Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: about .blank

  1. #1
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default about .blank

    Help please
    have run full scans Malwarebytes, spybot and avg



    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Harrison at 21:58:35 on 2011-12-03
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1698 [GMT 13:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\afasrv32.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\tcnz\McciTrayApp.exe
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://nz.yahoo.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [tcnz_McciTrayApp] c:\program files\tcnz\McciTrayApp.exe
    mRun: [LTMSG] LTMSG.exe 7
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\documents and settings\harrison\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: motive.com\ptcnztbc.tcnz
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
    DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{7DF3C198-92CE-4706-9203-8EC6881273EC} : DhcpNameServer = 192.168.1.254
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: TPSvc - TPSvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
    S3 cpuz132;cpuz132;\??\c:\docume~1\harrison\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\harrison\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [2008-12-12 23552]
    S3 USTORAGE;UMass Storage Device;c:\windows\system32\drivers\UStorage.sys [2009-4-14 31104]
    .
    =============== Created Last 30 ================
    .
    2011-12-03 00:32:54 32824 ----a-w- c:\windows\system32\rrMon.sys
    2011-12-03 00:32:48 -------- d-----w- c:\program files\Registrar Registry Manager
    2011-11-20 19:15:26 -------- d-----w- c:\program files\Ghost Mouse Auto Clicker
    2011-11-14 17:53:51 -------- d-----w- c:\documents and settings\all users\application data\DVD-Cloner
    2011-11-14 17:53:46 -------- d-----w- c:\documents and settings\harrison\application data\DVD-Cloner
    2011-11-14 17:53:43 -------- d-----w- c:\program files\DVD-Cloner
    2011-11-13 08:15:19 -------- d-----w- c:\documents and settings\harrison\local settings\application data\WMTools Downloaded Files
    2011-11-10 01:37:54 -------- d-----w- c:\windows\system32\cache
    .
    ==================== Find3M ====================
    .
    2011-11-15 18:37:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-06 17:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-03 17:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-25 22:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-25 22:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-25 22:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-12 17:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 22:01:49.00 ===============

  2. #2
    Emeritus- Malware Team
    Join Date
    Apr 2010
    Posts
    29

    Default

    Hi Neil,

    Welcome to Safer-Networking's Malware Removal forum.

    My nickname is mambass and I'll be helping you with any malware problems.

    Before we begin...please read and follow these important guidelines so things will proceed smoothly.

    1. If you haven't done so already, please read the topic BEFORE You POST where the conditions for receiving help here are explained.
    2. The instructions being given are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
    3. Please read all instructions carefully before executing them and perform the steps in the order given.
      lf you have any questions or problems executing these instructions then <<STOP>> do not proceed but rather post back with the question or problem.
    4. Your security programs may give warnings for some of the tools I will ask you to use. Be assured that any links I give are safe.
    5. You must have Administrator rights permissions for this computer.
    6. DO NOT run any other fix or removal tools unless instructed to do so!
    7. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    8. Only post your problem at one (1) help site. Applying fixes from multiple help sites can cause problems.
    9. Only reply to this thread. Do not start another thread.
    10. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
    11. You might want to place a link to this thread in your Favorites/Bookmarks for easy access.
    12. No Reply Within 3 Days Will Result In Your Topic Being Closed! Please let me know in advance if you will not be able to reply within this time limit.
    13. The logs I request can take a while to research so please be patient.
    14. I am currently in training at Malware Removal University. Each set of instructions that I provide will be reviewed by a faculty member before being posted to this thread. This process may add a small amount of time to my replies. On the positive side you will have two people working together to resolve your malware issues.

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection. I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system or to necessitate you taking your computer to a repair shop.
    Because of this I advise you to backup any personal files and folders before you start.

    How to back up or transfer your data on a Windows-based computer

    -----------------------------------------------------------

    I am currently reviewing your log and will return as soon as possible with additional instructions.

    Thanks,

    mambass
    Graduate of Malware Removal University - You too could train to help others

  3. #3
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default

    Thanks for your help

  4. #4
    Emeritus- Malware Team
    Join Date
    Apr 2010
    Posts
    29

    Default

    Hi Neil,

    Thanks for your help
    You're welcome.

    1. Punkbuster warning
      I see you have Punkbuster installed.( read the section on Published features) This is spyware. Punkbuster can take control over various aspects of your computer, and some gaming tools not unlike Punkbuster also hinder their removals. By the definition we handle here, Punkbuster is actual spyware. Therefore, I now ask you to decide the following:
      • Either we try to leave Punkbuster alone but there is no guarantee a spyware component doesn't 'accidentally' get taken out; so Punkbuster might break. This will, of course, also break your ability to play games using Punkbuster enabled servers.
      • Or we can just remove Punkbuster. You can reinstall it afterwards if you wish, but please keep in mind that It is spyware.
      • Another option is to not clean this computer at all. This ensures Punkbuster will continue to function. If you choose this option then please mention that in your reply and you can ignore the remaining steps below.

      Please let me know what you would like to do.

    2. Description of problems
      Please provide a description of the problems you are experiencing that have brought you here. The description does not need to be technically detailed but, if your computer has given you any Error Codes or flashed up any messages, then the exact wording of them can be very useful and you should include them.

    3. Run a Scan with OTL
      • Please download OTL by OldTimer and save it to your desktop.
      • Double click on the OTL icon on your Desktop to run it.
      • Check the boxes labeled :
        • Scan All Users
        • LOP check
        • Purity check
        • Extra Registry > Use SafeList
      • Make sure all other windows are closed to let it run uninterrupted.
      • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.

      When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
      The Extras.txt file will only appear the very first time you run OTL.
      Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

    4. Run a scan with GMER
      • Please download the GMER Rootkit Scanner from here.
      • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
      • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
      • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
        • IAT/EAT
        • Drives/Partition other than the System drive (which is typically C:\)
        • Show All (don't miss this one)
          See image below

      • Then click the Scan button & wait for it to finish
        **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries
      • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
      • Save it where you can easily find it, such as your desktop, and post it in your next reply

      Note: Do not run any other programs while Gmer is running.



    Please include in your reply:
    1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
    2. Your decision concerning cleaning your system given PunkBuster is installed.
    3. A description of the problems you are experiencing with this computer.
    4. The contents of the OTL.txt and Extras.txt logs.
    5. The contents of the Gmer.txt log.
    6. After posting your reply message, please verify that the last line of the last report is present in the post. If any log is cut off then please post the logs in sections.



    mambass
    Graduate of Malware Removal University - You too could train to help others

  5. #5
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default

    mambass


    would like to remove punkbuster. Dont know when or how it was installed on system

    Problem is that When i close and sometimes open a window with explorer about.blank starts loading pages






    OTL logfile created on: 10/12/2011 10:08:13 a.m. - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Harrison\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.34% Memory free
    2.85 Gb Paging File | 2.32 Gb Available in Paging File | 81.20% Paging File free
    Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 25.95 Gb Free Space | 34.82% Space Free | Partition Type: NTFS
    Drive E: | 465.76 Gb Total Space | 175.16 Gb Free Space | 37.61% Space Free | Partition Type: NTFS
    Drive F: | 149.05 Gb Total Space | 26.76 Gb Free Space | 17.95% Space Free | Partition Type: NTFS

    Computer Name: PC-ED35CABDA717 | User Name: Harrison | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/10 10:04:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harrison\Desktop\OTL.exe
    PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    PRC - [2011/10/16 08:44:22 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
    PRC - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\afasrv32.exe
    PRC - [2008/06/21 08:23:45 | 001,464,832 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\tcnz\McciTrayApp.exe
    PRC - [2008/04/14 13:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/09 20:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2007/05/18 10:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2004/11/15 23:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
    PRC - [2003/07/14 11:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    MOD - [2011/10/16 08:44:22 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\afasrv32.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (usnjsvc)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
    SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/05/25 16:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
    SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\afasrv32.exe -- (AfaService)
    SRV - [2007/08/09 20:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2007/05/18 10:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2010/04/12 03:40:28 | 000,019,200 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
    DRV - [2010/04/12 03:17:36 | 000,324,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
    DRV - [2010/01/09 12:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2009/04/14 04:05:22 | 000,031,104 | ---- | M] (USB Mass Storage.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UStorage.sys -- (USTORAGE)
    DRV - [2008/12/12 12:26:10 | 000,023,552 | ---- | M] (defrag Development Team) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dfg.sys -- (dfg)
    DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/05/07 04:50:26 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2008/05/07 04:50:26 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2007/04/11 10:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
    DRV - [2007/02/27 15:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2006/05/03 14:49:57 | 000,166,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
    DRV - [2006/02/21 21:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2004/11/18 00:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/08/04 11:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
    DRV - [2004/07/09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
    DRV - [2003/12/12 20:03:10 | 000,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
    DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nz.yahoo.com/
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://nz.yahoo.com/
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
    FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/22 08:25:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2011/11/04 15:10:14 | 000,000,000 | ---D | M]

    [2010/07/20 13:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Harrison\Application Data\Mozilla\Extensions
    [2010/01/12 13:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Harrison\Application Data\Mozilla\Extensions\mozswing@mozswing.org

    ========== Chrome ==========

    CHR - default_search_provider: Yahoo! Search ()
    CHR - default_search_provider: search_url = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    CHR - default_search_provider: suggest_url =

    O1 HOSTS File: ([2011/11/20 20:08:56 | 000,437,905 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 15063 more lines...
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [tcnz_McciTrayApp] C:\Program Files\tcnz\McciTrayApp.exe (Motive Communications, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - Startup: C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Harrison\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..Trusted Domains: motive.com ([ptcnztbc.tcnz] http in Trusted sites)
    O15 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Value error.)
    O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downlo...OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase6770.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn...tDetection.cab (GMNRev Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DF3C198-92CE-4706-9203-8EC6881273EC}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
    O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Harrison/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Harrison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Harrison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/14 15:59:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/03/30 14:45:31 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
    O32 - AutoRun File - [2002/10/17 01:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/10 10:03:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Harrison\Desktop\OTL.exe
    [2011/12/03 22:26:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/12/03 22:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/12/03 22:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2011/12/03 13:32:54 | 000,032,824 | ---- | C] (Resplendence Software Projects Sp) -- C:\WINDOWS\System32\rrMon.sys
    [2011/12/03 13:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registrar Registry Manager
    [2011/12/03 13:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
    [2011/11/21 19:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
    [2011/11/21 08:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Ghost Mouse Auto Clicker
    [2011/11/21 08:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ghost Mouse Auto Clicker
    [2011/11/16 08:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Desktop\I'm with You [Limited Edition]
    [2011/11/15 06:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD-Cloner
    [2011/11/15 06:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Application Data\DVD-Cloner
    [2011/11/15 06:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD-Cloner
    [2011/11/15 06:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\DVD-Cloner
    [2011/11/13 21:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Local Settings\Application Data\WMTools Downloaded Files
    [2011/11/10 14:37:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
    [2010/01/03 07:52:49 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Harrison\Application Data\pcouffin.sys
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/10 10:19:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6A4810CF-FB95-456B-B035-835C578DDBD1}.job
    [2011/12/10 10:04:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harrison\Desktop\OTL.exe
    [2011/12/10 10:04:07 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe
    [2011/12/10 09:38:03 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/10 09:25:49 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/10 09:25:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/10 09:22:04 | 111,718,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/12/09 19:55:01 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/12/04 18:52:08 | 000,250,667 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2011/12/03 22:26:02 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/12/03 18:42:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\dvdtest10024.dat
    [2011/11/22 08:25:25 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
    [2011/11/21 19:40:44 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2011/11/21 08:15:26 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ghost Mouse Auto Clicker.lnk
    [2011/11/20 20:17:33 | 000,000,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2011/11/20 20:08:56 | 000,437,905 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/11/16 07:37:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/11/13 22:42:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/11/13 22:08:01 | 000,239,104 | ---- | M] () -- C:\Documents and Settings\Harrison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/13 20:39:15 | 000,013,747 | ---- | M] () -- C:\Documents and Settings\Harrison\Desktop\imagesCAI50S1J.jpg
    [2011/11/13 19:38:54 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\Harrison\Desktop\New Microsoft Office Publisher Document.pub
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/10 10:04:01 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe
    [2011/12/03 22:26:02 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/12/03 13:32:49 | 000,120,376 | ---- | C] () -- C:\WINDOWS\System32\rrsec.dll
    [2011/12/03 13:32:49 | 000,097,888 | ---- | C] () -- C:\WINDOWS\System32\rrsec2k.exe
    [2011/11/21 19:40:44 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2011/11/21 08:15:26 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ghost Mouse Auto Clicker.lnk
    [2011/11/20 20:17:23 | 000,000,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2011/11/14 12:30:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dvdtest10024.dat
    [2011/11/13 20:41:31 | 000,013,747 | ---- | C] () -- C:\Documents and Settings\Harrison\Desktop\imagesCAI50S1J.jpg
    [2011/11/13 19:38:54 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\Harrison\Desktop\New Microsoft Office Publisher Document.pub
    [2011/10/16 11:59:25 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2011/10/09 14:54:27 | 000,176,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/06/14 15:21:50 | 000,012,800 | ---- | C] () -- C:\WINDOWS\sysutils.dll
    [2011/04/18 14:28:38 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2011/02/26 13:38:49 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/09/27 08:28:27 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
    [2010/09/21 19:59:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
    [2010/09/17 19:54:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/20 13:54:12 | 000,012,264 | ---- | C] () -- C:\WINDOWS\scunin.dat
    [2010/07/20 13:44:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/07/20 12:53:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
    [2010/02/12 21:32:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
    [2010/01/03 07:52:49 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\inst.exe
    [2010/01/03 07:52:49 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\pcouffin.cat
    [2010/01/03 07:52:49 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\pcouffin.inf
    [2009/07/19 14:59:22 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\FixVTS.ini
    [2009/07/13 19:09:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\afasrv32.exe
    [2009/06/27 20:09:03 | 000,066,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/04/13 10:39:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2009/02/26 09:58:44 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2009/02/26 09:58:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2009/01/27 19:59:01 | 000,094,083 | ---- | C] () -- C:\WINDOWS\hpqins11.dat.temp
    [2009/01/27 19:40:32 | 000,094,065 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
    [2009/01/19 07:12:19 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Harrison\Local Settings\Application Data\fusioncache.dat
    [2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2008/12/31 17:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
    [2008/12/29 12:29:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
    [2008/12/25 10:40:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/12/25 10:40:40 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008/12/24 09:49:07 | 000,139,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2008/12/24 09:48:59 | 000,189,672 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
    [2008/12/24 09:48:51 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
    [2008/12/20 10:02:50 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
    [2008/12/05 22:54:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2008/12/05 16:02:36 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
    [2008/11/24 18:54:52 | 000,093,684 | ---- | C] () -- C:\WINDOWS\hpqins07.dat.temp
    [2008/11/24 18:31:37 | 000,117,048 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
    [2008/11/24 18:24:05 | 000,117,579 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
    [2008/11/24 18:24:05 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
    [2008/11/24 18:21:31 | 000,093,684 | ---- | C] () -- C:\WINDOWS\hpqins07.dat
    [2008/10/26 12:07:54 | 000,009,379 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (DOS).EML
    [2008/10/26 12:05:54 | 000,009,387 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Tab Separated Values (Windows).EML
    [2008/10/26 12:00:57 | 000,038,502 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Tab Separated Values (Windows).ADR
    [2008/07/25 13:53:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/07/19 12:15:33 | 000,094,083 | ---- | C] () -- C:\WINDOWS\hpqins11.dat
    [2008/07/19 11:49:59 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2008/07/18 15:50:20 | 000,239,104 | ---- | C] () -- C:\Documents and Settings\Harrison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/07/15 03:47:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/07/15 03:45:51 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/07/14 22:54:47 | 000,038,463 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (Windows).ADR
    [2008/07/14 22:51:01 | 000,021,750 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (Windows).EML
    [2008/07/14 16:15:56 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
    [2008/07/14 16:09:07 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2008/07/14 16:09:03 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2008/07/14 16:09:03 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2008/07/14 16:08:53 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
    [2008/07/14 16:05:27 | 000,003,335 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2008/07/14 16:05:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2008/07/14 16:00:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/07/14 15:56:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
    [2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
    [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/09/12 23:09:25 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2006/05/05 23:10:17 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
    [2006/01/19 03:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
    [2005/10/07 08:13:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
    [2005/10/07 08:13:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
    [2004/08/05 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/05 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/05 01:00:00 | 000,505,478 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/05 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/05 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/05 01:00:00 | 000,087,692 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/05 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/05 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/05 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/05 01:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/05 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/05 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [1997/06/14 15:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2011/10/16 09:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2010/11/05 10:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/12/20 15:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2009/07/14 08:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2010/11/05 10:27:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/11/15 06:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD-Cloner
    [2011/02/26 13:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2009/12/03 08:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2011/02/07 10:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2011/12/10 09:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/01/12 12:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
    [2008/07/27 14:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2009/10/18 15:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2011/08/07 19:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
    [2009/01/06 08:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2008/10/28 20:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2011/10/15 12:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    [2010/08/12 12:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/01/26 18:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/07 04:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2011/07/23 21:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\asoftech
    [2011/10/16 08:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG Secure Search
    [2011/10/16 08:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG2012
    [2010/03/23 08:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG9
    [2010/02/18 10:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Azureus
    [2008/07/19 14:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/11/15 06:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\DVD-Cloner
    [2011/10/20 13:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft
    [2011/03/07 15:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\DVDVideoSoftIEHelpers
    [2010/02/12 20:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\FrostWire
    [2010/07/20 12:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\FUJIFILM
    [2011/05/26 20:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\HandBrake
    [2011/11/07 14:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Image Zone Express
    [2011/02/07 18:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\IObit
    [2009/10/21 19:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\MSNInstaller
    [2011/08/07 19:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Netscape
    [2010/01/18 17:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Nokia
    [2010/01/14 22:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\PC Suite
    [2011/11/08 09:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\PriceGong
    [2011/11/13 22:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\RipIt4Me
    [2011/02/26 18:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Sony Online Entertainment
    [2009/01/06 08:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Ulead Systems
    [2011/10/15 12:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Uniblue
    [2011/08/20 15:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Vso
    [2010/06/18 10:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Windows Desktop Search
    [2010/06/18 17:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Windows Search
    [2011/07/23 21:17:34 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\AsoftechAutoClicker_4.job
    [2011/12/10 10:19:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6A4810CF-FB95-456B-B035-835C578DDBD1}.job

    ========== Purity Check ==========



    < End of report >

  6. #6
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default

    OTL Extras logfile created on: 10/12/2011 10:08:13 a.m. - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Harrison\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.34% Memory free
    2.85 Gb Paging File | 2.32 Gb Available in Paging File | 81.20% Paging File free
    Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 25.95 Gb Free Space | 34.82% Space Free | Partition Type: NTFS
    Drive E: | 465.76 Gb Total Space | 175.16 Gb Free Space | 37.61% Space Free | Partition Type: NTFS
    Drive F: | 149.05 Gb Total Space | 26.76 Gb Free Space | 17.95% Space Free | Partition Type: NTFS

    Computer Name: PC-ED35CABDA717 | User Name: Harrison | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
    "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:BF2
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
    "C:\Program Files\Steam\steamapps\raven__69\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\raven__69\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
    "C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.EXE" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.EXE:*:Disabled:Age of Empires II -- (Microsoft Corporation)
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
    "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe Edition
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
    "{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
    "{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
    "{1935BDD9-9F57-4BF6-AE59-ED07860D33EE}_is1" = Ghost Mouse Auto Clicker 3.3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
    "{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
    "{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
    "{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
    "{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
    "{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
    "{336091F7-459B-48D1-A6EB-04E4A9D727EB}" = TR150-Call Center
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
    "{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
    "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
    "{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A71E27C-07D2-4CB8-ACA9-165242416758}" = Digital Video
    "{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
    "{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}" = PC Connectivity Solution
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{534C6D59-D6E3-48A6-AD0B-747799019960}" = XVID Codec Installation
    "{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
    "{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
    "{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
    "{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
    "{5F1ECD36-0DFA-4C58-830B-0F089083407F}" = AVG 2012
    "{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
    "{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
    "{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
    "{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE Basic
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
    "{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}" = OviMPlatform
    "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
    "{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
    "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
    "{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
    "{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
    "{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}" = Nokia Ovi Suite
    "{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
    "{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
    "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
    "{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
    "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
    "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
    "{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
    "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
    "{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
    "{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
    "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F1C3541D-5B93-4131-B440-692FBA3DD250}" = Ovi Desktop Sync Engine
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
    "Activision_StarTrekArmadaUninstallKey" = Star Trek: Armada
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Age of Empires" = Microsoft Age of Empires
    "Age of Empires 2.0" = Microsoft Age of Empires II
    "Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "AVG" = AVG 2012
    "AVG Secure Search" = AVG Security Toolbar
    "Card Icon Program_is1" = Card Icon Program 1.2
    "conduitEngine" = Conduit Engine
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVD-Cloner 8_is1" = DVD-Cloner V8.70 Build 1016
    "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
    "ERUNT_is1" = ERUNT 1.1j
    "Federal 2010 Ammunition" = Federal 2010 Ammunition
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
    "HijackThis" = HijackThis 1.99.1
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPExtendedCapabilities" = HP Customer Participation Program 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
    "IObit Security 360_is1" = IObit Security 360
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Nokia Ovi Suite" = Nokia Ovi Suite
    "Nokia PC Suite" = Nokia PC Suite
    "Photodex Presenter" = Photodex Presenter
    "Picasa 3" = Picasa 3
    "Planescape - Torment" = Planescape - Torment
    "PROR" = Microsoft Office Professional 2007
    "Registrar_is1" = Registrar Registry Manager 6.52
    "RegZooka" = RegZooka
    "Starcraft" = Starcraft
    "Steam App 240" = Counter-Strike: Source
    "Tag&Rename_is1" = Tag&Rename 3.1.7
    "Telecom Help Assistant" = Telecom Help Assistant
    "Total Annihilation: Kingdoms" = Total Annihilation: Kingdoms
    "Uninstall_is1" = Uninstall 1.0.0.1
    "VLC media player" = VideoLAN VLC media player 0.8.1
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "SOE-Clone Wars" = Clone Wars

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 14/10/2011 7:06:41 p.m. | Computer Name = PC-ED35CABDA717 | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\HARRISON\DESKTOP\REGISTRYBOOSTER.EXE>
    in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
    A
    device attached to the system is not functioning. (0x8007001f)

    Error - 14/10/2011 7:06:41 p.m. | Computer Name = PC-ED35CABDA717 | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\HARRISON\DESKTOP\REGISTRYBOOSTER.EXE>
    in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
    A
    device attached to the system is not functioning. (0x8007001f)

    Error - 6/11/2011 3:29:27 a.m. | Computer Name = PC-ED35CABDA717 | Source = IS360service | ID = 0
    Description =

    Error - 9/11/2011 4:46:28 a.m. | Computer Name = PC-ED35CABDA717 | Source = Windows Search Service | ID = 3024
    Description = The update cannot be started because the content sources cannot be
    accessed. Fix the errors and try the update again. Context: Application, SystemIndex
    Catalog

    Error - 9/11/2011 4:19:03 p.m. | Computer Name = PC-ED35CABDA717 | Source = .NET Runtime | ID = 1023
    Description = .NET Runtime version 2.0.50727.3625 - Fatal Execution Engine Error
    (7A0BC59E) (80131506)

    Error - 11/11/2011 12:20:30 a.m. | Computer Name = PC-ED35CABDA717 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module SPhoneParser.dll, version 1.0.1.184, fault address 0x00077316.

    Error - 17/11/2011 4:10:23 p.m. | Computer Name = PC-ED35CABDA717 | Source = Windows Search Service | ID = 3024
    Description = The update cannot be started because the content sources cannot be
    accessed. Fix the errors and try the update again. Context: Application, SystemIndex
    Catalog

    Error - 20/11/2011 6:45:22 p.m. | Computer Name = PC-ED35CABDA717 | Source = EventSystem | ID = 4618
    Description = The COM+ Event System raised an unexpected access violation at address
    0x7C91072F, attempting to access address 0x00165195. Please contact Microsoft
    Product Support Services to report this error. ntdll!wcsncpy+0x1b0 ntdll!wcsncpy+0x2cd
    ole32!ComPs_NdrDllCanUnloadNow+0xdb
    ole32!CoTaskMemFree+0x13
    es!DllGetClassObject+0x4e5d
    es!DllGetClassObject+0x687b
    sens!+0x3352
    sens!+0x31a7
    ole32!FreePropVariantArray+0x7be
    es!+0x109f3
    es!+0x10d95
    es!+0x294a1
    es!+0x29519
    ole32!FreePropVariantArray+0x7be
    es!+0xe884
    es!+0x12a86
    es!+0x12b10
    ole32!FreePropVariantArray+0x6fb
    ole32!FreePropVariantArray+0x5de
    es!+0x2b0b1
    es!+0x2b394
    es!+0x2b4d8
    kernel32!GetModuleFileNameA+0x1ba

    Error - 20/11/2011 6:45:39 p.m. | Computer Name = PC-ED35CABDA717 | Source = WinMgmt | ID = 24
    Description = Event provider attempted to register query "select * from __InstanceOperationEvent"
    whose target class "__InstanceOperationEvent" does not exist. The query will be ignored.

    Error - 21/11/2011 4:39:11 p.m. | Computer Name = PC-ED35CABDA717 | Source = Windows Search Service | ID = 3024
    Description = The update cannot be started because the content sources cannot be
    accessed. Fix the errors and try the update again. Context: Application, SystemIndex
    Catalog

    [ OSession Events ]
    Error - 17/12/2009 1:59:34 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 720
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 22/02/2010 3:53:53 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/03/2010 4:30:06 a.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10871
    seconds with 480 seconds of active time. This session ended with a crash.

    Error - 9/10/2010 6:08:32 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2/11/2010 3:45:16 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 57
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 15/01/2011 9:14:16 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 70
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 23/03/2011 2:51:04 a.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5465
    seconds with 300 seconds of active time. This session ended with a crash.

    Error - 9/07/2011 8:30:48 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3802
    seconds with 180 seconds of active time. This session ended with a crash.

    Error - 20/07/2011 11:59:19 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 10201
    seconds with 420 seconds of active time. This session ended with a crash.

    Error - 11/09/2011 3:02:35 a.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 8835
    seconds with 240 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 9/11/2011 4:22:38 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 9/11/2011 5:36:45 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 9/11/2011 5:36:48 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 10/11/2011 3:40:48 a.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 10/11/2011 3:40:52 a.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 10/11/2011 3:42:24 a.m. | Computer Name = PC-ED35CABDA717 | Source = DCOM | ID = 10010
    Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register
    with DCOM within the required timeout.

    Error - 10/11/2011 2:49:19 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 10/11/2011 2:49:21 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 10/11/2011 5:39:35 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 10/11/2011 5:39:38 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.


    < End of report >

  7. #7
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-10 19:22:15
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-00JHA0 rev.05.01C05
    Running: bq5tr07d.exe; Driver: C:\DOCUME~1\Harrison\LOCALS~1\Temp\awlcypob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAE419F3C]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAE419FE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAE41A080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAE41A11C]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\AVG Secure Search\vprot.exe[172] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\AVG Secure Search\vprot.exe[172] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\AVG Secure Search\vprot.exe[172] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\AVG Secure Search\vprot.exe[172] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\AVG Secure Search\vprot.exe[172] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02130001
    .text C:\Program Files\AVG Secure Search\vprot.exe[172] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\AVG Secure Search\vprot.exe[172] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\AVG Secure Search\vprot.exe[172] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\Program Files\AVG Secure Search\vprot.exe[172] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\AVG Secure Search\vprot.exe[172] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\Program Files\AVG Secure Search\vprot.exe[172] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\Program Files\AVG Secure Search\vprot.exe[172] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\WINDOWS\system32\ctfmon.exe[228] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[228] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\ctfmon.exe[228] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[228] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\ctfmon.exe[228] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AD0001
    .text C:\WINDOWS\system32\ctfmon.exe[228] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\system32\ctfmon.exe[228] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\system32\ctfmon.exe[228] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\system32\ctfmon.exe[228] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[228] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\ctfmon.exe[228] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\WINDOWS\system32\ctfmon.exe[228] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FD0001
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
    .text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\WINDOWS\system32\Ati2evxx.exe[1712] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\Ati2evxx.exe[1712] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\Ati2evxx.exe[1712] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\Ati2evxx.exe[1712] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\Ati2evxx.exe[1712] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01670001
    .text C:\WINDOWS\system32\Ati2evxx.exe[1712] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\system32\Ati2evxx.exe[1712] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\system32\Ati2evxx.exe[1712] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\system32\Ati2evxx.exe[1712] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\Ati2evxx.exe[1712] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\Ati2evxx.exe[1712] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\WINDOWS\system32\Ati2evxx.exe[1712] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\WINDOWS\Explorer.EXE[1796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04A90001
    .text C:\WINDOWS\Explorer.EXE[1796] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\Explorer.EXE[1796] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\Explorer.EXE[1796] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\Explorer.EXE[1796] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[1796] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\WINDOWS\SOUNDMAN.EXE[2024] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\SOUNDMAN.EXE[2024] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\SOUNDMAN.EXE[2024] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\SOUNDMAN.EXE[2024] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\SOUNDMAN.EXE[2024] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E90001
    .text C:\WINDOWS\SOUNDMAN.EXE[2024] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\SOUNDMAN.EXE[2024] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\SOUNDMAN.EXE[2024] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\SOUNDMAN.EXE[2024] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\SOUNDMAN.EXE[2024] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\WINDOWS\SOUNDMAN.EXE[2024] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\WINDOWS\SOUNDMAN.EXE[2024] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\tcnz\McciTrayApp.exe[2032] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\tcnz\McciTrayApp.exe[2032] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\tcnz\McciTrayApp.exe[2032] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\tcnz\McciTrayApp.exe[2032] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\tcnz\McciTrayApp.exe[2032] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012F0001
    .text C:\Program Files\tcnz\McciTrayApp.exe[2032] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\tcnz\McciTrayApp.exe[2032] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\tcnz\McciTrayApp.exe[2032] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\Program Files\tcnz\McciTrayApp.exe[2032] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\tcnz\McciTrayApp.exe[2032] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\Program Files\tcnz\McciTrayApp.exe[2032] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\Program Files\tcnz\McciTrayApp.exe[2032] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\WINDOWS\LTMSG.exe[2040] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\LTMSG.exe[2040] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\LTMSG.exe[2040] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\LTMSG.exe[2040] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\LTMSG.exe[2040] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E70001
    .text C:\WINDOWS\LTMSG.exe[2040] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\LTMSG.exe[2040] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\LTMSG.exe[2040] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\LTMSG.exe[2040] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\LTMSG.exe[2040] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\WINDOWS\LTMSG.exe[2040] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\WINDOWS\LTMSG.exe[2040] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2728] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109A10090400000000000F01FEC\Usage@OutlookMAPI2Intl_1033 1066017040
    Reg HKLM\SOFTWARE\Classes\CLSID\{75D01070-1234-44E9-82F6-DB5B39A47C13}\DataFormats\DefaultFi˙e@ MSPresentation
    Reg HKLM\SOFTWARE\Classes\Interface\{AD194525-6E01-4BCA-929C-23C7383336AF}\ProxyStub

    ---- EOF - GMER 1.0.15 ----

  8. #8
    Emeritus- Malware Team
    Join Date
    Apr 2010
    Posts
    29

    Default

    Hi Neil,

    1. I have a few questions
      Problem is that When i close and sometimes open a window with explorer about.blank starts loading pages
      • Could you please explain what you mean by "about.blank"?
      • By "loading pages" do you mean that windows are popping up?
      • What type of pages are loading? Are they in any way related to what you had been viewing?


    2. MGADiag
      • Please click here to download MGADiag.exe from Microsoft and save it to your Desktop.
      • Double click on MGADiag.exe to run it.
      • Click Continue.
      • The program will run. It takes a while to finish the diagnosis, please be patient.
      • Once done, click on Copy.
      • Open Notepad and paste the contents in. Save this file and post it in your next reply.


    3. CKScanner
      • Please click here to download CKScannerŠ by askey127 and save to your Desktop.
      • Double click on CKScanner.exe and click Search For Files. Note: It's important that you only run this program one time.
      • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
      • Post the contents of ckfiles.txt in your reply, it is located on your desktop.


    4. WVCheck
      • Please click here to download WVCheck.exe and save it to your Desktop.
      • Double click WVCheck.exe, to run the process.
      • Read the comments on the screen... then press Enter.
        The scan can take a while, depending on the size of your hard drive.
      • Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
      • Please copy and paste the contents of the Notepad scan report in your next reply.



    Please include in your reply:
    1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
    2. The answers to my questions.
    3. The contents of the MGADiag log.
    4. The contents of the CKScanner log.
    5. The contents of the WVCheck log.
    6. After posting your reply message, please verify that the last line of the last report is present in the post. If any log is cut off then please post the logs in sections.



    mambass
    Graduate of Malware Removal University - You too could train to help others

  9. #9
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default

    a page i have been viewing pops open by itself multiply times. opens as about.blank then goes to page.
    Im away for work for 3 days and will post logs as soon as i get back. thanks for your help
    Neil

  10. #10
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default

    what next, ready to reformat c. whats my best options

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •