Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 27

Thread: about .blank

  1. #11
    Emeritus- Malware Team
    Join Date
    Apr 2010
    Posts
    29

    Default

    Hi Neil,

    Please run the scans requested in my previous post (MGADiag, CKScanner and WVCheck) and provide the logs in your reply.

    mambass
    Graduate of Malware Removal University - You too could train to help others

  2. #12
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-KVMH8-G4HV6-H8YFJ
    Windows Product Key Hash: H5rDjxMGPk05nzMyD0gCE1hoIFU=
    Windows Product ID: 76477-OEM-2160032-12871
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010300.3.0.hom
    ID: {2F4DD347-B443-490D-8C04-03DE62D7A2E5}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: 1.7.105.35
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: 100
    Version: 1.7.105.35
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional 2007 - 100 Genuine
    OGA Version: Registered, 1.7.105.35
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{2F4DD347-B443-490D-8C04-03DE62D7A2E5}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-H8YFJ</PKey><PID>76477-OEM-2160032-12871</PID><PIDType>3</PIDType><SID>S-1-5-21-1547161642-2111687655-839522115</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1001.026</Version><SMBIOSVersion major="2" minor="3"/><Date>20050224000000.000000+000</Date></BIOS><HWID>2B873AD70184A07D</HWID><UserLCID>1409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>New Zealand Standard Time(GMT+12:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.105.35"/><File Name="OGAAddin.dll" Version="1.7.105.35"/><File Name="OGAVerify.exe" Version="1.7.105.35"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0014-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional 2007</Name><Ver>12</Ver><Val>2C3F4CA0208F77A</Val><Hash>pDEyh9epmLDwbUC5JfSsF6x8KUc=</Hash><Pid>81605-957-5155302-65618</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 1753B:GENUINE C&C INC
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A

  3. #13
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrack.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatest.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcracklightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcracklightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrack.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrack.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatest.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcracklightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrack.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatest.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcracklightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcracklightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrack.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrack.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatest.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcracklightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrack.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatest.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcracklightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcracklightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrack.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrack.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatest.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrack.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatest.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcracklightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcracklightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrack.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrack.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatest.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackpointlight.cfx
    c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackshadow.cfx
    scanner sequence 3.ZZ.11.GKAPST
    ----- EOF -----

  4. #14
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default

    Windows Validation Check
    Version: 1.9.12.5
    Log Created On: 1049_15-12-2011
    -----------------------

    Windows Information
    -----------------------
    Windows Version: Windows XP Service Pack 3
    Windows Mode: Normal
    Systemroot Path: C:\WINDOWS

    WVCheck's Auto Update Check
    -----------------------
    Auto-Update Option: Download updates and install them automatically.
    -----------------------
    Last Success Time for Update Detection: 2011-12-14 04:28:01
    Last Success Time for Update Download: 2011-11-10 18:52:56
    Last Success Time for Update Installation: 2011-11-10 21:27:17


    WVCheck's Registry Check Check
    -----------------------
    Antiwpa: Not Found
    -----------------------
    Chew7Hale: Not Found
    -----------------------


    WVCheck's File Dump
    -----------------------
    WVCheck found no known bad files.


    WVCheck's Dir Dump
    -----------------------
    WVCheck found no known bad directories.


    WVCheck's Missing File Check
    -----------------------
    WVCheck found no missing Windows files.


    WVCheck's MBAM Quarantine Check
    -----------------------
    There were no bad files quarantined by MBAM.


    WVCheck's HOSTS File Check
    -----------------------
    WVCheck found no bad lines in the hosts file.


    WVCheck's MD5 Check
    EXPERIMENTAL!!
    -----------------------
    user32.dll - b26b135ff1b9f60c9388b4a7d16f600b


    -------- End of File, program close at 1059_15-12-2011 --------

  5. #15
    Emeritus- Malware Team
    Join Date
    Apr 2010
    Posts
    29

    Default

    Hi Neil,

    Thank you for the logs.

    Registry Cleaners

    Re. Registrar Registry Manager, RegZooka and RegistryBooster

    I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on regcleaners
    Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.
    I believe that you will find this post by Bill Castner to be very informative: WhatTheTech Forum


    We're going to be doing a lot of work in this post. Just execute the steps in the order given and it won't be too difficult. After the computer reboots at the end of the last step, please determine whether you are still experiencing problems with your computer and report your findings in your reply.

    Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

    1. A few more questions
      1. When a new Internet Explorer window first appears and the display area is blank before the page you were viewing appears, do you see "about:blank" in the address area near the top of the window?
      2. Do new windows appear when you are
        1. Typing?
        2. Using the mouse?
        3. Doing nothing (i.e., you are not using the keyboard or mouse)?
      3. If you have any browsers installed other than Internet Explorer could you please see if they exhibit similar behavior and report back?
      4. I noticed entries in your log indicating that restrictions exist concerning your ability to make changes to certain Internet Explorer settings and/or access certain Internet Explorer features. These could have been added by security software that you may have installed or they could have been added by malware. Could you please let me know if you wish to retain those restrictions or if you would like to have them removed?


    2. Backup Your Registry with ERUNT
      You already appear to have ERUNT on your computer. Please run it.
      OK all the prompts to back up your registry to the default location.
      Note: If you ever need to restore your registry later, you would go to the default backup folder and start ERDNT.exe
      (The default backup folder is C:\Windows\ERDNT\ and the backups are saved according to date stamp)

    3. Download the OTL fix file to be used later
      Right-click on the attachment link at the bottom of this page, select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename: Fix.txt
      This file must be saved to your Desktop as fix.txt.

    4. Uninstall PunkBuster
      1. Please click here to download the PBSVC Setup Program and save it to your Desktop.
      2. Double click on pbsvc.exe to start it... then click Uninstall.
        Once that's finished...
      3. Click Start > Run and copy and paste the following into the open text box:
        Code:
        cmd /c for %i in (A B K) do sc delete PnkBstr%i
      4. Click OK. A black box will flash very briefly. This is normal.


    5. Remove Programs Using Control Panel
      From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
      Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

      Conduit Engine
      DVDVideoSoftTB Toolbar
      IObit Security 360
      Registrar Registry Manager 6.52
      RegZooka

      Take extra care in answering questions posed by any Uninstaller.

    6. Reboot (restart) your computer

    7. Run an OTL fix
      • Double Click the OTL icon on your Desktop
      • Click the Run Fix button at the top.
      • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
      • When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt and click Open
      • Some text will appear in the Custom scans/Fixes box.
      • Click the Run Fix button.
      • Let the program run unhindered and reboot the PC when it is done.
        When the computer Reboots, and you start your usual account, a Notepad text file will appear.
      • Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt

        If no log then please look in the C:\_OTL\MovedFiles folder for a file whose filename format is MMDDYYY_HHMMSS.log based on the date/time OTL was run.



    Please include in your reply:
    1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
    2. The answers to my questions.
    3. The contents of the OTL.txt log.
    4. A description of how your computer is running and any Malware symptoms that are still present.



    mambass
    Graduate of Malware Removal University - You too could train to help others

  6. #16
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default

    ========== PROCESSES ==========
    All processes killed
    ========== OTL ==========
    Error: No service named IS360service was found to stop!
    Service\Driver key IS360service not found.
    File C:\Program Files\IObit\IObit Security 360\is360srv.exe not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
    File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
    File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
    File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
    File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
    File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
    Registry value HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
    Registry value HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
    File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ deleted successfully.
    C:\Documents and Settings\Harrison\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm moved successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\motive.com\ptcnztbc.tcnz\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    File Protocol\Handler\livecall - No CLSID value found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    File Protocol\Handler\msnim - No CLSID value found not found.
    C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\System32\SET1FF.tmp deleted successfully.
    C:\WINDOWS\System32\SET20B.tmp deleted successfully.
    C:\WINDOWS\System32\SET253.tmp deleted successfully.
    C:\WINDOWS\002578_.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\System32\drivers\OLD92.tmp deleted successfully.
    ========== FILES ==========
    File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Registrar Registry Manager not found.
    C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\setup folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\logs folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\FreeYouTubeToMP3Converter\Themes folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\FreeYouTubeToMP3Converter\History folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\FreeYouTubeToMP3Converter folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\FreeDVDVideoBurner\Themes folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\FreeDVDVideoBurner folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\DVDVideoSoftIEHelpers folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\FrostWire\xml\data folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\FrostWire\xml folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\FrostWire\themes\frostwirePro_theme folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\FrostWire\themes folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\FrostWire\overlays folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\FrostWire\.NetworkShare\Incomplete folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\FrostWire\.NetworkShare folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\FrostWire\.AppSpecialShare folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\FrostWire folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\IObit\SmartRAM folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\IObit\InternetBooster folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\IObit\Advanced SystemCare\Backup\Registry folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\IObit\Advanced SystemCare\Backup folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\IObit\Advanced SystemCare folder moved successfully.
    C:\Documents and Settings\Harrison\Application Data\IObit folder moved successfully.
    C:\Program Files\IObit\IObit Security 360\Update folder moved successfully.
    C:\Program Files\IObit\IObit Security 360\Quarantine Zone folder moved successfully.
    C:\Program Files\IObit\IObit Security 360\log\Scan folder moved successfully.
    C:\Program Files\IObit\IObit Security 360\log folder moved successfully.
    C:\Program Files\IObit\IObit Security 360\Downloaded folder moved successfully.
    C:\Program Files\IObit\IObit Security 360 folder moved successfully.
    C:\Program Files\IObit\Advanced SystemCare 3 folder moved successfully.
    C:\Program Files\IObit folder moved successfully.
    File\Folder C:\Program Files\DVDVideoSoftTB not found.
    File\Folder C:\Program Files\ConduitEngine not found.
    c:\program files\Registrar Registry Manager folder moved successfully.
    c:\program files\RegZooka\Logs folder moved successfully.
    c:\program files\RegZooka\Backups folder moved successfully.
    c:\program files\RegZooka folder moved successfully.
    C:\WINDOWS\System32\rrMon.sys moved successfully.
    File\Folder C:\WINDOWS\System32\rrsec.dll not found.
    File\Folder C:\WINDOWS\System32\rrsec2k.exe not found.
    File\Folder C:\WINDOWS\System32\drivers\PnkBstrK.sys not found.
    File\Folder C:\WINDOWS\System32\PnkBstrB.exe not found.
    File\Folder C:\WINDOWS\System32\PnkBstrA.exe not found.
    File\Folder C:\DOCUMENTS AND SETTINGS\HARRISON\DESKTOP\REGISTRYBOOSTER.EXE not found.
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point (0)

    OTL by OldTimer - Version 3.2.31.0 log created on 12162011_155243

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

  7. #17
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default

    Answers to questions

    1. yes about.blank then to web page i had just closed

    2. Windows re'open after I close a window

    3. No other browser

    4. No reason to retain something I have no idea what it does. If theres a chance its malware I would appreciate your help in removing it.

    Thank you your help is greatly apprerciated

  8. #18
    Emeritus- Malware Team
    Join Date
    Apr 2010
    Posts
    29

    Default

    Hi Neil,

    1. Perform a Custom Fix with OTL
      • Double-click the OTL icon on your Desktop to run the program.
      • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
        Code:
        :OTL
        O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
        O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
        O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
        O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
        O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
        O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
        O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
        O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
        O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
        O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
        O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
        O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
        
        :Commands
        [CREATERESTOREPOINT]
        [REBOOT]
      • Then click the Run Fix button at the top.
      • Let the program run unhindered and reboot the PC when it is done.
      • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


    2. Run an aswMBR scan
      • Please click here to download aswMBR and save it to your Desktop.
      • Double click the aswMBR.exe icon on your Desktop to run it.
      • Click No if asked "Would you like to download latest Avst! Virus definitions?"
      • Click the Scan button.
      • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
      • Click OK
      • Two files will be created, aswMBR.txt & a file named MBR.dat
      • Save MBR.dat to a USB flash drive. This is a backup of your MBR (Master Boot record). Do not delete this file.
      • NOTE: Do not click to fix anything at this stage!
      • Click EXIT.
      • Copy & Paste the contents of aswMBR.txt into your next reply.



    Please include in your reply:
    1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
    2. The contents of the OTL.txt log.
    3. The contents of the aswMBR.txt log.
    4. Please let me know if you are still experiencing problems.



    mambass
    Graduate of Malware Removal University - You too could train to help others

  9. #19
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default

    OTL logfile created on: 18/12/2011 12:51:42 p.m. - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Harrison\Desktop\repair
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.35% Memory free
    2.85 Gb Paging File | 2.41 Gb Available in Paging File | 84.50% Paging File free
    Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 27.42 Gb Free Space | 36.80% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive E: | 465.76 Gb Total Space | 170.44 Gb Free Space | 36.59% Space Free | Partition Type: NTFS
    Drive F: | 149.05 Gb Total Space | 23.49 Gb Free Space | 15.76% Space Free | Partition Type: NTFS

    Computer Name: PC-ED35CABDA717 | User Name: Harrison | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/10 10:04:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harrison\Desktop\repair\OTL.exe
    PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    PRC - [2011/10/16 08:44:22 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\afasrv32.exe
    PRC - [2008/06/21 08:23:45 | 001,464,832 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\tcnz\McciTrayApp.exe
    PRC - [2008/04/14 13:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/09 20:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2007/05/18 10:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2004/11/15 23:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
    PRC - [2003/07/14 11:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    MOD - [2011/10/16 08:44:22 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\afasrv32.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (usnjsvc)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
    SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/05/25 16:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\afasrv32.exe -- (AfaService)
    SRV - [2007/08/09 20:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2007/05/18 10:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2010/04/12 03:40:28 | 000,019,200 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
    DRV - [2010/04/12 03:17:36 | 000,324,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
    DRV - [2010/01/09 12:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2009/04/14 04:05:22 | 000,031,104 | ---- | M] (USB Mass Storage.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UStorage.sys -- (USTORAGE)
    DRV - [2008/12/12 12:26:10 | 000,023,552 | ---- | M] (defrag Development Team) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dfg.sys -- (dfg)
    DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/05/07 04:50:26 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2008/05/07 04:50:26 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2007/04/11 10:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
    DRV - [2007/02/27 15:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2006/05/03 14:49:57 | 000,166,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
    DRV - [2006/02/21 21:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2004/11/18 00:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/08/04 11:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
    DRV - [2004/07/09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
    DRV - [2003/12/12 20:03:10 | 000,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
    DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nz.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://nz.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
    FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/15 09:23:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2011/11/04 15:10:14 | 000,000,000 | ---D | M]

    [2010/07/20 13:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Harrison\Application Data\Mozilla\Extensions
    [2010/01/12 13:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Harrison\Application Data\Mozilla\Extensions\mozswing@mozswing.org

    ========== Chrome ==========

    CHR - default_search_provider: Yahoo! Search ()
    CHR - default_search_provider: search_url = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    CHR - default_search_provider: suggest_url =

    O1 HOSTS File: ([2011/11/20 20:08:56 | 000,437,905 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 15063 more lines...
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [tcnz_McciTrayApp] C:\Program Files\tcnz\McciTrayApp.exe (Motive Communications, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - Startup: C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: motive.com ([ptcnztbc.tcnz] http in Trusted sites)
    O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Value error.)
    O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downlo...OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase6770.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn...tDetection.cab (GMNRev Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DF3C198-92CE-4706-9203-8EC6881273EC}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
    O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Harrison/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Harrison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Harrison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/14 15:59:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/03/30 14:45:31 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
    O32 - AutoRun File - [2002/10/17 01:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/16 15:52:43 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/12/16 14:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Desktop\drivers
    [2011/12/15 19:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD-Cloner
    [2011/12/15 19:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\DVD-Cloner
    [2011/12/15 19:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Application Data\dvd-cloner
    [2011/12/15 10:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Desktop\repair
    [2011/12/03 22:26:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/12/03 22:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/12/03 22:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2011/11/21 19:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
    [2011/11/21 08:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Ghost Mouse Auto Clicker
    [2011/11/21 08:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ghost Mouse Auto Clicker
    [2010/01/03 07:52:49 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Harrison\Application Data\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2011/12/18 12:59:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6A4810CF-FB95-456B-B035-835C578DDBD1}.job
    [2011/12/18 12:41:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/18 12:40:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/18 12:38:10 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/18 11:50:40 | 084,460,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/12/16 13:34:42 | 000,009,387 | ---- | M] () -- C:\Documents and Settings\Harrison\Application Data\Tab Separated Values (Windows).EML
    [2011/12/16 07:59:35 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/12/15 21:39:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/12/15 19:26:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\dvdtest10024.dat
    [2011/12/15 10:30:21 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/12/14 18:28:40 | 000,271,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2011/12/03 22:26:02 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/11/21 19:40:44 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2011/11/21 08:15:26 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ghost Mouse Auto Clicker.lnk
    [2011/11/20 20:17:33 | 000,000,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg

    ========== Files Created - No Company Name ==========

    [2011/12/03 22:26:02 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/11/21 19:40:44 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2011/11/21 08:15:26 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ghost Mouse Auto Clicker.lnk
    [2011/11/20 20:17:23 | 000,000,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2011/11/14 12:30:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dvdtest10024.dat
    [2011/10/16 11:59:25 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2011/10/09 14:54:27 | 000,176,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/06/14 15:21:50 | 000,012,800 | ---- | C] () -- C:\WINDOWS\sysutils.dll
    [2011/04/18 14:28:38 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2011/02/26 13:38:49 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/09/27 08:28:27 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
    [2010/09/21 19:59:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
    [2010/09/17 19:54:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/20 13:54:12 | 000,012,264 | ---- | C] () -- C:\WINDOWS\scunin.dat
    [2010/07/20 13:44:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/07/20 12:53:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
    [2010/02/12 21:32:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
    [2010/01/03 07:52:49 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\inst.exe
    [2010/01/03 07:52:49 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\pcouffin.cat
    [2010/01/03 07:52:49 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\pcouffin.inf
    [2009/07/19 14:59:22 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\FixVTS.ini
    [2009/07/13 19:09:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\afasrv32.exe
    [2009/06/27 20:09:03 | 000,066,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/04/13 10:39:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2009/02/26 09:58:44 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2009/02/26 09:58:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2009/01/27 19:59:01 | 000,094,083 | ---- | C] () -- C:\WINDOWS\hpqins11.dat.temp
    [2009/01/27 19:40:32 | 000,094,065 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
    [2009/01/19 07:12:19 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Harrison\Local Settings\Application Data\fusioncache.dat
    [2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2008/12/31 17:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
    [2008/12/29 12:29:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
    [2008/12/25 10:40:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/12/25 10:40:40 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008/12/20 10:02:50 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
    [2008/12/05 22:54:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2008/12/05 16:02:36 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
    [2008/11/24 18:54:52 | 000,093,684 | ---- | C] () -- C:\WINDOWS\hpqins07.dat.temp
    [2008/11/24 18:31:37 | 000,117,048 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
    [2008/11/24 18:24:05 | 000,117,579 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
    [2008/11/24 18:24:05 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
    [2008/11/24 18:21:31 | 000,093,684 | ---- | C] () -- C:\WINDOWS\hpqins07.dat
    [2008/10/26 12:07:54 | 000,009,379 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (DOS).EML
    [2008/10/26 12:05:54 | 000,009,387 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Tab Separated Values (Windows).EML
    [2008/10/26 12:00:57 | 000,038,502 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Tab Separated Values (Windows).ADR
    [2008/07/25 13:53:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/07/19 12:15:33 | 000,094,083 | ---- | C] () -- C:\WINDOWS\hpqins11.dat
    [2008/07/19 11:49:59 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2008/07/18 15:50:20 | 000,239,104 | ---- | C] () -- C:\Documents and Settings\Harrison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/07/15 03:47:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/07/15 03:45:51 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/07/14 22:54:47 | 000,038,463 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (Windows).ADR
    [2008/07/14 22:51:01 | 000,021,750 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (Windows).EML
    [2008/07/14 16:15:56 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
    [2008/07/14 16:09:07 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2008/07/14 16:09:03 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2008/07/14 16:09:03 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2008/07/14 16:08:53 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
    [2008/07/14 16:05:27 | 000,003,335 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2008/07/14 16:05:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2008/07/14 16:00:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/07/14 15:56:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
    [2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
    [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/09/12 23:09:25 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2006/05/05 23:10:17 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
    [2006/01/19 03:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
    [2005/10/07 08:13:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
    [2005/10/07 08:13:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
    [2004/08/05 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/05 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/05 01:00:00 | 000,505,478 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/05 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/05 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/05 01:00:00 | 000,087,692 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/05 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/05 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/05 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/05 01:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/05 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/05 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [1997/06/14 15:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2011/10/16 09:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2010/11/05 10:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/12/20 15:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2009/07/14 08:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2010/11/05 10:27:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/12/15 19:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD-Cloner
    [2011/02/26 13:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2009/12/03 08:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2011/02/07 10:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2011/12/18 11:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/01/12 12:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
    [2008/07/27 14:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2009/10/18 15:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2011/08/07 19:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
    [2009/01/06 08:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2008/10/28 20:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2011/10/15 12:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    [2010/08/12 12:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/01/26 18:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/07 04:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2011/07/23 21:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\asoftech
    [2011/10/16 08:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG Secure Search
    [2011/10/16 08:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG2012
    [2010/03/23 08:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG9
    [2010/02/18 10:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Azureus
    [2008/07/19 14:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/12/15 19:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\dvd-cloner
    [2010/07/20 12:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\FUJIFILM
    [2011/05/26 20:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\HandBrake
    [2011/11/07 14:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Image Zone Express
    [2009/10/21 19:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\MSNInstaller
    [2011/08/07 19:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Netscape
    [2010/01/18 17:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Nokia
    [2010/01/14 22:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\PC Suite
    [2011/11/08 09:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\PriceGong
    [2011/11/13 22:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\RipIt4Me
    [2011/02/26 18:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Sony Online Entertainment
    [2009/01/06 08:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Ulead Systems
    [2011/10/15 12:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Uniblue
    [2011/08/20 15:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Vso
    [2010/06/18 10:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Windows Desktop Search
    [2010/06/18 17:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Windows Search
    [2011/07/23 21:17:34 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\AsoftechAutoClicker_4.job
    [2011/12/18 12:59:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6A4810CF-FB95-456B-B035-835C578DDBD1}.job

    ========== Purity Check ==========



    < End of report >

  10. #20
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-18 13:11:36
    -----------------------------
    13:11:36.906 OS Version: Windows 5.1.2600 Service Pack 3
    13:11:36.906 Number of processors: 2 586 0x401
    13:11:36.906 ComputerName: PC-ED35CABDA717 UserName: Harrison
    13:11:39.625 Initialize success
    13:12:09.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    13:12:09.781 Disk 0 Vendor: WDC_WD800BB-00JHA0 05.01C05 Size: 76319MB BusType: 3
    13:12:09.812 Disk 0 MBR read successfully
    13:12:09.812 Disk 0 MBR scan
    13:12:09.812 Disk 0 Windows XP default MBR code
    13:12:09.828 Disk 0 scanning sectors +156280320
    13:12:09.921 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:12:32.343 Service scanning
    13:12:35.468 Modules scanning
    13:12:56.765 Disk 0 trace - called modules:
    13:12:56.781 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    13:12:56.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a562ab8]
    13:12:56.796 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000060[0x8a5c4210]
    13:12:56.796 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5c3940]
    13:12:56.796 Scan finished successfully
    13:14:24.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Harrison\Desktop\MBR.dat"
    13:14:24.843 The log file has been saved successfully to "C:\Documents and Settings\Harrison\Desktop\aswMBR.txt"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •