Hi Neil,
Please run the scans requested in my previous post (MGADiag, CKScanner and WVCheck) and provide the logs in your reply.
mambass
Hi Neil,
Please run the scans requested in my previous post (MGADiag, CKScanner and WVCheck) and provide the logs in your reply.
mambass
Graduate of Malware Removal University - You too could train to help others
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-KVMH8-G4HV6-H8YFJ
Windows Product Key Hash: H5rDjxMGPk05nzMyD0gCE1hoIFU=
Windows Product ID: 76477-OEM-2160032-12871
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {2F4DD347-B443-490D-8C04-03DE62D7A2E5}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: 1.7.105.35
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: 100
Version: 1.7.105.35
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: Microsoft
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional 2007 - 100 Genuine
OGA Version: Registered, 1.7.105.35
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2F4DD347-B443-490D-8C04-03DE62D7A2E5}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-H8YFJ</PKey><PID>76477-OEM-2160032-12871</PID><PIDType>3</PIDType><SID>S-1-5-21-1547161642-2111687655-839522115</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1001.026</Version><SMBIOSVersion major="2" minor="3"/><Date>20050224000000.000000+000</Date></BIOS><HWID>2B873AD70184A07D</HWID><UserLCID>1409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>New Zealand Standard Time(GMT+12:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.105.35"/><File Name="OGAAddin.dll" Version="1.7.105.35"/><File Name="OGAVerify.exe" Version="1.7.105.35"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0014-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional 2007</Name><Ver>12</Ver><Val>2C3F4CA0208F77A</Val><Hash>pDEyh9epmLDwbUC5JfSsF6x8KUc=</Hash><Pid>81605-957-5155302-65618</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Licensing Data-->
N/A
Windows Activation Technologies-->
N/A
HWID Data-->
N/A
OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1753B:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005
OEM Activation 2.0 Data-->
N/A
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackshadow.cfx
scanner sequence 3.ZZ.11.GKAPST
----- EOF -----
Windows Validation Check
Version: 1.9.12.5
Log Created On: 1049_15-12-2011
-----------------------
Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
Systemroot Path: C:\WINDOWS
WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2011-12-14 04:28:01
Last Success Time for Update Download: 2011-11-10 18:52:56
Last Success Time for Update Installation: 2011-11-10 21:27:17
WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------
WVCheck's File Dump
-----------------------
WVCheck found no known bad files.
WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.
WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.
WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.
WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.
WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b26b135ff1b9f60c9388b4a7d16f600b
-------- End of File, program close at 1059_15-12-2011 --------
Hi Neil,
Thank you for the logs.
Registry Cleaners
Re. Registrar Registry Manager, RegZooka and RegistryBooster
I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on regcleaners
I believe that you will find this post by Bill Castner to be very informative: WhatTheTech ForumMost reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.
We're going to be doing a lot of work in this post. Just execute the steps in the order given and it won't be too difficult. After the computer reboots at the end of the last step, please determine whether you are still experiencing problems with your computer and report your findings in your reply.
Please print these instructions because you will not have access to the Internet while performing some of the tasks below.
- A few more questions
- When a new Internet Explorer window first appears and the display area is blank before the page you were viewing appears, do you see "about:blank" in the address area near the top of the window?
- Do new windows appear when you are
- Typing?
- Using the mouse?
- Doing nothing (i.e., you are not using the keyboard or mouse)?
- If you have any browsers installed other than Internet Explorer could you please see if they exhibit similar behavior and report back?
- I noticed entries in your log indicating that restrictions exist concerning your ability to make changes to certain Internet Explorer settings and/or access certain Internet Explorer features. These could have been added by security software that you may have installed or they could have been added by malware. Could you please let me know if you wish to retain those restrictions or if you would like to have them removed?
- Backup Your Registry with ERUNT
You already appear to have ERUNT on your computer. Please run it.
OK all the prompts to back up your registry to the default location.
Note: If you ever need to restore your registry later, you would go to the default backup folder and start ERDNT.exe
(The default backup folder is C:\Windows\ERDNT\ and the backups are saved according to date stamp)
- Download the OTL fix file to be used later
Right-click on the attachment link at the bottom of this page, select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename: Fix.txt
This file must be saved to your Desktop as fix.txt.
- Uninstall PunkBuster
- Please click here to download the PBSVC Setup Program and save it to your Desktop.
- Double click on pbsvc.exe to start it... then click Uninstall.
Once that's finished...- Click Start > Run and copy and paste the following into the open text box:
Code:cmd /c for %i in (A B K) do sc delete PnkBstr%i- Click OK. A black box will flash very briefly. This is normal.
- Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
Conduit Engine
DVDVideoSoftTB Toolbar
IObit Security 360
Registrar Registry Manager 6.52
RegZooka
Take extra care in answering questions posed by any Uninstaller.
- Reboot (restart) your computer
- Run an OTL fix
- Double Click the OTL icon on your Desktop
- Click the Run Fix button at the top.
- You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
- When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt and click Open
- Some text will appear in the Custom scans/Fixes box.
- Click the Run Fix button.
- Let the program run unhindered and reboot the PC when it is done.
When the computer Reboots, and you start your usual account, a Notepad text file will appear.- Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt
If no log then please look in the C:\_OTL\MovedFiles folder for a file whose filename format is MMDDYYY_HHMMSS.log based on the date/time OTL was run.
Please include in your reply:
- The text of any error messages and/or a description of any problems you encountered while performing these steps.
- The answers to my questions.
- The contents of the OTL.txt log.
- A description of how your computer is running and any Malware symptoms that are still present.
mambass
Graduate of Malware Removal University - You too could train to help others
========== PROCESSES ==========
All processes killed
========== OTL ==========
Error: No service named IS360service was found to stop!
Service\Driver key IS360service not found.
File C:\Program Files\IObit\IObit Security 360\is360srv.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ deleted successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm moved successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\motive.com\ptcnztbc.tcnz\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET1FF.tmp deleted successfully.
C:\WINDOWS\System32\SET20B.tmp deleted successfully.
C:\WINDOWS\System32\SET253.tmp deleted successfully.
C:\WINDOWS\002578_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\drivers\OLD92.tmp deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Registrar Registry Manager not found.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\setup folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\logs folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\FreeYouTubeToMP3Converter\Themes folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\FreeYouTubeToMP3Converter\History folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\FreeYouTubeToMP3Converter folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\FreeDVDVideoBurner\Themes folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\FreeDVDVideoBurner folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoftIEHelpers folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire\xml\data folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire\xml folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire\themes folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire\overlays folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire\.NetworkShare folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\IObit\SmartRAM folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\IObit\InternetBooster folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\IObit\Advanced SystemCare\Backup\Registry folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\IObit\Advanced SystemCare\Backup folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\IObit\Advanced SystemCare folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\IObit folder moved successfully.
C:\Program Files\IObit\IObit Security 360\Update folder moved successfully.
C:\Program Files\IObit\IObit Security 360\Quarantine Zone folder moved successfully.
C:\Program Files\IObit\IObit Security 360\log\Scan folder moved successfully.
C:\Program Files\IObit\IObit Security 360\log folder moved successfully.
C:\Program Files\IObit\IObit Security 360\Downloaded folder moved successfully.
C:\Program Files\IObit\IObit Security 360 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3 folder moved successfully.
C:\Program Files\IObit folder moved successfully.
File\Folder C:\Program Files\DVDVideoSoftTB not found.
File\Folder C:\Program Files\ConduitEngine not found.
c:\program files\Registrar Registry Manager folder moved successfully.
c:\program files\RegZooka\Logs folder moved successfully.
c:\program files\RegZooka\Backups folder moved successfully.
c:\program files\RegZooka folder moved successfully.
C:\WINDOWS\System32\rrMon.sys moved successfully.
File\Folder C:\WINDOWS\System32\rrsec.dll not found.
File\Folder C:\WINDOWS\System32\rrsec2k.exe not found.
File\Folder C:\WINDOWS\System32\drivers\PnkBstrK.sys not found.
File\Folder C:\WINDOWS\System32\PnkBstrB.exe not found.
File\Folder C:\WINDOWS\System32\PnkBstrA.exe not found.
File\Folder C:\DOCUMENTS AND SETTINGS\HARRISON\DESKTOP\REGISTRYBOOSTER.EXE not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
OTL by OldTimer - Version 3.2.31.0 log created on 12162011_155243
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Answers to questions
1. yes about.blank then to web page i had just closed
2. Windows re'open after I close a window
3. No other browser
4. No reason to retain something I have no idea what it does. If theres a chance its malware I would appreciate your help in removing it.
Thank you your help is greatly apprerciated
Hi Neil,
- Perform a Custom Fix with OTL
- Double-click the OTL icon on your Desktop to run the program.
- In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
Code::OTL O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present :Commands [CREATERESTOREPOINT] [REBOOT]- Then click the Run Fix button at the top.
- Let the program run unhindered and reboot the PC when it is done.
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
- Run an aswMBR scan
- Please click here to download aswMBR and save it to your Desktop.
- Double click the aswMBR.exe icon on your Desktop to run it.
- Click No if asked "Would you like to download latest Avst! Virus definitions?"
- Click the Scan button.
- After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
- Click OK
- Two files will be created, aswMBR.txt & a file named MBR.dat
- Save MBR.dat to a USB flash drive. This is a backup of your MBR (Master Boot record). Do not delete this file.
- NOTE: Do not click to fix anything at this stage!
- Click EXIT.
- Copy & Paste the contents of aswMBR.txt into your next reply.
Please include in your reply:
- The text of any error messages and/or a description of any problems you encountered while performing these steps.
- The contents of the OTL.txt log.
- The contents of the aswMBR.txt log.
- Please let me know if you are still experiencing problems.
mambass
Graduate of Malware Removal University - You too could train to help others
OTL logfile created on: 18/12/2011 12:51:42 p.m. - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Harrison\Desktop\repair
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.35% Memory free
2.85 Gb Paging File | 2.41 Gb Available in Paging File | 84.50% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 27.42 Gb Free Space | 36.80% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 465.76 Gb Total Space | 170.44 Gb Free Space | 36.59% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 23.49 Gb Free Space | 15.76% Space Free | Partition Type: NTFS
Computer Name: PC-ED35CABDA717 | User Name: Harrison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/12/10 10:04:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harrison\Desktop\repair\OTL.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/10/16 08:44:22 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\afasrv32.exe
PRC - [2008/06/21 08:23:45 | 001,464,832 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\tcnz\McciTrayApp.exe
PRC - [2008/04/14 13:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 20:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/05/18 10:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2004/11/15 23:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/07/14 11:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
MOD - [2011/10/16 08:44:22 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\afasrv32.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (usnjsvc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/05/25 16:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\afasrv32.exe -- (AfaService)
SRV - [2007/08/09 20:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/18 10:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
========== Driver Services (SafeList) ==========
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/04/12 03:40:28 | 000,019,200 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2010/04/12 03:17:36 | 000,324,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2010/01/09 12:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/04/14 04:05:22 | 000,031,104 | ---- | M] (USB Mass Storage.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UStorage.sys -- (USTORAGE)
DRV - [2008/12/12 12:26:10 | 000,023,552 | ---- | M] (defrag Development Team) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dfg.sys -- (dfg)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/07 04:50:26 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/05/07 04:50:26 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/04/11 10:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2007/02/27 15:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/05/03 14:49:57 | 000,166,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2006/02/21 21:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/18 00:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 11:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/07/09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/12/12 20:03:10 | 000,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nz.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://nz.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/15 09:23:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2011/11/04 15:10:14 | 000,000,000 | ---D | M]
[2010/07/20 13:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Harrison\Application Data\Mozilla\Extensions
[2010/01/12 13:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Harrison\Application Data\Mozilla\Extensions\mozswing@mozswing.org
========== Chrome ==========
CHR - default_search_provider: Yahoo! Search ()
CHR - default_search_provider: search_url = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
CHR - default_search_provider: suggest_url =
O1 HOSTS File: ([2011/11/20 20:08:56 | 000,437,905 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15063 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [tcnz_McciTrayApp] C:\Program Files\tcnz\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: motive.com ([ptcnztbc.tcnz] http in Trusted sites)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Value error.)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downlo...OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn...tDetection.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DF3C198-92CE-4706-9203-8EC6881273EC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Harrison/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Harrison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Harrison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/14 15:59:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/30 14:45:31 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 01:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2011/12/16 15:52:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/16 14:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Desktop\drivers
[2011/12/15 19:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD-Cloner
[2011/12/15 19:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\DVD-Cloner
[2011/12/15 19:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Application Data\dvd-cloner
[2011/12/15 10:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Desktop\repair
[2011/12/03 22:26:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/03 22:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/03 22:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/11/21 19:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/21 08:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Ghost Mouse Auto Clicker
[2011/11/21 08:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ghost Mouse Auto Clicker
[2010/01/03 07:52:49 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Harrison\Application Data\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2011/12/18 12:59:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6A4810CF-FB95-456B-B035-835C578DDBD1}.job
[2011/12/18 12:41:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/18 12:40:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/18 12:38:10 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/18 11:50:40 | 084,460,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/16 13:34:42 | 000,009,387 | ---- | M] () -- C:\Documents and Settings\Harrison\Application Data\Tab Separated Values (Windows).EML
[2011/12/16 07:59:35 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 21:39:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/15 19:26:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\dvdtest10024.dat
[2011/12/15 10:30:21 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/14 18:28:40 | 000,271,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/03 22:26:02 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/21 19:40:44 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/21 08:15:26 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ghost Mouse Auto Clicker.lnk
[2011/11/20 20:17:33 | 000,000,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
========== Files Created - No Company Name ==========
[2011/12/03 22:26:02 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/21 19:40:44 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/21 08:15:26 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ghost Mouse Auto Clicker.lnk
[2011/11/20 20:17:23 | 000,000,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/11/14 12:30:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dvdtest10024.dat
[2011/10/16 11:59:25 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/10/09 14:54:27 | 000,176,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/14 15:21:50 | 000,012,800 | ---- | C] () -- C:\WINDOWS\sysutils.dll
[2011/04/18 14:28:38 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/02/26 13:38:49 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/27 08:28:27 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/09/21 19:59:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2010/09/17 19:54:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/20 13:54:12 | 000,012,264 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/07/20 13:44:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/20 12:53:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
[2010/02/12 21:32:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2010/01/03 07:52:49 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\inst.exe
[2010/01/03 07:52:49 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\pcouffin.cat
[2010/01/03 07:52:49 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\pcouffin.inf
[2009/07/19 14:59:22 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\FixVTS.ini
[2009/07/13 19:09:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\afasrv32.exe
[2009/06/27 20:09:03 | 000,066,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/13 10:39:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/02/26 09:58:44 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/02/26 09:58:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/27 19:59:01 | 000,094,083 | ---- | C] () -- C:\WINDOWS\hpqins11.dat.temp
[2009/01/27 19:40:32 | 000,094,065 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2009/01/19 07:12:19 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Harrison\Local Settings\Application Data\fusioncache.dat
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/31 17:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/12/29 12:29:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/12/25 10:40:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/25 10:40:40 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/20 10:02:50 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/12/05 22:54:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/05 16:02:36 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008/11/24 18:54:52 | 000,093,684 | ---- | C] () -- C:\WINDOWS\hpqins07.dat.temp
[2008/11/24 18:31:37 | 000,117,048 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/11/24 18:24:05 | 000,117,579 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2008/11/24 18:24:05 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2008/11/24 18:21:31 | 000,093,684 | ---- | C] () -- C:\WINDOWS\hpqins07.dat
[2008/10/26 12:07:54 | 000,009,379 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (DOS).EML
[2008/10/26 12:05:54 | 000,009,387 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Tab Separated Values (Windows).EML
[2008/10/26 12:00:57 | 000,038,502 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Tab Separated Values (Windows).ADR
[2008/07/25 13:53:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/19 12:15:33 | 000,094,083 | ---- | C] () -- C:\WINDOWS\hpqins11.dat
[2008/07/19 11:49:59 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/07/18 15:50:20 | 000,239,104 | ---- | C] () -- C:\Documents and Settings\Harrison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/15 03:47:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/15 03:45:51 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/14 22:54:47 | 000,038,463 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (Windows).ADR
[2008/07/14 22:51:01 | 000,021,750 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (Windows).EML
[2008/07/14 16:15:56 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/07/14 16:09:07 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/07/14 16:09:03 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/07/14 16:09:03 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/07/14 16:08:53 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2008/07/14 16:05:27 | 000,003,335 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/14 16:05:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/07/14 16:00:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/14 15:56:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/12 23:09:25 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/05/05 23:10:17 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/01/19 03:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005/10/07 08:13:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2005/10/07 08:13:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/08/05 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/05 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/05 01:00:00 | 000,505,478 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/05 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/05 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/05 01:00:00 | 000,087,692 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/05 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/05 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/05 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/05 01:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/05 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/05 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/06/14 15:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
========== LOP Check ==========
[2011/10/16 09:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/11/05 10:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/20 15:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/07/14 08:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/11/05 10:27:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/15 19:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD-Cloner
[2011/02/26 13:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/12/03 08:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/02/07 10:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/12/18 11:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/01/12 12:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2008/07/27 14:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/18 15:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/08/07 19:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2009/01/06 08:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/10/28 20:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/10/15 12:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2010/08/12 12:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/26 18:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/07 04:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/23 21:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\asoftech
[2011/10/16 08:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG Secure Search
[2011/10/16 08:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG2012
[2010/03/23 08:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG9
[2010/02/18 10:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Azureus
[2008/07/19 14:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/15 19:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\dvd-cloner
[2010/07/20 12:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\FUJIFILM
[2011/05/26 20:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\HandBrake
[2011/11/07 14:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Image Zone Express
[2009/10/21 19:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\MSNInstaller
[2011/08/07 19:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Netscape
[2010/01/18 17:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Nokia
[2010/01/14 22:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\PC Suite
[2011/11/08 09:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\PriceGong
[2011/11/13 22:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\RipIt4Me
[2011/02/26 18:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Sony Online Entertainment
[2009/01/06 08:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Ulead Systems
[2011/10/15 12:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Uniblue
[2011/08/20 15:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Vso
[2010/06/18 10:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Windows Desktop Search
[2010/06/18 17:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Windows Search
[2011/07/23 21:17:34 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\AsoftechAutoClicker_4.job
[2011/12/18 12:59:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6A4810CF-FB95-456B-B035-835C578DDBD1}.job
========== Purity Check ==========
< End of report >
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-18 13:11:36
-----------------------------
13:11:36.906 OS Version: Windows 5.1.2600 Service Pack 3
13:11:36.906 Number of processors: 2 586 0x401
13:11:36.906 ComputerName: PC-ED35CABDA717 UserName: Harrison
13:11:39.625 Initialize success
13:12:09.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:12:09.781 Disk 0 Vendor: WDC_WD800BB-00JHA0 05.01C05 Size: 76319MB BusType: 3
13:12:09.812 Disk 0 MBR read successfully
13:12:09.812 Disk 0 MBR scan
13:12:09.812 Disk 0 Windows XP default MBR code
13:12:09.828 Disk 0 scanning sectors +156280320
13:12:09.921 Disk 0 scanning C:\WINDOWS\system32\drivers
13:12:32.343 Service scanning
13:12:35.468 Modules scanning
13:12:56.765 Disk 0 trace - called modules:
13:12:56.781 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
13:12:56.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a562ab8]
13:12:56.796 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000060[0x8a5c4210]
13:12:56.796 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5c3940]
13:12:56.796 Scan finished successfully
13:14:24.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Harrison\Desktop\MBR.dat"
13:14:24.843 The log file has been saved successfully to "C:\Documents and Settings\Harrison\Desktop\aswMBR.txt"