:00 | 000,012,416 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2004/08/04 12:00:00 | 000,032,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008/04/13 18:56:06 | 000,088,320 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2004/08/04 12:00:00 | 000,063,232 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2004/08/04 12:00:00 | 000,055,936 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008/04/13 18:46:18 | 000,061,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ohci1394.sys
[2004/08/04 12:00:00 | 000,003,456 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2003/04/29 00:31:18 | 000,051,169 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\OXSER.SYS
[2004/09/02 09:02:44 | 001,475,328 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\p2usbwdm.sys
[2008/04/13 18:31:31 | 000,042,752 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\p3.sys
[2008/04/13 18:40:10 | 000,080,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\parport.sys
[2008/04/13 18:40:49 | 000,019,712 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\partmgr.sys
[2004/08/04 12:00:00 | 000,006,784 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008/04/13 18:36:44 | 000,068,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pci.sys
[2001/08/17 13:51:52 | 000,003,328 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pciide.sys
[2008/04/13 18:40:29 | 000,024,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008/04/13 18:36:43 | 000,120,192 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2001/08/17 14:07:40 | 000,027,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\perc2.sys
[2001/08/17 14:07:42 | 000,005,504 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\perc2hib.sys
[2010/07/17 02:34:34 | 000,137,544 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\PnkBstrK.sys
[2008/04/13 19:19:41 | 000,146,048 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\portcls.sys
[2008/04/13 18:31:30 | 000,035,840 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\processr.sys
[2008/04/13 18:56:38 | 000,069,120 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\psched.sys
[2004/08/04 12:00:00 | 000,017,792 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ptilink.sys
[2010/03/31 01:58:04 | 000,044,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\PxHelp20.sys
[2001/08/17 13:52:20 | 000,040,320 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ql1080.sys
[2001/08/17 13:52:16 | 000,033,152 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ql10wnt.sys
[2001/08/17 13:52:20 | 000,045,312 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ql12160.sys
[2001/08/17 13:52:16 | 000,040,448 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ql1240.sys
[2001/08/17 13:52:18 | 000,049,024 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ql1280.sys
[2004/08/04 12:00:00 | 000,008,832 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008/04/13 19:19:43 | 000,051,328 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008/04/13 18:57:32 | 000,041,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008/04/13 19:19:48 | 000,048,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\raspptp.sys
[2004/08/04 12:00:00 | 000,016,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\raspti.sys
[2004/08/04 12:00:00 | 000,034,432 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008/04/13 19:28:39 | 000,175,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rdbss.sys
[2004/08/04 12:00:00 | 000,004,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008/04/13 18:32:51 | 000,196,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2012/05/02 13:46:36 | 000,139,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 21:41:40 | 000,013,776 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\recagent.sys
[2008/04/13 18:40:27 | 000,057,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\redbook.sys
[2008/04/13 18:46:32 | 000,059,136 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2004/08/04 12:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2004/08/04 12:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\riodrv.sys
[2008/05/08 14:02:52 | 000,203,136 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008/04/13 18:56:49 | 000,030,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008/04/13 18:56:49 | 000,030,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2004/08/04 12:00:00 | 000,005,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2010/05/27 13:52:12 | 000,829,792 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rt2870.sys
[2009/06/12 17:21:40 | 000,500,096 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rt61.sys
[2004/08/03 21:29:52 | 000,166,912 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2008/04/13 18:40:30 | 000,096,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\scsiport.sys
[2009/04/21 14:31:10 | 000,019,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Scutum50.sys
[2008/04/13 18:36:44 | 000,079,232 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sdbus.sys
[2007/11/13 10:25:53 | 000,020,480 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\secdrv.sys
[2008/04/13 18:40:12 | 000,015,744 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\serenum.sys
[2008/04/13 19:15:45 | 000,064,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\serial.sys
[2008/04/13 18:40:47 | 000,011,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008/04/13 18:40:48 | 000,010,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008/04/13 18:40:47 | 000,011,008 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008/04/13 18:40:48 | 000,011,392 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2004/02/11 12:29:34 | 000,048,076 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Sio9502k.sys
[2008/04/13 18:36:39 | 000,040,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sisagp.sys
[2004/03/23 09:26:22 | 000,048,556 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SktBt2k.sys
[2008/04/13 18:46:23 | 000,011,136 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\slip.sys
[2004/08/03 21:41:42 | 000,129,535 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2004/08/03 21:41:44 | 000,404,990 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\slntamr.sys
[2004/08/03 21:41:46 | 000,095,424 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\slnthal.sys
[2004/08/03 21:41:46 | 000,013,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2008/04/13 18:36:34 | 000,005,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\smbali.sys
[2004/08/04 12:00:00 | 000,014,592 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\smclib.sys
[2008/04/13 18:46:07 | 000,025,344 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2001/11/05 08:23:14 | 000,006,097 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonyhcb.sys
[2001/11/05 08:23:20 | 000,038,739 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonyhcc.sys
[2001/11/05 08:23:52 | 000,299,923 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonyhcs.sys
[2002/10/15 21:41:06 | 000,102,220 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sonypvs1.sys
[2001/08/17 12:56:16 | 000,007,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS
[2001/08/17 14:07:44 | 000,019,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sparrow.sys
[2008/04/13 18:45:07 | 000,006,272 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\splitter.sys
[2008/04/13 18:36:52 | 000,073,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sr.sys
[2011/02/17 13:18:03 | 000,357,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\srv.sys
[2008/04/13 18:45:15 | 000,049,408 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\stream.sys
[2008/04/13 18:46:21 | 000,015,232 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\streamip.sys
[2008/04/13 18:39:53 | 000,004,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\swenum.sys
[2008/04/13 18:45:09 | 000,056,576 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\swmidi.sys
[2001/08/17 14:07:34 | 000,016,256 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\symc810.sys
[2001/08/17 14:07:36 | 000,032,640 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\symc8xx.sys
[2001/08/17 14:07:40 | 000,028,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sym_hi.sys
[2001/08/17 14:07:42 | 000,030,688 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sym_u3.sys
[2008/04/13 19:15:55 | 000,060,800 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008/04/13 18:40:50 | 000,014,976 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tape.sys
[2008/06/20 11:51:12 | 000,361,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2010/02/11 12:02:15 | 000,226,880 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008/04/13 19:00:05 | 000,019,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tdi.sys
[2008/04/14 00:13:20 | 000,012,040 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2008/04/14 00:13:21 | 000,021,896 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008/04/14 00:13:20 | 000,040,840 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\termdd.sys
[2004/08/04 12:00:00 | 000,051,712 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2001/08/17 13:51:56 | 000,004,992 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\toside.sys
[2004/08/04 12:00:00 | 000,021,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008/04/13 18:56:01 | 000,012,288 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008/04/13 18:36:40 | 000,044,672 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\uagp35.sys
[2008/04/13 18:32:36 | 000,066,048 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\udfs.sys
[2001/08/17 13:52:22 | 000,036,736 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ultra.sys
[2008/04/13 18:39:46 | 000,384,768 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\update.sys
[2008/04/13 18:56:49 | 000,012,800 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008/04/13 18:56:49 | 000,012,800 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2008/04/13 18:45:40 | 000,025,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008/04/13 18:45:41 | 000,025,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2008/04/13 18:45:39 | 000,032,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2001/08/17 13:03:02 | 000,004,736 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbd.sys
[2008/04/13 18:45:35 | 000,030,208 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008/04/13 18:45:37 | 000,059,520 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008/04/13 18:45:43 | 000,015,872 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbintel.sys
[2001/05/07 10:56:02 | 000,019,805 | R--- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbio.sys
[2008/04/13 18:45:35 | 000,017,152 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbohci.sys
[2008/04/13 18:45:36 | 000,143,872 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbport.sys
[2008/04/13 18:47:37 | 000,025,856 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbprint.sys
[2008/04/13 18:45:34 | 000,015,104 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008/04/13 18:45:38 | 000,026,368 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 18:46:20 | 000,121,984 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2010/06/26 12:43:26 | 000,102,080 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys
[2005/07/30 06:21:32 | 000,011,988 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\vbtenum.sys
[2004/10/19 12:37:38 | 000,061,312 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\VComm.sys
[2006/02/28 15:57:22 | 000,084,836 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\VcommMgr.sys
[2004/08/04 12:00:00 | 000,058,112 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008/04/13 18:44:40 | 000,020,992 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\vga.sys
[2005/07/29 15:21:48 | 000,011,736 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\VHIDMini.sys
[2008/04/13 18:36:40 | 000,042,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\viaagp.sys
[2008/04/13 18:40:31 | 000,005,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\viaide.sys
[2004/03/29 12:45:00 | 000,073,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\viamraid.sys
[2008/04/13 18:44:40 | 000,081,664 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008/04/13 18:41:01 | 000,052,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2008/04/13 18:43:55 | 000,014,208 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wacompen.sys
[2004/08/03 21:29:40 | 000,011,807 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wadv07nt.sys
[2004/08/03 21:29:40 | 000,011,295 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wadv08nt.sys
[2004/08/03 21:29:42 | 000,011,871 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wadv09nt.sys
[2004/08/03 21:29:42 | 000,011,935 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2008/04/13 18:57:21 | 000,034,560 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wanarp.sys
[2004/08/03 21:29:46 | 000,022,271 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\watv06nt.sys
[2004/08/03 21:29:46 | 000,025,471 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\watv10nt.sys
[2008/04/13 19:17:18 | 000,083,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2004/08/04 12:00:00 | 000,004,352 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wmilib.sys
[2004/08/04 12:00:00 | 000,012,032 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2003/07/04 01:58:34 | 000,063,488 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wssbtr1f.sys
[2008/04/13 18:46:24 | 000,019,200 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wstcodec.sys
[2006/09/28 18:55:50 | 000,077,568 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WudfPf.sys
[2006/09/28 19:00:34 | 000,082,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WudfRd.sys
[2005/08/17 13:43:26 | 000,329,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ZD1211BU.SYS
[2004/10/25 12:40:58 | 000,017,664 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ZDPSp50.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2012/05/04 12:32:19 | 002,026,496 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ntkrnlpa.exe
[17 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2005/11/25 08:53:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/11/25 08:53:37 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/11/25 08:53:37 | 000,868,352 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\* >
[2006/06/18 16:42:58 | 000,299,078 | ---- | M] () -- C:\Program Files\10131610.cab
[2006/06/18 16:01:15 | 007,914,851 | ---- | M] () -- C:\Program Files\Christmas Pinball.exe
[2006/06/18 15:56:12 | 000,863,616 | ---- | M] () -- C:\Program Files\Epic Pinball.zip
[2006/06/17 17:56:55 | 002,053,688 | ---- | M] (Google) -- C:\Program Files\GoogleDesktopSetup.exe
[2006/06/15 15:29:32 | 037,311,488 | ---- | M] (Apple Computer, Inc. ) -- C:\Program Files\iTunesSetup.exe
[2006/06/18 16:14:10 | 001,002,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\JournalViewer1.5_KB886179_ENU.exe
[2006/06/15 15:37:24 | 017,357,552 | ---- | M] (The LEGO Group) -- C:\Program Files\Lego Designer.exe
[2006/06/18 16:13:20 | 002,931,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\LEO_Setup.EXE
[2006/06/18 16:22:42 | 001,638,400 | ---- | M] () -- C:\Program Files\Nature Theme 1 - Animal_EN.msi
[2006/06/18 16:23:47 | 006,571,008 | ---- | M] () -- C:\Program Files\Nile_Theme_EN.msi
[2006/06/15 16:12:21 | 001,062,523 | ---- | M] () -- C:\Program Files\Peps Football Pinball Game.zip
[2006/06/18 16:24:58 | 000,163,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\pfbackup.exe
[2006/06/18 16:11:19 | 001,389,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\ppttmpl3.exe
[2006/06/18 16:09:55 | 000,330,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\ppttpwiz.exe
[2006/06/18 16:10:48 | 000,480,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sounds.EXE
[2006/06/18 16:18:42 | 005,566,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\vviewer.exe
[2006/06/18 16:16:00 | 002,176,928 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows-KB890830-V1.17.exe
[2006/06/18 16:26:51 | 000,518,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB884020-x86-enu.exe
[2006/06/18 16:15:14 | 004,659,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB908531-v2-x86-ENU.exe
[2006/06/18 16:19:59 | 003,830,526 | ---- | M] () -- C:\Program Files\WM Components 2.0.2.dmg
[2006/06/15 16:29:15 | 024,070,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/10/25 18:12:27 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/10/25 18:12:27 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/10/25 18:12:27 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/10/25 18:12:28 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/10/25 18:12:28 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/10/25 18:12:28 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 11:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 11:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 11:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/01/29 14:08:38 | 003,583,272 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/01/29 14:08:38 | 003,583,272 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/01/29 14:08:38 | 003,583,272 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/01/29 14:08:38 | 003,583,272 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/10/25 18:12:27 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/10/25 18:12:27 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/10/25 18:12:27 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/10/25 18:12:28 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/10/25 18:12:28 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/10/25 18:12:28 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/10/10 10:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 11:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 11:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 11:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/01/29 14:08:38 | 003,583,272 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/01/29 14:08:38 | 003,583,272 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/01/29 14:08:38 | 003,583,272 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/01/29 14:08:38 | 003,583,272 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:029666E0
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1


< End of report >