View Full Version : Need assistance to remove Win32.Delf.uv and Hupigon13 please!
Hi I am Dave and I need help to remove Win32.Delf.uv and Hupigon13. I am Running on a x32bit XP Home SP3, sony VGN-FE31M Laptop.
Spybot S&D indicates I have Win32.Delf.uv and Hupigon13.
When I delete/fix them using Spybot, they reappear the following scan.
My internet has been cut off, I rang my ISP and they said I have a virus which is using all my bandwidth so they cut me off until I get rid off this virus. I have no idea what it could be. (I am using another internet, so I do have access to the internet.)
I have READ "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
I have disabled S&D Resident shield
I have saved my registry with ERUNT.
I have installed HiJackThis.
I have a HJT logfile.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:48:23, on 12/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dave\Desktop\renamed.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/en/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.3
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [VAIO Update 4] "C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: Windows Management Instrumentation Driver Extensions WmiNetDDE (WmiNetDDE) - Unknown owner - C:\WINDOWS\system32\a15p.exe
--
End of file - 9968 bytes
Hello and welcome to Safer Networking
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
I f you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.
1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - download and run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
3 - Status Check
Please reply with
1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
Thanks peku006
Logfile of random's system information tool 1.06 (written by random/random)
Run by Dave at 2009-06-13 07:29:10
Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (32%) free of 76 GB
Total RAM: 1022 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:29:34, on 13/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Dave\Desktop\RSIT.exe
C:\Program Files\trend micro\Dave.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/en/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.3
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [VAIO Update 4] "C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: Windows Management Instrumentation Driver Extensions WmiNetDDE (WmiNetDDE) - Unknown owner - C:\WINDOWS\system32\a15p.exe
--
End of file - 10069 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-05-27 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-27 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-27 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-08 7561216]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-11-17 118784]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"VAIOCameraUtility"=C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe [2005-12-27 69632]
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2006-06-27 217088]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-20 32768]
"Switcher.exe"=C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2006-02-14 176128]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2005-03-03 483328]
"VAIO Update 4"=C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2008-08-24 870240]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-27 136600]
"My Web Search Bar"=rundll32 []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-05-26 414480]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-14 342848]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2006-05-08 81920]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2006-02-02 1753088]
C:\Documents and Settings\Dave\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2006-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Documents and Settings\Dave\Desktop\bittorrent.exe"="C:\Documents and Settings\Dave\Desktop\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Steam\SteamApps\pulg666\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\pulg666\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Disabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Disabled:avgupd.exe"
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Disabled:Blizzard Launcher"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Disabled:Curse Client"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote"
"C:\Program Files\AeriaGames\ProjectTorque\ProjectTorque.bin"="C:\Program Files\AeriaGames\ProjectTorque\ProjectTorque.bin:*:Disabled:Project Torque"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\SteamApps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\WINDOWS\system32\SYS32DLL.exe"="C:\WINDOWS\system32\SYS32DLL.exe:*:Disabled:ENABLE"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Disabled:ENABLE"
"C:\windows\ld08.exe"="C:\windows\ld08.exe:*:Disabled:ENABLE"
"C:\WINDOWS\ehome\ehtray.exe"="C:\WINDOWS\ehome\ehtray.exe:*:Disabled:ENABLE"
"C:\WINDOWS\eHome\ehmsas.exe"="C:\WINDOWS\eHome\ehmsas.exe:*:Disabled:ENABLE"
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe"="C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe:*:Disabled:ENABLE"
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe"="C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe:*:Disabled:ENABLE"
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe"="C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe:*:Disabled:ENABLE"
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe"="C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe:*:Disabled:ENABLE"
"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe:*:Disabled:ENABLE"
"C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe"="C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe:*:Disabled:ENABLE"
"C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe:*:Disabled:ENABLE"
"C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe:*:Disabled:ENABLE"
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe:*:Disabled:ENABLE"
"C:\Program Files\iTunes\iTunesHelper.exe"="C:\Program Files\iTunes\iTunesHelper.exe:*:Disabled:ENABLE"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:ENABLE"
"C:\Program Files\Apoint\Apoint.exe"="C:\Program Files\Apoint\Apoint.exe:*:Disabled:ENABLE"
"C:\Program Files\Apoint\ApntEx.exe"="C:\Program Files\Apoint\ApntEx.exe:*:Disabled:ENABLE"
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe:*:Disabled:ENABLE"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2009-06-13 07:29:10 ----D---- C:\rsit
2009-06-13 07:26:27 ----D---- C:\Documents and Settings\Dave\Application Data\Malwarebytes
2009-06-13 07:26:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-13 07:26:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-12 09:30:50 ----D---- C:\WINDOWS\ERDNT
2009-06-12 09:30:15 ----D---- C:\Program Files\ERUNT
2009-06-12 08:29:48 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-06-12 08:06:41 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-11 12:14:22 ----D---- C:\EmergencyUtils
2009-06-11 11:59:52 ----D---- C:\Program Files\Trend Micro
2009-06-11 11:28:35 ----D---- C:\WINDOWS\pss
2009-06-11 11:00:45 ----D---- C:\Program Files\Alwil Software
2009-06-11 07:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 07:15:25 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-11 07:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 07:14:21 ----A---- C:\WINDOWS\system32\MRT.INI
2009-06-11 07:11:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 07:11:35 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-05-29 16:20:06 ----H---- C:\WINDOWS\freddy44.exe
2009-05-28 17:01:36 ----D---- C:\Documents and Settings\Dave\Application Data\dvdcss
2009-05-27 08:11:56 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-27 08:11:56 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-27 08:11:56 ----A---- C:\WINDOWS\system32\java.exe
2009-05-27 08:11:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-26 09:27:32 ----D---- C:\WINDOWS\system32\sysloc
2009-05-22 16:50:16 ----D---- C:\WINDOWS\system32\121973
2009-05-20 17:46:45 ----D---- C:\WINDOWS\system32\547372
2009-05-20 16:58:41 ----A---- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests Uninstall Log.txt
2009-05-20 07:18:01 ----A---- C:\WINDOWS\st_1242818514.exe
2009-05-20 07:18:01 ----A---- C:\WINDOWS\st_1242813785.exe
2009-05-19 19:04:55 ----RSH---- C:\WINDOWS\system32\a15p.exe
2009-05-14 17:47:04 ----D---- C:\Documents and Settings\Dave\Application Data\MozillaControl
2009-05-14 17:46:24 ----A---- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests Setup Log.txt
======List of files/folders modified in the last 1 months======
2009-06-13 07:26:23 ----D---- C:\WINDOWS\system32\drivers
2009-06-13 07:26:22 ----RD---- C:\Program Files
2009-06-13 07:23:16 ----A---- C:\WINDOWS\ModemLog_Standard 33600 bps Modem.txt
2009-06-13 07:23:12 ----D---- C:\Program Files\Mozilla Firefox
2009-06-13 07:23:10 ----A---- C:\WINDOWS\ModemLog_Standard 33600 bps Modem #2.txt
2009-06-13 07:23:09 ----A---- C:\WINDOWS\ModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt
2009-06-13 07:23:02 ----D---- C:\WINDOWS\Temp
2009-06-13 07:23:02 ----D---- C:\WINDOWS\Registration
2009-06-13 07:22:57 ----D---- C:\WINDOWS
2009-06-13 07:22:49 ----D---- C:\Program Files\DNA
2009-06-13 07:22:49 ----D---- C:\Documents and Settings\Dave\Application Data\DNA
2009-06-12 23:03:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-12 12:10:14 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-12 11:24:18 ----D---- C:\Program Files\Steam
2009-06-12 08:30:09 ----D---- C:\WINDOWS\system32
2009-06-12 07:55:02 ----D---- C:\WINDOWS\Prefetch
2009-06-11 13:24:12 ----SHD---- C:\WINDOWS\Installer
2009-06-11 13:24:08 ----D---- C:\Config.Msi
2009-06-11 13:23:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-11 12:45:39 ----RASH---- C:\boot.ini
2009-06-11 12:45:39 ----A---- C:\WINDOWS\win.ini
2009-06-11 12:45:39 ----A---- C:\WINDOWS\system.ini
2009-06-11 10:15:49 ----HD---- C:\WINDOWS\inf
2009-06-11 07:17:45 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-06-11 07:16:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-11 07:16:29 ----D---- C:\Program Files\Microsoft Works
2009-06-11 07:15:38 ----A---- C:\WINDOWS\imsins.BAK
2009-06-11 07:15:14 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-08 18:55:22 ----D---- C:\Documents and Settings\Dave\Application Data\BitTorrent
2009-06-08 18:52:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-08 18:52:13 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-07 20:54:07 ----RD---- C:\WINDOWS\I386
2009-06-07 20:54:07 ----D---- C:\WINDOWS\Help
2009-06-01 17:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-31 10:29:49 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile USB Modem.txt
2009-05-28 21:05:44 ----D---- C:\WINDOWS\network diagnostic
2009-05-27 20:29:19 ----D---- C:\Documents and Settings\Dave\Application Data\LimeWire
2009-05-27 08:12:21 ----D---- C:\Program Files\LimeWire
2009-05-27 08:11:35 ----D---- C:\Program Files\Java
2009-05-20 07:42:56 ----A---- C:\WINDOWS\WININIT.INI
2009-05-19 22:46:09 ----D---- C:\Program Files\Common Files
2009-05-19 19:22:15 ----D---- C:\Program Files\World of Warcraft
2009-05-18 17:17:41 ----D---- C:\Program Files\Driving Test Success - All Tests (2008-2009)
2009-05-18 17:17:41 ----D---- C:\Documents and Settings\All Users\Application Data\Driving Test Success
2009-05-14 07:41:58 ----RSD---- C:\WINDOWS\assembly
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-04-26 5632]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-22 108767]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-18 202112]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-08 3661312]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 SonyImgF;Sony Image Conversion Filter Driver; C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 30080]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-25 1177032]
R3 ti21sony;ti21sony; C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 226304]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-11-24 47104]
R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-02-03 108928]
R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-12-14 37632]
R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-02-08 62848]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-01-31 39808]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvm321;Sony Visual Communication Camera VGP-VCC1; C:\WINDOWS\System32\Drivers\usbvm321.sys [2005-12-29 234496]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-07-06 176128]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2006-10-02 88960]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2006-10-02 88960]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface; C:\WINDOWS\system32\DRIVERS\ewusbapp.sys [2006-03-28 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface; C:\WINDOWS\system32\DRIVERS\ewusbser.sys [2006-03-28 65152]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-03-28 36736]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2009-05-14 27136]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-11-11 52864]
S3 TSClient;Tatara Protocol Driver; C:\WINDOWS\system32\drivers\tsclient.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-27 152984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-08 143428]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2006-04-13 176128]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
S2 VCI;VAIO Cooporated Initialisation; C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe [2005-01-04 398336]
S2 WmiNetDDE;Windows Management Instrumentation Driver Extensions WmiNetDDE; C:\WINDOWS\system32\a15p.exe [2009-05-19 53248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-04-27 53337]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-04-27 49241]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-04-27 69718]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2006-06-13 2084864]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2006-05-18 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2006-05-18 770048]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2006-06-07 155648]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-18 66872]
S4 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe []
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-06-13 07:29:42
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD836E74-7923-4174-A055-F97CD0F3BB46}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Acrobat 7.0 Elements-->msiexec /I {E5E6E687-1033-0000-0000-000000000002}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Premiere Elements 2.0-->msiexec /I {11C98E1A-EC91-4B38-B44C-C562292D8453}
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Age of Empires III-->"C:\Program Files\InstallShield Installation Information\{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Click to DVD 2.0.03 Menu Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x9 -removeonly
Click to DVD 2.5.30-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x9 -removeonly
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driving Test Success - All Tests (2008-2009)-->"C:\Program Files\Driving Test Success - All Tests (2008-2009)\unins000.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003\HXFSETUP.EXE -U -ISnyHDANk.inf
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Dave\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
InterVideo WinDVD for VAIO-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KhalSetup-->MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
LAN Setting Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5958CAC6-373E-402F-84FE-0A699AA920B9}\setup.exe" -l0x9
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
LimeWire 5.1.3-->"C:\Program Files\LimeWire\uninstall.exe"
MacroMaker-->MsiExec.exe /I{49E9E81A-9CA8-4A76-8AD6-BE7E3B2E1E2A}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.1b3)-->C:\Program Files\Mozilla Firefox 3.1 Beta 3\uninstall\helper.exe
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
OpenMG AAC Add-on Module 1.0.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL
OpenMG Limited Patch 4.5-06-05-12-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.5.01-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Roxio DigitalMedia Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio DigitalMedia Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio DigitalMedia Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung Samples Installer-->"C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Setting Utility Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59452470-A902-477F-9338-9B88101681BD}\setup.exe" -l0x9 UNINSTALL -removeonly
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype 2.0-->"C:\Program Files\Skype\Phone\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VAIO Camera Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1417F599-1DBD-4499-9375-B2813E9F890C}\setup.exe" -l0x9
VAIO Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC37C108-821D-4EDE-8F40-D5B497586805}\setup.exe" -l0x9
VAIO Edit Components 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7C03E84-AF46-42F4-809D-D4127D9086D0}\setup.exe" -l0x9 -removeonly
VAIO Event Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x9
VAIO Hardware Diagnostics-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A947C2B3-7445-42C4-9063-EE704CACCB22}\setup.exe" -l0x9
VAIO Information FLOW-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24960AC2-C413-4A86-B1C1-E4CCADCA44D3}\setup.exe" -l0x9 -removeonly
VAIO Media 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Registration Tool 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Online Registration (English)-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{668B1BD6-4593-4959-970E-249AFFE6F35C} /l1033
VAIO Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E319E96-ED8E-4B01-9775-C521A1869A25}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Update 4-->"C:\Program Files\InstallShield Installation Information\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}\setup.exe" -runfromtemp -l0x0009 -removeonly
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server-->MsiExec.exe /I{85DD724B-15E5-4572-81BF-CF9031D83848}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodafone Mobile Connect Lite Runtime Components-->MsiExec.exe /X{B2974D26-9080-4FA4-B344-DA2D314F41DC}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireless LAN Starter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}\setup.exe" -l0x9
Wireless Switch Setting Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\Setup.exe" -l0x9
======Hosts File======
127.0.0.1 localhost
127.0.0.1 187ci.com
127.0.0.1 www.187ci.com
127.0.0.1 bf2hacks.com
127.0.0.1 www.bf2hacks.com
127.0.0.1 bf2hacks.net
127.0.0.1 www.bf2hacks.net
127.0.0.1 sourceindustries.net
127.0.0.1 www.sourceindustries.net
127.0.0.1 mdk-enterprises.com
======Security center information======
AV: AVG Anti-Virus Free
FW: Norton Internet Worm Protection (disabled)
======System event log======
Computer Name: YOUR-BF74EFDC96
Event Code: 7000
Message: The avast! Antivirus service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 100
Source Name: Service Control Manager
Time Written: 20090602125708.000000+060
Event Type: error
User:
Computer Name: YOUR-BF74EFDC96
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect.
Record Number: 99
Source Name: Service Control Manager
Time Written: 20090602125708.000000+060
Event Type: error
User:
Computer Name: YOUR-BF74EFDC96
Event Code: 7000
Message: The avast! iAVS4 Control Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 98
Source Name: Service Control Manager
Time Written: 20090602125708.000000+060
Event Type: error
User:
Computer Name: YOUR-BF74EFDC96
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the avast! iAVS4 Control Service service to connect.
Record Number: 97
Source Name: Service Control Manager
Time Written: 20090602125708.000000+060
Event Type: error
User:
Computer Name: YOUR-BF74EFDC96
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 92
Source Name: Tcpip
Time Written: 20090602080329.000000+060
Event Type: warning
User:
=====Application event log=====
Computer Name: YOUR-BF74EFDC96
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 91
Source Name: usnjsvc
Time Written: 20090601182101.000000+060
Event Type:
User:
Computer Name: YOUR-BF74EFDC96
Event Code: 1000
Message: Faulting application BN3.tmp, version 0.0.0.0, faulting module BN3.tmp, version 0.0.0.0, fault address 0x00001231.
Record Number: 86
Source Name: Application Error
Time Written: 20090601134151.000000+060
Event Type: error
User:
Computer Name: YOUR-BF74EFDC96
Event Code: 1000
Message:
Record Number: 50
Source Name: Windows Live Messenger
Time Written: 20090528184954.000000+060
Event Type: error
User:
Computer Name: YOUR-BF74EFDC96
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 35
Source Name: usnjsvc
Time Written: 20090528095936.000000+060
Event Type:
User:
Computer Name: YOUR-BF74EFDC96
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 18
Source Name: usnjsvc
Time Written: 20090527132722.000000+060
Event Type:
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.37
Database version: 2271
Windows 5.1.2600 Service Pack 3
13/06/2009 16:34:28
mbam-log-2009-06-13 (16-34-28).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 212183
Time elapsed: 1 hour(s), 1 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 107
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 56
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31c2a4cc-289d-442a-950c-b33b1b06522b} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9e263d08-4127-4b99-9043-4fb044e6fcbc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASecurityCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\121973 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\547372 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysloc (Trojan.BHO) -> Quarantined and deleted successfully.
Files Infected:
c:\program files\msn messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\msn messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP506\A0359847.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP509\A0359990.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP511\A0361124.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362264.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362265.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362266.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362267.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362270.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362274.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362275.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362277.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362282.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362283.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362284.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362285.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362286.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362287.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362289.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362290.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362291.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362292.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362293.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362294.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362295.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362303.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362304.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP513\A0362305.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP529\A0383003.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP531\A0384871.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP531\A0384872.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b5316c8-2225-4f3a-a9b8-80f50bdf71d0}\RP531\A0384873.dll (Worm.Koobface) -> Quarantined and deleted successfully.
c:\WINDOWS\freddy44.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\st_1242813785.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\st_1242818514.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\sto452730.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto452366.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto452381.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto452390.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto452688.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto452712.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto452713.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto452714.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto452715.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto452738.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto452739.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto452856.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto453148.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto453224.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto453250.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto453251.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
Hi Dave
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
LimeWire
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply
Thanks peku006
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat 7.0 Elements
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Premiere Elements 2.0
Adobe Reader 7.0
Adobe Reader 7.0.5
Adobe Reader 8.1.2
Age of Empires III
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Bluetooth Stack for Windows by Toshiba
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.30
Counter-Strike: Source
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Driving Test Success - All Tests (2008-2009)
ERUNT 1.1j
GIMP 2.6.4
Google Toolbar for Firefox
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD for VAIO
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 11
KhalSetup
LAN Setting Utility
Left 4 Dead
MacroMaker
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
mIRC
Mozilla Firefox (3.0.11)
Mozilla Firefox (3.1b3)
mProSafe
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
NVIDIA Drivers
Office 2003 Trial Assistant
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
QuickTime
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Setting Utility Series
SigmaTel Audio
Skype 2.0
Spybot - Search & Destroy
Steam
TeamSpeak 2 RC2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VAIO Camera Utility
VAIO Control Center
VAIO Edit Components 6.0
VAIO Event Service
VAIO Hardware Diagnostics
VAIO Information FLOW
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Online Registration (English)
VAIO Power Management
VAIO Update 4
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Ventrilo Server
VLC media player 0.9.8a
Vodafone Mobile Connect Lite Runtime Components
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
Wireless LAN Starter
Wireless Switch Setting Utility
Hi Dave
1 - Download and Run ComboFix
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you
Please include the C:\ComboFix.txt in your next reply for further review.
2 - Status Check
Please reply with
1. the ComboFix log(C:\ComboFix.txt)
Thanks peku006
Ok, I disabled my anti-virus which is avast! Pro. but when I run ComboFix it says I have AVG FREE running and I need to disable it... but I have uninstalled it and I can not find any folders with AVG but it still says I have AVG...
Hi Dave
Dowload and save AVG Remover (http://www.avg.com/download-tools) on to your desktop
Run it to remove AVG. After this, please restart your compute, and try combofix again
Thanks peku006
Hi, ok I did it and it did not seem to work... here is the report I got.
2009-06-14 18:52:53,937 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2009-06-14 18:52:53,937 WARN AvgDir param empty.
2009-06-14 18:52:53,937 WARN AvgDataDir param empty.
2009-06-14 18:52:54,875 INFO AvgRemover runs in attempt number 1
2009-06-14 18:52:54,875 INFO ***** Services *****
2009-06-14 18:52:54,875 INFO Processing service avg8emc
2009-06-14 18:52:54,890 INFO Service avg8emc is not installed
2009-06-14 18:52:54,890 DEBUG Service avg8emc RegCleanup
2009-06-14 18:52:54,890 DEBUG Registry keys for service avg8emc are not present
2009-06-14 18:52:54,890 INFO Processing service avgfws8
2009-06-14 18:52:54,890 INFO Service avgfws8 is not installed
2009-06-14 18:52:54,890 DEBUG Service avgfws8 RegCleanup
2009-06-14 18:52:54,890 DEBUG Registry keys for service avgfws8 are not present
2009-06-14 18:52:54,890 INFO Processing service avg8wd
2009-06-14 18:52:54,890 INFO Service avg8wd is not installed
2009-06-14 18:52:54,890 DEBUG Service avg8wd RegCleanup
2009-06-14 18:52:54,890 DEBUG Registry keys for service avg8wd are not present
2009-06-14 18:52:54,890 INFO Processing service AvgMfx86
2009-06-14 18:52:54,890 INFO Service AvgMfx86 is not installed
2009-06-14 18:52:54,890 DEBUG Service AvgMfx86 RegCleanup
2009-06-14 18:52:54,890 DEBUG Registry keys for service AvgMfx86 are not present
2009-06-14 18:52:54,890 INFO Processing service AvgMfx64
2009-06-14 18:52:54,890 INFO Service AvgMfx64 is not installed
2009-06-14 18:52:54,890 DEBUG Service AvgMfx64 RegCleanup
2009-06-14 18:52:54,890 DEBUG Registry keys for service AvgMfx64 are not present
2009-06-14 18:52:54,890 INFO Processing service AvgLdx86
2009-06-14 18:52:54,890 INFO Service AvgLdx86 is not installed
2009-06-14 18:52:54,890 DEBUG Service AvgLdx86 RegCleanup
2009-06-14 18:52:54,890 DEBUG Registry keys for service AvgLdx86 are not present
2009-06-14 18:52:54,890 INFO Processing service AvgLdx64
2009-06-14 18:52:54,890 INFO Service AvgLdx64 is not installed
2009-06-14 18:52:54,890 DEBUG Service AvgLdx64 RegCleanup
2009-06-14 18:52:54,890 DEBUG Registry keys for service AvgLdx64 are not present
2009-06-14 18:52:54,890 INFO Processing service AvgTdiX
2009-06-14 18:52:54,890 INFO Service AvgTdiX is not installed
2009-06-14 18:52:54,890 DEBUG Service AvgTdiX RegCleanup
2009-06-14 18:52:54,890 DEBUG Registry keys for service AvgTdiX are not present
2009-06-14 18:52:54,890 INFO Processing service AvgTdiA
2009-06-14 18:52:54,890 INFO Service AvgTdiA is not installed
2009-06-14 18:52:54,890 DEBUG Service AvgTdiA RegCleanup
2009-06-14 18:52:54,890 DEBUG Registry keys for service AvgTdiA are not present
2009-06-14 18:52:54,890 INFO Processing service AvgWFPx
2009-06-14 18:52:54,890 INFO Service AvgWFPx is not installed
2009-06-14 18:52:54,890 DEBUG Service AvgWFPx RegCleanup
2009-06-14 18:52:54,890 DEBUG Registry keys for service AvgWFPx are not present
2009-06-14 18:52:54,890 INFO Processing service AvgWFPa
2009-06-14 18:52:54,890 INFO Service AvgWFPa is not installed
2009-06-14 18:52:54,890 DEBUG Service AvgWFPa RegCleanup
2009-06-14 18:52:54,890 DEBUG Registry keys for service AvgWFPa are not present
2009-06-14 18:52:54,890 INFO Processing service AvgRkx86
2009-06-14 18:52:54,890 INFO Service AvgRkx86 is not installed
2009-06-14 18:52:54,890 DEBUG Service AvgRkx86 RegCleanup
2009-06-14 18:52:54,890 DEBUG Registry keys for service AvgRkx86 are not present
2009-06-14 18:52:54,890 INFO ***** Registry keys and values *****
2009-06-14 18:52:54,890 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2009-06-14 18:52:54,890 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove
2009-06-14 18:52:54,890 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} is not present
2009-06-14 18:52:54,890 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2009-06-14 18:52:54,890 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove
2009-06-14 18:52:54,890 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} is not present
2009-06-14 18:52:54,890 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt
2009-06-14 18:52:54,890 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove
2009-06-14 18:52:54,890 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found
2009-06-14 18:52:54,890 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms
2009-06-14 18:52:54,890 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove
2009-06-14 18:52:54,890 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found
2009-06-14 18:52:54,890 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2009-06-14 18:52:54,890 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2009-06-14 18:52:54,890 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2009-06-14 18:52:54,890 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2009-06-14 18:52:54,890 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2009-06-14 18:52:54,890 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2009-06-14 18:52:54,890 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}
2009-06-14 18:52:54,890 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove
2009-06-14 18:52:54,890 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found
2009-06-14 18:52:54,890 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2009-06-14 18:52:54,890 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove
2009-06-14 18:52:54,890 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension is not present
2009-06-14 18:52:54,890 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2009-06-14 18:52:54,890 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove
2009-06-14 18:52:54,890 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension is not present
2009-06-14 18:52:54,890 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2009-06-14 18:52:54,890 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify
2009-06-14 18:52:54,890 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs doesn't need to be modified
2009-06-14 18:52:54,890 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2009-06-14 18:52:54,890 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2009-06-14 18:52:54,890 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2009-06-14 18:52:54,890 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2009-06-14 18:52:54,890 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2009-06-14 18:52:54,890 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2009-06-14 18:52:54,890 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2009-06-14 18:52:54,890 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2009-06-14 18:52:54,890 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2009-06-14 18:52:54,906 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2009-06-14 18:52:54,906 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2009-06-14 18:52:54,906 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove
2009-06-14 18:52:54,906 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\Classes\.avgdi
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Classes\.avgdi not found
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\AVG\Clients
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\AVG\Clients ForceRemove
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\AVG\Clients not found
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\AVG\AVG8
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\AVG\AVG8 not found
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\AVG
2009-06-14 18:52:54,906 DEBUG Value SOFTWARE\AVG:DumpType Remove
2009-06-14 18:52:54,906 DEBUG Value SOFTWARE\AVG:DumpType not present - Key not found
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\AVG
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\AVG Remove
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\AVG not found
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\AVG\AVG8
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\AVG\AVG8 not found
2009-06-14 18:52:54,906 INFO Processing registry SOFTWARE\AVG
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\AVG Remove
2009-06-14 18:52:54,906 DEBUG Key SOFTWARE\AVG not found
2009-06-14 18:52:54,906 INFO Processing registry aAvgAPI.AvgBro
2009-06-14 18:52:54,906 DEBUG Key aAvgAPI.AvgBro ForceRemove
2009-06-14 18:52:54,906 DEBUG Key aAvgAPI.AvgBro not found
2009-06-14 18:52:54,906 INFO Processing registry AVG.Office
2009-06-14 18:52:54,906 DEBUG Key AVG.Office ForceRemove
2009-06-14 18:52:54,906 DEBUG Key AVG.Office not found
2009-06-14 18:52:54,906 INFO Processing registry AVG.Office.8
2009-06-14 18:52:54,906 DEBUG Key AVG.Office.8 ForceRemove
2009-06-14 18:52:54,906 DEBUG Key AVG.Office.8 not found
2009-06-14 18:52:54,906 INFO Processing registry avgtoolbar.AVGTOOLBAR
2009-06-14 18:52:54,906 DEBUG Key avgtoolbar.AVGTOOLBAR ForceRemove
2009-06-14 18:52:54,906 DEBUG Key avgtoolbar.AVGTOOLBAR not found
2009-06-14 18:52:54,906 INFO Processing registry avgtoolbar.AVGTOOLBARMenu Button
2009-06-14 18:52:54,906 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button ForceRemove
2009-06-14 18:52:54,906 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button not found
2009-06-14 18:52:54,906 INFO Processing registry avgtoolbar.AVGTOOLBARToggle Button
2009-06-14 18:52:54,906 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button ForceRemove
2009-06-14 18:52:54,906 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button not found
2009-06-14 18:52:54,906 INFO Processing registry LinkScannerIE.NavFilter
2009-06-14 18:52:54,906 DEBUG Key LinkScannerIE.NavFilter ForceRemove
2009-06-14 18:52:54,906 DEBUG Key LinkScannerIE.NavFilter not found
2009-06-14 18:52:54,906 INFO Processing registry LinkScannerIE.NavFilter.1
2009-06-14 18:52:54,906 DEBUG Key LinkScannerIE.NavFilter.1 ForceRemove
2009-06-14 18:52:54,906 DEBUG Key LinkScannerIE.NavFilter.1 not found
2009-06-14 18:52:54,906 INFO Processing registry CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}
2009-06-14 18:52:54,906 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} ForceRemove
2009-06-14 18:52:54,906 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} not found
2009-06-14 18:52:54,906 INFO Processing registry CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A}
2009-06-14 18:52:54,906 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} ForceRemove
2009-06-14 18:52:54,906 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} not found
2009-06-14 18:52:54,906 INFO Processing registry CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
2009-06-14 18:52:54,906 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ForceRemove
2009-06-14 18:52:54,906 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} not found
2009-06-14 18:52:54,906 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2009-06-14 18:52:54,906 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2009-06-14 18:52:54,906 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2009-06-14 18:52:54,906 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2009-06-14 18:52:54,906 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2009-06-14 18:52:54,906 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2009-06-14 18:52:54,906 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}
2009-06-14 18:52:54,906 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} ForceRemove
2009-06-14 18:52:54,906 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} not found
2009-06-14 18:52:54,906 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
2009-06-14 18:52:54,906 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} ForceRemove
2009-06-14 18:52:54,906 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} not found
2009-06-14 18:52:54,906 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
2009-06-14 18:52:54,906 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} ForceRemove
2009-06-14 18:52:54,906 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} not found
2009-06-14 18:52:54,906 INFO Processing registry CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
2009-06-14 18:52:54,906 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} ForceRemove
2009-06-14 18:52:54,906 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} not found
2009-06-14 18:52:54,906 INFO Processing registry Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D}
2009-06-14 18:52:54,906 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} ForceRemove
2009-06-14 18:52:54,906 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} not found
2009-06-14 18:52:54,906 INFO Processing registry Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C}
2009-06-14 18:52:54,906 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} ForceRemove
2009-06-14 18:52:54,906 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} not found
2009-06-14 18:52:54,906 INFO Processing registry TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30}
2009-06-14 18:52:54,906 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} ForceRemove
2009-06-14 18:52:54,906 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} not found
2009-06-14 18:52:54,906 INFO Processing registry TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}
2009-06-14 18:52:54,906 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} ForceRemove
2009-06-14 18:52:54,906 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} not found
2009-06-14 18:52:54,906 INFO Processing registry TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}
2009-06-14 18:52:54,906 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} ForceRemove
2009-06-14 18:52:54,906 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} not found
2009-06-14 18:52:54,906 INFO ***** Files and folders *****
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 0
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 1
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 2
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 3
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 4
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 5
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 6
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 7
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 8
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 9
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 10
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 11
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 12
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 13
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 14
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 15
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 16
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 17
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 18
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 19
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 20
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 21
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 22
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 23
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 24
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 25
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 26
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 27
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 28
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 29
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 30
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 31
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 32
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 33
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 34
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 35
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 36
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 37
2009-06-14 18:52:54,906 DEBUG Missing ParentDir path for fileItem number 38
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 39
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 40
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 41
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 42
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 43
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 44
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 45
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 46
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 47
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 48
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 49
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 50
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 51
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 52
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 53
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 54
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 55
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 56
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 57
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 58
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 59
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 60
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 61
2009-06-14 18:52:54,921 DEBUG Missing ParentDir path for fileItem number 62
2009-06-14 18:52:54,921 DEBUG Processing item C:\Documents and Settings\Dave\Application Data\AVGTOOLBAR
2009-06-14 18:52:54,921 INFO Directory C:\Documents and Settings\Dave\Application Data\AVGTOOLBAR not found
2009-06-14 18:52:54,921 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-06-14 18:52:54,921 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-06-14 18:52:54,921 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-06-14 18:52:54,921 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-06-14 18:52:54,921 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-06-14 18:52:54,921 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-06-14 18:52:54,921 DEBUG Processing item C:\WINDOWS\System32\Drivers\avg
2009-06-14 18:52:54,921 INFO Directory C:\WINDOWS\System32\Drivers\avg not found
2009-06-14 18:52:54,921 DEBUG Processing item C:\WINDOWS\System32
2009-06-14 18:52:54,921 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0
2009-06-14 18:52:54,921 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0 not found
2009-06-14 18:52:54,921 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0
2009-06-14 18:52:54,921 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0 not found
2009-06-14 18:52:54,921 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk
2009-06-14 18:52:54,921 INFO File C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk not found
2009-06-14 18:52:54,921 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk
2009-06-14 18:52:54,921 INFO File C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk not found
2009-06-14 18:52:54,921 DEBUG Processing item C:\Program Files\AVG
2009-06-14 18:52:54,921 INFO Directory C:\Program Files\AVG not found
2009-06-14 18:52:54,921 INFO ***** Avg Fw NDIS driver *****
2009-06-14 18:52:55,406 INFO FW NDIS driver not present
And Combofix still detects AVG :/
Hi Dave
SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
*AVG*
:folderfind
*AVG*
:regfind
AVG
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
Thanks peku006
SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 08:12 on 15/06/2009 by Dave (Administrator - Elevation successful)
========== filefind ==========
Searching for "*AVG*"
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgcfg.log --a--- 687356 bytes [10:02 01/02/2009] [18:17 01/02/2009] B54ACE8409E7A084ADFC185A6974F87E
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgcfg.log.lock --a--- 0 bytes [10:02 01/02/2009] [10:02 01/02/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgcore.log --a--- 502466 bytes [10:02 01/02/2009] [18:17 01/02/2009] 902E0F94B4249D146BB98E8E6AFC0CCD
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgcore.log.1 --a--- 1024460 bytes [10:02 01/02/2009] [11:04 01/02/2009] CFD8A2D197FC86070DAEF5513FF1DCE2
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgcore.log.2 --a--- 1024212 bytes [10:02 01/02/2009] [10:50 01/02/2009] 9126D10EC36AA6B92EF568A9DB201D1D
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgcore.log.3 --a--- 1024306 bytes [10:02 01/02/2009] [10:32 01/02/2009] 64A5392051E9DFD3E70B9813521D2E0C
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgcore.log.4 --a--- 1025542 bytes [10:02 01/02/2009] [13:37 01/02/2009] E6481E2A1EB7BD4997854EA2FDAFC9F5
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgcore.log.lock --a--- 0 bytes [10:02 01/02/2009] [10:02 01/02/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgfrw.log --a--- 838 bytes [10:13 01/02/2009] [10:14 01/02/2009] 3A1EAE4FB4320F3B0790A8379E43D2E7
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgfrw.log.lock --a--- 0 bytes [10:13 01/02/2009] [10:13 01/02/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgldr.log --a--- 4618 bytes [10:02 01/02/2009] [14:27 01/02/2009] 705C59E29E60B3964FEC464FBCF82BDF
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgldr.log.lock --a--- 0 bytes [10:02 01/02/2009] [10:02 01/02/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avglng.log --a--- 69278 bytes [10:02 01/02/2009] [15:19 01/02/2009] D11333DF89A11F9F3D12863FF4C7E2C7
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avglng.log.lock --a--- 0 bytes [10:02 01/02/2009] [10:02 01/02/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgns.log --a--- 137260 bytes [10:02 01/02/2009] [14:28 01/02/2009] 72016911E1F6483EAAE31371AA245D38
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgns.log.lock --a--- 0 bytes [10:02 01/02/2009] [10:02 01/02/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgrs.log --a--- 717964 bytes [10:02 01/02/2009] [14:28 01/02/2009] 6FEC3CDC0383558FEC3EDF56D99F2C67
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgrs.log.lock --a--- 0 bytes [10:02 01/02/2009] [10:02 01/02/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgscan.log --a--- 33976 bytes [10:07 01/02/2009] [11:08 01/02/2009] 20B529705FA01D34A3CAA32163247716
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgscan.log.lock --a--- 0 bytes [10:07 01/02/2009] [10:07 01/02/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgsched.log --a--- 297336 bytes [10:14 01/02/2009] [18:17 01/02/2009] C3211832C3DAFA5FB91842AFBE99A107
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgsched.log.lock --a--- 0 bytes [10:14 01/02/2009] [10:14 01/02/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgsrm.log --a--- 9568 bytes [10:06 01/02/2009] [15:15 01/02/2009] 2E096805B3F62F9ACA3BDB6C2F687163
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgsrm.log.lock --a--- 0 bytes [10:06 01/02/2009] [10:06 01/02/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgui.log --a--- 10512 bytes [10:03 01/02/2009] [18:16 01/02/2009] 6395F47FCAE4C62B519D55D6B2DABF33
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgui.log.lock --a--- 0 bytes [10:03 01/02/2009] [10:03 01/02/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgupd.log --a--- 334612 bytes [10:06 01/02/2009] [10:07 01/02/2009] 975F081DC046D1296E8590087211B117
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgupd.log.lock --a--- 0 bytes [10:06 01/02/2009] [10:06 01/02/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgwd.log --a--- 476808 bytes [10:02 01/02/2009] [18:17 01/02/2009] B026D0066AA8F14A7759FFA91755E05C
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgwd.log.lock --a--- 0 bytes [10:02 01/02/2009] [10:02 01/02/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgwdsvc.log --a--- 255014 bytes [10:02 01/02/2009] [18:17 01/02/2009] 2B6E3E2A977827F1AFB9EF61318AFDE9
C:\Documents and Settings\All Users\Application Data\Avg8\Log\avgwdsvc.log.lock --a--- 0 bytes [10:02 01/02/2009] [10:02 01/02/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\All Users\Application Data\Avg8\update\download(2)\avginfoavi.ctf --a--- 2378 bytes [22:00 31/01/2009] [10:06 01/02/2009] 91C018532C4F2F4188625B36113A7CD7
C:\Documents and Settings\All Users\Application Data\Avg8\update\download(2)\avginfowin.ctf --a--- 6237 bytes [22:00 31/01/2009] [10:06 01/02/2009] 0281C853EF43BE47412866A1EA6B3B8C
C:\Documents and Settings\Dave\Desktop\avgremover.exe --a--- 693528 bytes [18:37 14/06/2009] [18:37 14/06/2009] 576360EEFE2580815A7FB923E05875C4
C:\Documents and Settings\Dave\Desktop\avgremover.log --a--- 50522 bytes [18:37 14/06/2009] [18:52 14/06/2009] 95705E67DB4EE2C1E711C6D0811132DD
C:\Documents and Settings\Dave\Desktop\avg_avwt_stb_all_8_25.exe --a--- 843952 bytes [18:42 14/06/2009] [18:42 14/06/2009] 1E8048AA2BD30D38DCEFAD4D84D3344D
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Messenger\perry--@hotmail.co.uk\ObjectStore\UserTile\c4htsTJP8E4Aj7lLNgcoavgW2Fxk=.dt2 --a--c 2015 bytes [17:24 09/11/2008] [17:24 09/11/2008] B82F0F77EC98FAC86C5E348E5F4F8F14
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Messenger\perry--@hotmail.co.uk\ObjectStore\UserTile\c4htsTJP8E4Aj7lLNgcoavgW2Fxk=.id2 --a--- 432 bytes [17:24 09/11/2008] [17:24 09/11/2008] 39A44F64C687EDD3696C5FAA19F4F783
C:\Documents and Settings\Dave\Local Settings\Temp\avg8inst.log --a--- 65081 bytes [18:51 14/06/2009] [18:51 14/06/2009] 5A0E3460B19A10BD34F6BB464DF8F8C3
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\avg8.stb --a--- 478 bytes [18:42 14/06/2009] [18:42 14/06/2009] D39A9BC8317E00D91B198E7CDF8E937B
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\avg8free.stb --a--- 365 bytes [18:42 14/06/2009] [18:42 14/06/2009] D8C6C16601B7A4AAFBB1B0427C2F294F
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\avgdm85_files_pro_0364.lst --a--- 3500 bytes [18:42 14/06/2009] [18:42 14/06/2009] 50A033D1A44CA097A9869CCF5962F2AB
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\avgdm85_packmap_pro_0364.dat --a--- 3710 bytes [18:42 14/06/2009] [18:42 14/06/2009] 03C4BECE28AC75CA7DD147F88E1F81C8
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\avgdm85_prodmap_free_0364.dat --a--- 2869 bytes [18:42 14/06/2009] [18:42 14/06/2009] 57DA1154A9914892E5524DC39D502CE5
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\avgdm85_prodmap_pro_0364.dat --a--- 2864 bytes [18:42 14/06/2009] [18:42 14/06/2009] 144FD090E1DB52B51E74F460571D8545
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgabout.dll --a--- 1204504 bytes [18:46 14/06/2009] [18:46 14/06/2009] 1B284C281FB9A0E9B63BCC872439E9FE
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgamnot.dll --a--- 274200 bytes [18:46 14/06/2009] [18:46 14/06/2009] 3E4E5A114633A990F782E13B7409DCC3
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgapix.dll --a--- 1262872 bytes [18:46 14/06/2009] [18:46 14/06/2009] 81175A54EF8DE21974CC88DF6B42725D
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgatend.stp --a--- 2552 bytes [18:46 14/06/2009] [18:46 14/06/2009] 9E0962E2EF11432F2ED04FB03E8EC828
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgatupd.stp --a--- 1184 bytes [18:46 14/06/2009] [18:46 14/06/2009] 27EB259B71CC8F4EED49D13DDD90D319
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgcfgex.exe --a--- 730392 bytes [18:46 14/06/2009] [18:46 14/06/2009] 5C4613B218AB7CFA224DECA9631FCD2E
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgcfgx.dll --a--- 829208 bytes [18:46 14/06/2009] [18:46 14/06/2009] 77603581289BA93240970A48D2130A41
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgcmgr.exe --a--- 824600 bytes [18:46 14/06/2009] [18:46 14/06/2009] 03F1AD363D199D62986865EF91B269A8
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgdumpx.exe --a--- 100120 bytes [18:46 14/06/2009] [18:46 14/06/2009] 463039346686F0E63768E2E6AEC1FC8C
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgfinst.dat --a--- 371200 bytes [18:46 14/06/2009] [18:46 14/06/2009] C7D8D3AAD942D5DD4D4AFD4D51D8165E
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgfrw.exe --a--- 1213720 bytes [18:46 14/06/2009] [18:46 14/06/2009] FF825C3F015D926AA64A091EA40ADEB7
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avginet.dll --a--- 755992 bytes [18:46 14/06/2009] [18:46 14/06/2009] 4DC2963EEAF19AB024B4F3A01A59F3FA
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgiproxy.exe --a--- 587032 bytes [18:46 14/06/2009] [18:46 14/06/2009] 1B08EA020FE9E2D3AB58B3CE09231A3C
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgldx86.sys --a--- 327688 bytes [18:46 14/06/2009] [18:46 14/06/2009] 09B69F6CCE81C289F80F12DCBFFF7057
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avglngx.dll --a--- 310528 bytes [18:46 14/06/2009] [18:46 14/06/2009] D6F3FFDD2F45AF881888568448B87A5D
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avglogx.dll --a--- 337176 bytes [18:46 14/06/2009] [18:46 14/06/2009] 1CDD21DEF831F47E1B804A0B9DCB7E71
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avglvex.dll --a--- 161048 bytes [18:46 14/06/2009] [18:46 14/06/2009] A775DE811F6D5DE70FB82EA925811442
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgnsx.exe --a--- 594712 bytes [18:46 14/06/2009] [18:46 14/06/2009] 8F97675F10D4AF073FCFAB85ACEA1906
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgpp.dll --a--- 79128 bytes [18:46 14/06/2009] [18:46 14/06/2009] 8DA8F11EB96C30841EF31E0E20E63C83
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgresf.dll --a--- 2167576 bytes [18:46 14/06/2009] [18:46 14/06/2009] EC64B1F69AEC8F084BF63E9B9B7C8132
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgsched.dll --a--- 531736 bytes [18:46 14/06/2009] [18:46 14/06/2009] E00E00EFC9E0C69465455F5C96B7DCFB
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgsrmax.exe --a--- 341272 bytes [18:46 14/06/2009] [18:46 14/06/2009] 910AA313D693DF9C7CDF50D32CCF364C
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgsrmx.dll --a--- 681240 bytes [18:46 14/06/2009] [18:46 14/06/2009] 8DF8D6C96DFDE9DCEA1AD6BD5AFF3C20
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgssff.dll --a--- 1033496 bytes [18:46 14/06/2009] [18:46 14/06/2009] 2E77B541B071F01257332A1623ADC685
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgssie.dll --a--- 1107224 bytes [18:46 14/06/2009] [18:46 14/06/2009] 0E973A31F29162137959DBD4B07D38C9
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgtbapi.dll --a--- 493336 bytes [18:46 14/06/2009] [18:46 14/06/2009] 30766EFF0A7A5DE26C2A5FC9FCD27FBF
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgtdix.sys --a--- 108552 bytes [18:46 14/06/2009] [18:46 14/06/2009] 92D8E1E8502E649B60E70074EB29C380
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgtray.exe --a--- 1948440 bytes [18:46 14/06/2009] [18:46 14/06/2009] 2588B441E5B22691E0610CF710865441
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgui.exe --a--- 3402008 bytes [18:46 14/06/2009] [18:46 14/06/2009] 648A1393B4C5902F6EDE709B3C33DD97
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avguiadv.dll --a--- 2301208 bytes [18:46 14/06/2009] [18:46 14/06/2009] B74DCD7F6058CEB9DB8B6FB362422CEC
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avguilog.cfg --a--- 1219 bytes [18:46 14/06/2009] [18:46 14/06/2009] CE35DEEBE791E4DFBBF7BF6B8EE48400
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avguires.dll --a--- 2807576 bytes [18:46 14/06/2009] [18:46 14/06/2009] 40F0A11B9BF81AAC618FDCF30F7CDD5C
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgupd.dll --a--- 1452312 bytes [18:46 14/06/2009] [18:46 14/06/2009] 4E0A517E816E05FC3A654E3F74A54030
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgupd.exe --a--- 1085208 bytes [18:46 14/06/2009] [18:46 14/06/2009] 25C3B9CE6D5CE3D061E2670AAF14E94C
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgwd.dll --a--- 1261344 bytes [18:46 14/06/2009] [18:46 14/06/2009] 41174B86959241F7069629F4BBAB1A14
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgwdsvc.exe --a--- 298776 bytes [18:46 14/06/2009] [18:46 14/06/2009] BFC093C2DDDE8FCE5DA078E663B4515B
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\51\avgxpl.dll --a--- 1013016 bytes [18:46 14/06/2009] [18:46 14/06/2009] 58CB45F5F863F0A608211905288FB4BF
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_004.pack --a--- 330444 bytes [18:42 14/06/2009] [18:42 14/06/2009] C4A9E57B4A86D2EE5B20E6C14CF09A64
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_009.pack --a--- 93094 bytes [18:42 14/06/2009] [18:42 14/06/2009] 7AC6F7E43868BF8610BD96A2A331166C
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_010.pack --a--- 2308232 bytes [18:42 14/06/2009] [18:42 14/06/2009] 2C3D2A36557563DB160D528D441103CD
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_012.pack --a--- 313322 bytes [18:42 14/06/2009] [18:42 14/06/2009] 902DE965674E4596E7A7D7A2CAE9D7EE
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_013.pack --a--- 102374 bytes [18:42 14/06/2009] [18:42 14/06/2009] C0ACE4A3BC52CCB8DBC9685967CD4BC4
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_014.pack --a--- 197471 bytes [18:42 14/06/2009] [18:42 14/06/2009] 5ACF07B7D535869B73A863F5218043D7
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_018.pack --a--- 96809 bytes [18:42 14/06/2009] [18:42 14/06/2009] 13C4778E61EFCD83BD9968D04E2412C0
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_020.pack --a--- 6832 bytes [18:42 14/06/2009] [18:42 14/06/2009] 2B7099917E186A4F81A844289800BB6C
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_021.pack --a--- 1135058 bytes [18:42 14/06/2009] [18:42 14/06/2009] 190DFDD26BF43F8967DD094ED454224D
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_022.pack --a--- 807190 bytes [18:42 14/06/2009] [18:42 14/06/2009] 0BC8FA05ACC490BEE57FC325E409BF25
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_023.pack --a--- 132574 bytes [18:42 14/06/2009] [18:42 14/06/2009] 22CBD7339E4467DDF45E3FB0910D7D6E
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_024.pack --a--- 197324 bytes [18:42 14/06/2009] [18:42 14/06/2009] C59F124036E7D488AC2AE3AFE3F14870
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_025.pack --a--- 404 bytes [18:42 14/06/2009] [18:42 14/06/2009] 657C1C10BA81013105E52C9F59AD9586
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_026.pack --a--- 1520 bytes [18:42 14/06/2009] [18:42 14/06/2009] 05F682A775FDA1776C29EA85D75D5C69
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_029.pack --a--- 66018 bytes [18:42 14/06/2009] [18:42 14/06/2009] A2878CD776A59A6101C487A51495371A
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_032.pack --a--- 109687 bytes [18:42 14/06/2009] [18:42 14/06/2009] 55727D5B0069D3C4F4076FAC56D1A8AA
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_033.pack --a--- 655608 bytes [18:42 14/06/2009] [18:42 14/06/2009] 0903EDE32B2C533E387BFA9E6E90F9D7
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_049.pack --a--- 833152 bytes [18:42 14/06/2009] [18:42 14/06/2009] A8621B6A042B9C58CAEA6FA974B66C3E
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_050.pack --a--- 479665 bytes [18:42 14/06/2009] [18:42 14/06/2009] 504F1A8442A9E87C22771BB52D12DA01
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_051.pack --a--- 13330512 bytes [18:42 14/06/2009] [18:43 14/06/2009] 9102DB44EF9A386C069D698DD61F4309
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager\packages\avgdm85_pro_0364_052.pack --a--- 113907 bytes [18:43 14/06/2009] [18:43 14/06/2009] EF92101F8E689601DDC9BCE7D0D7E168
C:\Documents and Settings\Dave\Recent\avgremover.lnk --a--- 494 bytes [06:56 12/06/2009] [18:52 14/06/2009] C6844670CD526182386F9B0D62C421BD
C:\Documents and Settings\Dave\Recent\cavgcfbvc.lnk --a--- 494 bytes [16:30 23/03/2009] [21:03 12/04/2009] 28C258E069F4792B584FFF0C691BD563
========== folderfind ==========
Searching for "*AVG*"
C:\Documents and Settings\All Users\Application Data\Avg8 d----- [09:48 01/02/2009]
C:\Documents and Settings\All Users\Application Data\Avg8\AvgAm d----- [10:02 01/02/2009]
C:\Documents and Settings\All Users\Application Data\Avg8\AvgApi d----- [10:02 01/02/2009]
C:\Documents and Settings\Dave\Application Data\AVG8 d----- [18:42 14/06/2009]
C:\Documents and Settings\Dave\Local Settings\Temp\AVGDownloadManager d----- [18:42 14/06/2009]
========== regfind ==========
Searching for "AVG"
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\AVGeneral]
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\8.0\AVGeneral]
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AVG Free 8.0]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVG.AvgKernel]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVG.AvgKernel]
"@"=="Avg Kernel Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVG.AvgKernel\CurVer]
"@"=="AVG.AvgKernel.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVG.AvgKernel.7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVG.AvgKernel.7]
"@"=="Avg Kernel Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification]
"@"=="AVGeneralNotification Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification\CurVer]
"@"=="AVGeneralNotification.AVGeneralNotification.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification.1]
"@"=="AVGeneralNotification Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239A3C5E-8D41-11D1-B675-00C04FA3C554}]
"@"=="AVGeneralNotification Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239A3C5E-8D41-11D1-B675-00C04FA3C554}\ProgID]
"@"=="AVGeneralNotification.AVGeneralNotification.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239A3C5E-8D41-11D1-B675-00C04FA3C554}\VersionIndependentProgID]
"@"=="AVGeneralNotification.AVGeneralNotification"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1071-989B-0000E87B4FB1}]
"@"=="Avg Kernel Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1071-989B-0000E87B4FB1}\InprocServer32]
"@"=="C:\Program Files\AVG\AVG8\avg7api.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1071-989B-0000E87B4FB1}\InprocServer32]
"@"=="C:\Program Files\AVG\AVG8\avg7api.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1071-989B-0000E87B4FB1}\ProgID]
"@"=="AVG.AvgKernel.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564737-3200-1071-989B-0000E87B4FB1}\VersionIndependentProgID]
"@"=="AVG.AvgKernel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}\Path]
""x86""=="C:\Program Files\AVG\AVG8\avgapix.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG8_TRAY]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
""Menu1""=="Scan with &AVG Free"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
""Menu1""=="Scan with &AVG Free"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
""Counter""=="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/sec 92 Async Data Maps/sec 94 Data Map Hits % 96 Data Map Pins/sec 98 Pin Reads/sec 100 Sync Pin Reads/sec 102 Async Pin Reads/sec 104 Pin Read Hits % 106 Copy Reads/sec 108 Sync Copy Reads/sec 110 Async Copy Reads/sec 112 Copy Read Hits % 114 MDL Reads/sec 116 Sync MDL Reads/sec 118 Async MDL Reads/sec 120 MDL Read Hits % 122 Read Aheads/sec 124 Fast Reads/sec 126 Sync Fast Reads/sec 128 Async Fast Reads/sec 130 Fast Read Resource Misses/sec 132 Fast Read Not Possibles/sec 134 Lazy Write Flushes/sec 136 Lazy Write Pages/sec 138 Data Flushes/sec 140 Data Flush Pages/sec 142 % User Time 144 % Privileged Time 146 Context Switches/sec 148 Interrupts/sec 150 System Calls/sec 152 Level 1 TLB Fills/sec 154 Level 2 TLB Fills/sec 156 Enumerations Server/sec 158 Enumerations Domain/sec 160 Enumerations Other/sec 162 Missed Server Announcements 164 Missed Mailslot Datagrams 166 Missed Server List Requests 168 Server Announce Allocations Failed/sec 170 Mailslot Allocations Failed 172 Virtual Bytes Peak 174 Virtual Bytes 178 Working Set Peak 180 Working Set 182 Page File Bytes Peak 184 Page File Bytes 186 Private Bytes 188 Announcements Total/sec 190 Enumerations Total/sec 198 Current Disk Queue Length 200 % Disk Time 202 % Disk Read Time 204 % Disk Write Time 206 Avg. Disk sec/Transfer 208 Avg. Disk sec/Read 210 Avg. Disk sec/Write 212 Disk Transfers/sec 214 Disk Reads/sec 216 Disk Writes/sec 218 Disk Bytes/sec 220 Disk Read Bytes/sec 222 Disk Write Bytes/sec 224 Avg. Disk Bytes/Transfer 226 Avg. Disk Bytes/Read 228 Avg. Disk Bytes/Write 230 Process 232 Thread 234 PhysicalDisk 236 LogicalDisk 238 Processor 240 % Total Processor Time 242 % Total User Time 244 % Total Privileged Time 246 Total Interrupts/sec 248 Processes 250 Threads 252 Events 254 Semaphores 256 Mutexes 258 Sections 260 Objects 262 Redirector 264 Bytes Received/sec 266 Packets Received/sec 268 Read Bytes Paging/sec 270 Read Bytes Non-Paging/sec 272 Read Bytes Cache/sec 274 Read Bytes Network/sec 276 Bytes Transmitted/sec 278 Packets Transmitted/sec 280 Write Bytes Paging/sec 282 Write Bytes Non-Paging/sec 284 Write Bytes Cache/sec 286 Write Bytes Network/sec 288 Read Operations/sec 290 Read Operations Random/sec 292 Read Packets/sec 294 Reads Large/sec 296 Read Packets Small/sec 298 Write Operations/sec 300 Write Operations Random/sec 302 Write Packets/sec 304 Writes Large/sec 306 Write Packets Small/sec 308 Reads Denied/sec 310 Writes Denied/sec 312 Network Errors/sec 314 Server Sessions 316 Server Reconnects 318 Connects Core 320 Connects Lan Manager 2.0 322 Connects Lan Manager 2.1 324 Connects Windows NT 326 Server Disconnects 328 Server Sessions Hung 330 Server 336 Thread Wait Reason 340 Sessions Timed Out 342 Sessions Errored Out 344 Sessions Logged Off 346 Sessions Forced Off 348 Errors Logon 350 Errors Access Permissions 352 Errors Granted Access 354 Errors System 356 Blocking Requests Rejected 358 Work Item Shortages 360 Files Opened Total 362 Files Open 366 File Directory Searches 370 Pool Nonpaged Failures 372 Pool Nonpaged Peak 376 Pool Paged Failures 378 Pool Paged Peak 388 Bytes Total/sec 392 Current Commands 398 NWLink NetBIOS 400 Packets/sec 404 Context Blocks Queued/sec 406 File Data Operations/sec 408 % Free Space 410 Free Megabytes 412 Connections Open 414 Connections No Retries 416 Connections With Retries 418 Disconnects Local 420 Disconnects Remote 422 Failures Link 424 Failures Adapter 426 Connection Session Timeouts 428 Connections Canceled 430 Failures Resource Remote 432 Failures Resource Local 434 Failures Not Found 436 Failures No Listen 438 Datagrams/sec 440 Datagram Bytes/sec 442 Datagrams Sent/sec 444 Datagram Bytes Sent/sec 446 Datagrams Received/sec 448 Datagram Bytes Received/sec 452 Packets Sent/sec 456 Frames/sec 458 Frame Bytes/sec 460 Frames Sent/sec 462 Frame Bytes Sent/sec 464 Frames Received/sec 466 Frame Bytes Received/sec 468 Frames Re-Sent/sec 470 Frame Bytes Re-Sent/sec 472 Frames Rejected/sec 474 Frame Bytes Rejected/sec 476 Expirations Response 478 Expirations Ack 480 Window Send Maximum 482 Window Send Average 484 Piggyback Ack Queued/sec 486 Piggyback Ack Timeouts 488 NWLink IPX 490 NWLink SPX 492 NetBEUI 494 NetBEUI Resource 496 Used Maximum 498 Used Average 500 Times Exhausted 502 NBT Connection 506 Bytes Sent/sec 508 Total Bytes/sec 510 Network Interface 512 Bytes/sec 520 Current Bandwidth 524 Packets Received Unicast/sec 526 Packets Received Non-Unicast/sec 528 Packets Received Discarded 530 Packets Received Errors 532 Packets Received Unknown 536 Packets Sent Unicast/sec 538 Packets Sent Non-Unicast/sec 540 Packets Outbound Discarded 542 Packets Outbound Errors 544 Output Queue Length 546 IP 552 Datagrams Received Header Errors 554 Datagrams Received Address Errors 556 Datagrams Forwarded/sec 558 Datagrams Received Unknown Protocol 560 Datagrams Received Discarded 562 Datagrams Received Delivered/sec 566 Datagrams Outbound Discarded 568 Datagrams Outbound No Route 570 Fragments Received/sec 572 Fragments Re-assembled/sec 574 Fragment Re-assembly Failures 576 Fragmented Datagrams/sec 578 Fragmentation Failures 580 Fragments Created/sec 582 ICMP 584 Messages/sec 586 Messages Received/sec 588 Messages Received Errors 590 Received Dest. Unreachable 592 Received Time Exceeded 594 Received Parameter Problem 596 Received Source Quench 598 Received Redirect/sec 600 Received Echo/sec 602 Received Echo Reply/sec 604 Received Timestamp/sec 606 Received Timestamp Reply/sec 608 Received Address Mask 610 Received Address Mask Reply 612 Messages Sent/sec 614 Messages Outbound Errors 616 Sent Destination Unreachable 618 Sent Time Exceeded 620 Sent Parameter Problem 622 Sent Source Quench 624 Sent Redirect/sec 626 Sent Echo/sec 628 Sent Echo Reply/sec 630 Sent Timestamp/sec 632 Sent Timestamp Reply/sec 634 Sent Address Mask 636 Sent Address Mask Reply 638 TCP 640 Segments/sec 642 Connections Established 644 Connections Active 646 Connections Passive 648 Connection Failures 650 Connections Reset 652 Segments Received/sec 654 Segments Sent/sec 656 Segments Retransmitted/sec 658 UDP 660 % Total DPC Time 662 % Total Interrupt Time 664 Datagrams No Port/sec 666 Datagrams Received Errors 670 Disk Storage Unit 672 Allocation Failures 674 System Up Time 676 System Handle Count 678 Free System Page Table Entries 680 Thread Count 682 Priority Base 684 Elapsed Time 686 Alignment Fixups/sec 688 Exception Dispatches/sec 690 Floating Emulations/sec 692 Logon/sec 694 Priority Current 696 % DPC Time 698 % Interrupt Time 700 Paging File 702 % Usage 704 % Usage Peak 706 Start Address 708 User PC 710 Mapped Space No Access 712 Mapped Space Read Only 714 Mapped Space Read/Write 716 Mapped Space Write Copy 718 Mapped Space Executable 720 Mapped Space Exec Read Only 722 Mapped Space Exec Read/Write 724 Mapped Space Exec Write Copy 726 Reserved Space No Access 728 Reserved Space Read Only 730 Reserved Space Read/Write 732 Reserved Space Write Copy 734 Reserved Space Executable 736 Reserved Space Exec Read Only 738 Reserved Space Exec Read/Write 740 Image 742 Reserved Space Exec Write Copy 744 Unassigned Space No Access 746 Unassigned Space Read Only 748 Unassigned Space Read/Write 750 Unassigned Space Write Copy 752 Unassigned Space Executable 754 Unassigned Space Exec Read Only 756 Unassigned Space Exec Read/Write 758 Unassigned Space Exec Write Copy 760 Image Space No Access 762 Image Space Read Only 764 Image Space Read/Write 766 Image Space Write Copy 768 Image Space Executable 770 Image Space Exec Read Only 772 Image Space Exec Read/Write 774 Image Space Exec Write Copy 776 Bytes Image Reserved 778 Bytes Image Free 780 Bytes Reserved 782 Bytes Free 784 ID Process 786 Process Address Space 788 No Access 790 Read Only 792 Read/Write 794 Write Copy 796 Executable 798 Exec Read Only 800 Exec Read/Write 802 Exec Write Copy 804 ID Thread 806 Mailslot Receives Failed 808 Mailslot Writes Failed 810 Mailslot Opens Failed/sec 812 Duplicate Master Announcements 814 Illegal Datagrams/sec 816 Thread Details 818 Cache Bytes 820 Cache Bytes Peak 822 Pages Input/sec 870 RAS Port 872 Bytes Transmitted 874 Bytes Received 876 Frames Transmitted 878 Frames Received. 880 Percent Compression Out 882 Percent Compression In 884 CRC Errors 886 Timeout Errors 888 Serial Overrun Errors 890 Alignment Errors 892 Buffer Overrun Errors 894 Total Errors 896 Bytes Transmitted/Sec 898 Bytes Received/Sec 900 Frames Transmitted/Sec 902 Frames Received/Sec 904 Total Errors/Sec 906 RAS Total 908 Total Connections 920 WINS Server 922 Unique Registrations/sec 924 Group Registrations/sec 926 Total Number of Registrations/sec 928 Unique Renewals/sec 930 Group Renewals/sec 932 Total Number of Renewals/sec 934 Releases/sec 936 Queries/sec 938 Unique Conflicts/sec 940 Group Conflicts/sec 942 Total Number of Conflicts/sec 944 Successful Releases/sec 946 Failed Releases/sec 948 Successful Queries/sec 950 Failed Queries/sec 952 Handle Count 1000 MacFile Server 1002 Max Paged Memory 1004 Current Paged Memory 1006 Max NonPaged Memory 1008 Current NonPaged memory 1010 Current Sessions 1012 Maximum Sessions 1014 Current Files Open 1016 Maximum Files Open 1018 Failed Logons 1020 Data Read/sec 1022 Data Written/sec 1024 Data Received/sec 1026 Data Transmitted/sec 1028 Current Queue Length 1030 Maximum Queue Length 1032 Current Threads 1034 Maximum Threads 1050 AppleTalk 1052 Packets In/sec 1054 Packets Out/sec 1056 Bytes In/sec 1058 Bytes Out/sec 1060 Average Time/DDP Packet 1062 DDP Packets/sec 1064 Average Time/AARP Packet 1066 AARP Packets/sec 1068 Average Time/ATP Packet 1070 ATP Packets/sec 1072 Average Time/NBP Packet 1074 NBP Packets/sec 1076 Average Time/ZIP Packet 1078 ZIP Packets/sec 1080 Average Time/RTMP Packet 1082 RTMP Packets/sec 1084 ATP Retries Local 1086 ATP Response Timouts 1088 ATP XO Response/Sec 1090 ATP ALO Response/Sec 1092 ATP Recvd Release/Sec 1094 Current NonPaged Pool 1096 Packets Routed In/Sec 1098 Packets dropped 1100 ATP Retries Remote 1102 Packets Routed Out/Sec 1110 Network Segment 1112 Total frames received/second 1114 Total bytes received/second 1116 Broadcast frames received/second 1118 Multicast frames received/second 1120 % Network utilization 1124 % Broadcast Frames 1126 % Multicast Frames 1150 Telephony 1152 Lines 1154 Telephone Devices 1156 Active Lines 1158 Active Telephones 1160 Outgoing Calls/sec 1162 Incoming Calls/sec 1164 Client Apps 1166 Current Outgoing Calls 1168 Current Incoming Calls 1228 Gateway Service For NetWare 1230 Client Service For NetWare 1232 Packet Burst Read NCP Count/sec 1234 Packet Burst Read Timeouts/sec 1236 Packet Burst Write NCP Count/sec 1238 Packet Burst Write Timeouts/sec 1240 Packet Burst IO/sec 1242 Connect NetWare 2.x 1244 Connect NetWare 3.x 1246 Connect NetWare 4.x 1260 Logon Total 1300 Server Work Queues 1302 Queue Length 1304 Active Threads 1306 Available Threads 1308 Available Work Items 1310 Borrowed Work Items 1312 Work Item Shortages 1314 Current Clients 1320 Bytes Transferred/sec 1324 Read Bytes/sec 1328 Write Bytes/sec 1332 Total Operations/sec 1334 DPCs Queued/sec 1336 DPC Rate 1342 Total DPCs Queued/sec 1344 Total DPC Rate 1350 % Registry Quota In Use 1360 VL Memory 1362 VLM % Virtual Size In Use 1364 VLM Virtual Size 1366 VLM Virtual Size Peak 1368 VLM Virtual Size Available 1370 VLM Commit Charge 1372 VLM Commit Charge Peak 1374 System VLM Commit Charge 1376 System VLM Commit Charge Peak 1378 System VLM Shared Commit Charge 1380 Available KBytes 1382 Available MBytes 1400 Avg. Disk Queue Length 1402 Avg. Disk Read Queue Length 1404 Avg. Disk Write Queue Length 1406 % Committed Bytes In Use 1408 Full Image 1410 Creating Process ID 1412 IO Read Operations/sec 1414 IO Write Operations/sec 1416 IO Data Operations/sec 1418 IO Other Operations/sec 1420 IO Read Bytes/sec 1422 IO Write Bytes/sec 1424 IO Data Bytes/sec 1426 IO Other Bytes/sec 1450 Print Queue 1452 Total Jobs Printed 1454 Bytes Printed/sec 1456 Total Pages Printed 1458 Jobs 1460 References 1462 Max References 1464 Jobs Spooling 1466 Max Jobs Spooling 1468 Out of Paper Errors 1470 Not Ready Errors 1472 Job Errors 1474 Enumerate Network Printer Calls 1476 Add Network Printer Calls 1478 Working Set - Private 1480 Working Set - Shared 1482 % Idle Time 1484 Split IO/Sec 1500 Job Object 1502 Current % Processor Time 1504 Current % User Mode Time 1506 Current % Kernel Mode Time 1508 This Period mSec - Processor 1510 This Period mSec - User Mode 1512 This Period mSec - Kernel Mode 1514 Pages/Sec 1516 Process Count - Total 1518 Process Count - Active 1520 Process Count - Terminated 1522 Total mSec - Processor 1524 Total mSec - User Mode 1526 Total mSec - Kernel Mode 1548 Job Object Details 1746 % Idle Time 1748 % C1 Time 1750 % C2 Time 1752 % C3 Time 1754 C1 Transitions/sec 1756 C2 Transitions/sec 1758 C3 Transitions/sec 1760 Heap 1762 Committed Bytes 1764 Reserved Bytes 1766 Virtual Bytes 1768 Free Bytes 1770 Free List Length 1772 Avg. alloc rate 1774 Avg. free rate 1776 Uncommitted Ranges Length 1778 Allocs - Frees 1780 Cached Allocs/sec 1782 Cached Frees/sec 1784 Allocs <1K/sec 1786 Frees <1K/sec 1788 Allocs 1-8K/sec 1790 Frees 1-8K/sec 1792 Allocs over 8K/sec 1794 Frees over 8K/sec 1796 Total Allocs/sec 1798 Total Frees/sec 1800 Blocks in Heap Cache 1802 Largest Cache Depth 1804 % Fragmentation 1806 % VAFragmentation 1808 Heap Lock contention 1846 End Marker 1848 RSVP Service 1850 Network Interfaces 1852 Network sockets 1854 Timers 1856 RSVP sessions 1858 QoS clients 1860 QoS-enabled senders 1862 QoS-enabled receivers 1864 Failed QoS requests 1866 Failed QoS sends 1868 QoS notifications 1870 Bytes in QoS notifications 1872 RSVP Interfaces 1874 Signaling bytes received 1876 Signaling bytes sent 1878 PATH messages received 1880 RESV messages received 1882 PATH ERR messages received 1884 RESV ERR messages received 1886 PATH TEAR messages received 1888 RESV TEAR messages received 1890 RESV CONFIRM messages received 1892 PATH messages sent 1894 RESV messages sent 1896 PATH ERR messages sent 1898 RESV ERR messages sent 1900 PATH TEAR messages sent 1902 RESV TEAR messages sent 1904 RESV CONFIRM messages sent 1906 Resource control failures 1908 Policy control failures 1910 General failures 1912 Blocked RESVs 1914 RESV state block timeouts 1916 PATH state block timeouts 1918 Send messages errors - Big messages 1920 Receive messages errors - Big messages 1922 Send messages errors - No memory 1924 Receive messages errors - No memory 1926 Number of incoming messages dropped 1928 Number of outgoing messages dropped 1930 Number of active flows 1932 Reserved bandwidth 1934 Maximum admitted bandwidth 1936 PSched Flow 1938 PSched Pipe 1940 Packets dropped 1942 Packets scheduled 1944 Packets transmitted 1946 Average packets in shaper 1948 Max packets in shaper 1950 Average packets in sequencer 1952 Max packets in sequencer 1954 Bytes scheduled 1956 Bytes transmitted 1958 Bytes transmitted/sec 1960 Bytes scheduled/sec 1962 Packets transmitted/sec 1964 Packets scheduled/sec 1966 Packets dropped/sec 1968 Nonconforming packets scheduled 1970 Nonconforming packets scheduled/sec 1972 Nonconforming packets transmitted 1974 Nonconforming packets transmitted/sec 1976 Maximum Packets in netcard 1978 Average Packets in netcard 1980 Out of packets 1982 Flows opened 1984 Flows closed 1986 Flows rejected 1988 Flows modified 1990 Flow mods rejected 1992 Max simultaneous flows 1994 Nonconforming packets scheduled 1996 Nonconforming packets scheduled/sec 1998 Nonconforming packets transmitted 2000 Nonconforming packets transmitted/sec 2002 Average packets in shaper 2004 Max packets in shaper 2006 Average packets in sequencer 2008 Max packets in sequencer 2010 Max packets in netcard 2012 Average packets in netcard 2014 RAS Port 2016 Bytes Transmitted 2018 Bytes Received 2020 Frames Transmitted 2022 Frames Received 2024 Percent Compression Out 2026 Percent Compression In 2028 CRC Errors 2030 Timeout Errors 2032 Serial Overrun Errors 2034 Alignment Errors 2036 Buffer Overrun Errors 2038 Total Errors 2040 Bytes Transmitted/Sec 2042 Bytes Received/Sec 2044 Frames Transmitted/Sec 2046 Frames Received/Sec 2048 Total Errors/Sec 2050 RAS Total 2052 Total Connections 2054 Terminal Services Session 2056 Input WdBytes 2058 Input WdFrames 2060 Input WaitForOutBuf 2062 Input Frames 2064 Input Bytes 2066 Input Compressed Bytes 2068 Input Compress Flushes 2070 Input Errors 2072 Input Timeouts 2074 Input Async Frame Error 2076 Input Async Overrun 2078 Input Async Overflow 2080 Input Async Parity Error 2082 Input Transport Errors 2084 Output WdBytes 2086 Output WdFrames 2088 Output WaitForOutBuf 2090 Output Frames 2092 Output Bytes 2094 Output Compressed Bytes 2096 Output Compress Flushes 2098 Output Errors 2100 Output Timeouts 2102 Output Async Frame Error 2104 Output Async Overrun 2106 Output Async Overflow 2108 Output Async Parity Error 2110 Output Transport Errors 2112 Total WdBytes 2114 Total WdFrames 2116 Total WaitForOutBuf 2118 Total Frames 2120 Total Bytes 2122 Total Compressed Bytes 2124 Total Compress Flushes 2126 Total Errors 2128 Total Timeouts 2130 Total Async Frame Error 2132 Total Async Overrun 2134 Total Async Overflow 2136 Total Async Parity Error 2138 Total Transport Errors 2140 Total Protocol Cache Reads 2142 Total Protocol Cache Hits 2144 Total Protocol Cache Hit Ratio 2146 Protocol Bitmap Cache Reads 2148 Protocol Bitmap Cache Hits 2150 Protocol Bitmap Cache Hit Ratio 2152 Protocol Glyph Cache Reads 2154 Protocol Glyph Cache Hits 2156 Protocol Glyph Cache Hit Ratio 2158 Protocol Brush Cache Reads 2160 Protocol Brush Cache Hits 2162 Protocol Brush Cache Hit Ratio 2164 Protocol Save Screen Bitmap Cache Reads 2166 Protocol Save Screen Bitmap Cache Hits 2168 Protocol Save Screen Bitmap Cache Hit Ratio 2170 Input Compression Ratio 2172 Output Compression Ratio 2174 Total Compression Ratio 2176 Terminal Services 2178 Total Sessions 2180 Active Sessions 2182 Inactive Sessions 2184 Distributed Transaction Coordinator 2186 Active Transactions 2188 Committed Transactions 2190 Aborted Transactions 2192 In Doubt Transactions 2194 Active Transactions Maximum 2196 Force Committed Transactions 2198 Force Aborted Transactions 2200 Response Time -- Minimum 2202 Response Time -- Average 2204 Response Time -- Maximum 2206 Transactions/sec 2208 Committed Transactions/sec 2210 Aborted Transactions/sec 2218 .NET CLR Networking 2220 Connections Established 2222 Bytes Received 2224 Bytes Sent 2226 Datagrams Received 2228 Datagrams Sent 2230 .NET CLR Data 2232 SqlClient: Current # pooled and nonpooled connections 2234 SqlClient: Current # pooled connections 2236 SqlClient: Current # connection pools 2238 SqlClient: Peak # pooled connections 2240 SqlClient: Total # failed connects 2242 SqlClient: Total # failed commands 2244 .NET CLR Memory 2246 # Gen 0 Collections 2248 # Gen 1 Collections 2250 # Gen 2 Collections 2252 Promoted Memory from Gen 0 2254 Promoted Memory from Gen 1 2256 Gen 0 Promoted Bytes/Sec 2258 Gen 1 Promoted Bytes/Sec 2260 Promoted Finalization-Memory from Gen 0 2262 Promoted Finalization-Memory from Gen 1 2264 Gen 0 heap size 2266 Gen 1 heap size 2268 Gen 2 heap size 2270 Large Object Heap size 2272 Finalization Survivors 2274 # GC Handles 2276 Allocated Bytes/sec 2278 # Induced GC 2280 % Time in GC 2282 Not Displayed 2284 # Bytes in all Heaps 2286 # Total committed Bytes 2288 # Total reserved Bytes 2290 # of Pinned Objects 2292 # of Sink Blocks in use 2294 .NET CLR Loading 2296 Total Classes Loaded 2298 % Time Loading 2300 Assembly Search Length 2302 Total # of Load Failures 2304 Rate of Load Failures 2306 Bytes in Loader Heap 2308 Total appdomains unloaded 2310 Rate of appdomains unloaded 2312 Current Classes Loaded 2314 Rate of Classes Loaded 2316 Current appdomains 2318 Total Appdomains 2320 Rate of appdomains 2322 Current Assemblies 2324 Total Assemblies 2326 Rate of Assemblies 2328 .NET CLR Jit 2330 # of Methods Jitted 2332 # of IL Bytes Jitted 2334 Total # of IL Bytes Jitted 2336 IL Bytes Jitted / sec 2338 Standard Jit Failures 2340 % Time in Jit 2342 Not Displayed 2344 .NET CLR Interop 2346 # of CCWs 2348 # of Stubs 2350 # of marshalling 2352 # of TLB imports / sec 2354 # of TLB exports / sec 2356 .NET CLR LocksAndThreads 2358 Total # of Contentions 2360 Contention Rate / sec 2362 Current Queue Length 2364 Queue Length Peak 2366 Queue Length / sec 2368 # of current logical Threads 2370 # of current physical Threads 2372 # of current recognized threads 2374 # of total recognized threads 2376 rate of recognized threads / sec 2378 .NET CLR Security 2380 Total Runtime Checks 2382 % Time Sig. Authenticating 2384 # Link Time Checks 2386 % Time in RT checks 2388 Not Displayed 2390 Stack Walk Depth 2392 .NET CLR Remoting 2394 Remote Calls/sec 2396 Channels 2398 Context Proxies 2400 Context-Bound Classes Loaded 2402 Context-Bound Objects Alloc / sec 2404 Contexts 2406 Total Remote Calls 2408 .NET CLR Exceptions 2410 # of Exceps Thrown 2412 # of Exceps Thrown / sec 2414 # of Filters / sec 2416 # of Finallys / sec 2418 Throw To Catch Depth / sec 2420 Indexing Service 2422 Word lists 2424 Saved indexes 2426 Index size (MB) 2428 Files to be indexed 2430 Unique keys 2432 Running queries 2434 Merge progress 2436 # documents indexed 2438 Total # documents 2440 Total # of queries 2442 Deferred for indexing 2444 Indexing Service Filter 2446 Total indexing speed (MB/hr) 2448 Binding time (msec) 2450 Indexing speed (MB/hr) 2452 Http Indexing Service 2454 Cache items 2456 % Cache hits 2458 Total cache accesses 1 2460 % Cache misses 2462 Total cache accesses 2 2464 Active queries 2466 Total queries 2468 Queries per minute 2470 Current requests queued 2472 Total requests rejected 3070 MSSQL$VAIO_VEDB:Buffer Manager 3072 Reserved pages 3074 Checkpoint pages/sec 3076 AWE lookup maps/sec 3078 Page writes/sec 3080 Total pages 3082 AWE unmap calls/sec 3084 Target pages 3086 AWE unmap pages/sec 3088 Buffer cache hit ratio base 3090 Free list stalls/sec 3092 Database pages 3094 Page life expectancy 3096 Buffer cache hit ratio 3098 AWE write maps/sec 3100 Page lookups/sec 3102 Stolen pages 3104 Page reads/sec 3106 Free pages 3108 Lazy writes/sec 3110 Readahead pages/sec 3112 AWE stolen maps/sec 3114 Procedure cache pages 3116 MSSQL$VAIO_VEDB:Buffer Partition 3118 Free pages 3120 Free list requests/sec 3122 Free list empty/sec 3124 MSSQL$VAIO_VEDB:General Statistics 3126 Logins/sec 3128 Logouts/sec 3130 User Connections 3132 MSSQL$VAIO_VEDB:Locks 3134 Lock Wait Time (ms) 3136 Lock Waits/sec 3138 Average Wait Time Base 3140 Number of Deadlocks/sec 3142 Lock Timeouts/sec 3144 Lock Requests/sec 3146 Average Wait Time (ms) 3148 MSSQL$VAIO_VEDB:Databases 3150 Repl. Pending Xacts 3152 DBCC Logical Scan Bytes/sec 3154 Repl. Trans. Rate 3156 Log File(s) Size (KB) 3158 Log Truncations 3160 Percent Log Used 3162 Log Shrinks 3164 Bulk Copy Throughput/sec 3166 Log Flush Wait Time 3168 Active Transactions 3170 Log Cache Reads/sec 3172 Log Flush Waits/sec 3174 Backup/Restore Throughput/sec 3176 Shrink Data Movement Bytes/sec 3178 Log Growths 3180 Transactions/sec 3182 Log Cache Hit Ratio Base 3184 Log Bytes Flushed/sec 3186 Log File(s) Used Size (KB) 3188 Log Cache Hit Ratio 3190 Data File(s) Size (KB) 3192 Bulk Copy Rows/sec 3194 Log Flushes/sec 3196 MSSQL$VAIO_VEDB:Latches 3198 Total Latch Wait Time (ms) 3200 Latch Waits/sec 3202 Average Latch Wait Time (ms) 3204 Average Latch Wait Time Base 3206 MSSQL$VAIO_VEDB:Access Methods 3208 Extents Allocated/sec 3210 Worktables Created/sec 3212 Skipped Ghosted Records/sec 3214 Full Scans/sec 3216 Pages Allocated/sec 3218 Page Splits/sec 3220 Mixed page allocations/sec 3222 Extent Deallocations/sec 3224 Probe Scans/sec 3226 FreeSpace Page Fetches/sec 3228 Worktables From Cache Base 3230 Table Lock Escalations/sec 3232 Page Deallocations/sec 3234 Worktables From Cache Ratio 3236 Index Searches/sec 3238 FreeSpace Scans/sec 3240 Forwarded Records/sec 3242 Workfiles Created/sec 3244 Scan Point Revalidations/sec 3246 Range Scans/sec 3248 MSSQL$VAIO_VEDB:SQL Statistics 3250 Auto-Param Attempts/sec 3252 Batch Requests/sec 3254 SQL Re-Compilations/sec 3256 Unsafe Auto-Params/sec 3258 SQL Compilations/sec 3260 Failed Auto-Params/sec 3262 Safe Auto-Params/sec 3264 MSSQL$VAIO_VEDB:Cache Manager 3266 Cache Use Counts/sec 3268 Cache Hit Ratio Base 3270 Cache Object Counts 3272 Cache Hit Ratio 3274 Cache Pages 3276 MSSQL$VAIO_VEDB:Memory Manager 3278 Maximum Workspace Memory (KB) 3280 Connection Memory (KB) 3282 Memory Grants Pending 3284 Granted Workspace Memory (KB) 3286 SQL Cache Memory (KB) 3288 Optimizer Memory (KB) 3290 Lock Blocks 3292 Total Server Memory (KB) 3294 Lock Owner Blocks Allocated 3296 Lock Memory (KB) 3298 Lock Blocks Allocated 3300 Target Server Memory(KB) 3302 Lock Owner Blocks 3304 Memory Grants Outstanding 3306 MSSQL$VAIO_VEDB:User Settable 3308 Query 3310 MSSQL$VAIO_VEDB:Replication Agents 3312 Running 3314 MSSQL$VAIO_VEDB:Replication Merge 3316 Conflicts/sec 3318 Uploaded Changes/sec 3320 Downloaded Changes/sec 3322 MSSQL$VAIO_VEDB:Replication Logreader 3324 Logreader:Delivery Latency 3326 Logreader:Delivered Trans/sec 3328 Logreader:Delivered Cmds/sec 3330 MSSQL$VAIO_VEDB:Replication Dist. 3332 Dist:Delivered Trans/sec 3334 Dist:Delivery Latency 3336 Dist:Delivered Cmds/sec 3338 MSSQL$VAIO_VEDB:Replication Snapshot 3340 Snapshot:Delivered Trans/sec 3342 Snapshot:Delivered Cmds/sec 3344 MSSQL$VAIO_VEDB:Backup Device 3346 Device Throughput Bytes/sec 3958 .NET Data Provider for Oracle 3960 HardConnectsPerSecond 3962 HardDisconnectsPerSecond 3964 SoftConnectsPerSecond 3966 SoftDisconnectsPerSecond 3968 NumberOfNonPooledConnections 3970 NumberOfPooledConnections 3972 NumberOfActiveConnectionPoolGroups 3974 NumberOfInactiveConnectionPoolGroups 3976 NumberOfActiveConnectionPools 3978 NumberOfInactiveConnectionPools 3980 NumberOfActiveConnections 3982 NumberOfFreeConnections 3984 NumberOfStasisConnections 3986 NumberOfReclaimedConnections 3988 .NET Data Provider for SqlServer 3990 HardConnectsPerSecond 3992 HardDisconnectsPerSecond 3994 SoftConnectsPerSecond 3996 SoftDisconnectsPerSecond 3998 NumberOfNonPooledConnections 4000 NumberOfPooledConnections 4002 NumberOfActiveConnectionPoolGroups 4004 NumberOfInactiveConnectionPoolGroups 4006 NumberOfActiveConnectionPools 4008 NumberOfInactiveConnectionPools 4010 NumberOfActiveConnections 4012 NumberOfFreeConnections 4014 NumberOfStasisConnections 4016 NumberOfReclaimedConnections 5196 ASP.NET State Service 5402 State Server Sessions Active 5404 State Server Sessions Abandoned 5406 State Server Sessions Timed Out 5408 State Server Sessions Total 5410 ASP.NET v2.0.50727 5412 ASP.NET Apps v2.0.50727 5414 Application Restarts 5416 Applications Running 5418 Requests Disconnected 5420 Request Execution Time 5422 Requests Rejected 5424 Requests Queued 5426 Worker Processes Running 5428 Worker Process Restarts 5430 Request Wait Time 5432 State Server Sessions Active 5434 State Server Sessions Abandoned 5436 State Server Sessions Timed Out 5438 State Server Sessions Total 5440 Requests Current 5442 Audit Success Events Raised 5444 Audit Failure Events Raised 5446 Error Events Raised 5448 Request Error Events Raised 5450 Infrastructure Error Events Raised 5452 Anonymous Requests 5454 Anonymous Requests/Sec 5456 Cache Total Entries 5458 Cache Total Turnover Rate 5460 Cache Total Hits 5462 Cache Total Misses 5464 Cache Total Hit Ratio 5466 Cache Total Hit Ratio Base 5468 Cache API Entries 5470 Cache API Turnover Rate 5472 Cache API Hits 5474 Cache API Misses 5476 Cache API Hit Ratio 5478 Cache API Hit Ratio Base 5480 Output Cache Entries 5482 Output Cache Turnover Rate 5484 Output Cache Hits 5486 Output Cache Misses 5488 Output Cache Hit Ratio 5490 Output Cache Hit Ratio Base 5492 Compilations Total 5494 Debugging Requests 5496 Errors During Preprocessing 5498 Errors During Compilation 5500 Errors During Execution 5502 Errors Unhandled During Execution 5504 Errors Unhandled During Execution/Sec 5506 Errors Total 5508 Errors Total/Sec 5510 Pipeline Instance Count 5512 Request Bytes In Total 5514 Request Bytes Out Total 5516 Requests Executing 5518 Requests Failed 5520 Requests Not Found 5522 Requests Not Authorized 5524 Requests In Application Queue 5526 Requests Timed Out 5528 Requests Succeeded 5530 Requests Total 5532 Requests/Sec 5534 Sessions Active 5536 Sessions Abandoned 5538 Sessions Timed Out 5540 Sessions Total 5542 Transactions Aborted 5544 Transactions Committed 5546 Transactions Pending 5548 Transactions Total 5550 Transactions/Sec 5552 Session State Server connections total 5554 Session SQL Server connections total 5556 Events Raised 5558 Events Raised/Sec 5560 Application Lifetime Events 5562 Application Lifetime Events/Sec 5564 Error Events Raised 5566 Error Events Raised/Sec 5568 Request Error Events Raised 5570 Request Error Events Raised/Sec 5572 Infrastructure Error Events Raised 5574 Infrastructure Error Events Raised/Sec 5576 Request Events Raised 5578 Request Events Raised/Sec 5580 Audit Success Events Raised 5582 Audit Failure Events Raised 5584 Membership Authentication Success 5586 Membership Authentication Failure 5588 Forms Authentication Success 5590 Forms Authentication Failure 5592 Viewstate MAC Validation Failure 5594 Request Execution Time 5596 Requests Disconnected 5598 Requests Rejected 5600 Request Wait Time 5602 Cache % Machine Memory Limit Used 5604 Cache % Machine Memory Limit Used Base 5606 Cache % Process Memory Limit Used 5608 Cache % Process Memory Limit Used Base 5610 Cache Total Trims 5612 Cache API Trims 5614 Output Cache Trims 5616 ASP.NET 5618 ASP.NET Applications 5620 Application Restarts 5622 Applications Running 5624 Requests Disconnected 5626 Request Execution Time 5628 Requests Rejected 5630 Requests Queued 5632 Worker Processes Running 5634 Worker Process
Restarts 5636 Request Wait Time 5638 State Server Sessions Active 5640 State Server Sessions Abandoned 5642 State Server Sessions Timed Out 5644 State Server Sessions Total 5646 Requests Current 5648 Audit Success Events Raised 5650 Audit Failure Events Raised 5652 Error Events Raised 5654 Request Error Events Raised 5656 Infrastructure Error Events Raised 5658 Anonymous Requests 5660 Anonymous Requests/Sec 5662 Cache Total Entries 5664 Cache Total Turnover Rate 5666 Cache Total Hits 5668 Cache Total Misses 5670 Cache Total Hit Ratio 5672 Cache Total Hit Ratio Base 5674 Cache API Entries 5676 Cache API Turnover Rate 5678 Cache API Hits 5680 Cache API Misses 5682 Cache API Hit Ratio 5684 Cache API Hit Ratio Base 5686 Output Cache Entries 5688 Output Cache Turnover Rate 5690 Output Cache Hits 5692 Output Cache Misses 5694 Output Cache Hit Ratio 5696 Output Cache Hit Ratio Base 5698 Compilations Total 5700 Debugging Requests 5702 Errors During Preprocessing 5704 Errors During Compilation 5706 Errors During Execution 5708 Errors Unhandled During Execution 5710 Errors Unhandled During Execution/Sec 5712 Errors Total 5714 Errors Total/Sec 5716 Pipeline Instance Count 5718 Request Bytes In Total 5720 Request Bytes Out Total 5722 Requests Executing 5724 Requests Failed 5726 Requests Not Found 5728 Requests Not Authorized 5730 Requests In Application Queue 5732 Requests Timed Out 5734 Requests Succeeded 5736 Requests Total 5738 Requests/Sec 5740 Sessions Active 5742 Sessions Abandoned 5744 Sessions Timed Out 5746 Sessions Total 5748 Transactions Aborted 5750 Transactions Committed 5752 Transactions Pending 5754 Transactions Total 5756 Transactions/Sec 5758 Session State Server connections total 5760 Session SQL Server connections total 5762 Events Raised 5764 Events Raised/Sec 5766 Application Lifetime Events 5768 Application Lifetime Events/Sec 5770 Error Events Raised 5772 Error Events Raised/Sec 5774 Request Error Events Raised 5776 Request Error Events Raised/Sec 5778 Infrastructure Error Events Raised 5780 Infrastructure Error Events Raised/Sec 5782 Request Events Raised 5784 Request Events Raised/Sec 5786 Audit Success Events Raised 5788 Audit Failure Events Raised 5790 Membership Authentication Success 5792 Membership Authentication Failure 5794 Forms Authentication Success 5796 Forms Authentication Failure 5798 Viewstate MAC Validation Failure 5800 Request Execution Time 5802 Requests Disconnected 5804 Requests Rejected 5806 Request Wait Time 5808 Cache % Machine Memory Limit Used 5810 Cache % Machine Memory Limit Used Base 5812 Cache % Process Memory Limit Used 5814 Cache % Process Memory Limit Used Base 5816 Cache Total Trims 5818 Cache API Trims 5820 Output Cache Trims 5822 Windows Workflow Foundation 5824 Workflows Created 5826 Workflows Created/sec 5828 Workflows Unloaded 5830 Workflows Unloaded/sec 5832 Workflows Loaded 5834 Workflows Loaded/sec 5836 Workflows Completed 5838 Workflows Completed/sec 5840 Workflows Suspended 5842 Workflows Suspended/sec 5844 Workflows Terminated 5846 Workflows Terminated/sec 5848 Workflows In Memory 5850 Workflows Aborted 5852 Workflows Aborted/sec 5854 Workflows Persisted 5856 Workflows Persisted/sec 5858 Workflows Executing 5860 Workflows Idle/sec 5862 Workflows Runnable 5864 Workflows Pending 5866 ServiceModelEndpoint 3.0.0.0 5868 Calls 5870 Calls Per Second 5872 Calls Outstanding 5874 Calls Failed 5876 Calls Failed Per Second 5878 Calls Faulted 5880 Calls Faulted Per Second 5882 Calls Duration 5884 Calls Duration Base 5886 Transactions Flowed 5888 Transactions Flowed Per Second 5890 Security Validation and Authentication Failures 5892 Security Validation and Authentication Failures Per Second 5894 Security Calls Not Authorized 5896 Security Calls Not Authorized Per Second 5898 Reliable Messaging Sessions Faulted 5900 Reliable Messaging Sessions Faulted Per Second 5902 Reliable Messaging Messages Dropped 5904 Reliable Messaging Messages Dropped Per Second 5906 ServiceModelOperation 3.0.0.0 5908 Calls 5910 Calls Per Second 5912 Calls Outstanding 5914 Calls Failed 5916 Call Failed Per Second 5918 Calls Faulted 5920 Calls Faulted Per Second 5922 Calls Duration 5924 Calls Duration Base 5926 Transactions Flowed 5928 Transactions Flowed Per Second 5930 Security Validation and Authentication Failures 5932 Security Validation and Authentication Failures Per Second 5934 Security Calls Not Authorized 5936 Security Calls Not Authorized Per Second 5938 ServiceModelService 3.0.0.0 5940 Calls 5942 Calls Per Second 5944 Calls Outstanding 5946 Calls Failed 5948 Calls Failed Per Second 5950 Calls Faulted 5952 Calls Faulted Per Second 5954 Calls Duration 5956 Calls Duration Base 5958 Transactions Flowed 5960 Transactions Flowed Per Second 5962 Transacted Operations Committed 5964 Transacted Operations Committed Per Second 5966 Transacted Operations Aborted 5968 Transacted Operations Aborted Per Second 5970 Transacted Operations In Doubt 5972 Transacted Operations In Doubt Per Second 5974 Security Validation and Authentication Failures 5976 Security Validation and Authentication Failures Per Second 5978 Security Calls Not Authorized 5980 Security Calls Not Authorized Per Second 5982 Instances 5984 Instances Created Per Second 5986 Reliable Messaging Sessions Faulted 5988 Reliable Messaging Sessions Faulted Per Second 5990 Reliable Messaging Messages Dropped 5992 Reliable Messaging Messages Dropped Per Second 5994 Queued Poison Messages 5996 Queued Poison Messages Per Second 5998 Queued Messages Rejected 6000 Queued Messages Rejected Per Second 6002 Queued Messages Dropped 6004 Queued Messages Dropped Per Second 6006 SMSvcHost 3.0.0.0 6008 Protocol Failures over net.tcp 6010 Protocol Failures over net.pipe 6012 Dispatch Failures over net.tcp 6014 Dispatch Failures over net.pipe 6016 Connections Dispatched over net.tcp 6018 Connections Dispatched over net.pipe 6020 Connections Accepted over net.tcp 6022 Connections Accepted over net.pipe 6024 Registrations Active for net.tcp 6026 Registrations Active for net.pipe 6028 Uris Registered for net.tcp 6030 Uris Registered for net.pipe 6032 Uris Unregistered for net.tcp 6034 Uris Unregistered for net.pipe 6036 MSDTC Bridge 3.0.0.0 6038 Message send failures/sec 6040 Prepare retry count/sec 6042 Commit retry count/sec 6044 Prepared retry count/sec 6046 Replay retry count/sec 6048 Faults received count/sec 6050 Faults sent count/sec 6052 Average participant prepare response time 6054 Average participant prepare response time Base 6056 Average participant commit response time 6058 Average participant commit response time Base 6060 WMI Objects 6062 HiPerf Classes 6064 HiPerf Validity 6066 BatteryStatus 6068 ChargeRate 6070 DischargeRate 6072 RemainingCapacity 6074 Tag 6076 Voltage 6078 ProcessorPerformance 6080 frequency 6082 percentage 6084 power 6086 ASP.NET v1.1.4322 6088 ASP.NET Apps v1.1.4322 6090 Application Restarts 6092 Applications Running 6094 Requests Disconnected 6096 Request Execution Time 6098 Requests Rejected 6100 Requests Queued 6102 Worker Processes Running 6104 Worker Process Restarts 6106 Request Wait Time 6108 State Server Sessions Active 6110 State Server Sessions Abandoned 6112 State Server Sessions Timed Out 6114 State Server Sessions Total 6116 Requests Current 6118 Anonymous Requests 6120 Anonymous Requests/Sec 6122 Cache Total Entries 6124 Cache Total Turnover Rate 6126 Cache Total Hits 6128 Cache Total Misses 6130 Cache Total Hit Ratio 6132 Cache Total Hit Ratio Base 6134 Cache API Entries 6136 Cache API Turnover Rate 6138 Cache API Hits 6140 Cache API Misses 6142 Cache API Hit Ratio 6144 Cache API Hit Ratio Base 6146 Output Cache Entries 6148 Output Cache Turnover Rate 6150 Output Cache Hits 6152 Output Cache Misses 6154 Output Cache Hit Ratio 6156 Output Cache Hit Ratio Base 6158 Compilations Total 6160 Debugging Requests 6162 Errors During Preprocessing 6164 Errors During Compilation 6166 Errors During Execution 6168 Errors Unhandled During Execution 6170 Errors Unhandled During Execution/Sec 6172 Errors Total 6174 Errors Total/Sec 6176 Pipeline Instance Count 6178 Request Bytes In Total 6180 Request Bytes Out Total 6182 Requests Executing 6184 Requests Failed 6186 Requests Not Found 6188 Requests Not Authorized 6190 Requests In Application Queue 6192 Requests Timed Out 6194 Requests Succeeded 6196 Requests Total 6198 Requests/Sec 6200 Sessions Active 6202 Sessions Abandoned 6204 Sessions Timed Out 6206 Sessions Total 6208 Transactions Aborted 6210 Transactions Committed 6212 Transactions Pending 6214 Transactions Total 6216 Transactions/Sec 6218 Session State Server connections total 6220 Session SQL Server connections total"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
""Counter""=="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/sec 92 Async Data Maps/sec 94 Data Map Hits % 96 Data Map Pins/sec 98 Pin Reads/sec 100 Sync Pin Reads/sec 102 Async Pin Reads/sec 104 Pin Read Hits % 106 Copy Reads/sec 108 Sync Copy Reads/sec 110 Async Copy Reads/sec 112 Copy Read Hits % 114 MDL Reads/sec 116 Sync MDL Reads/sec 118 Async MDL Reads/sec 120 MDL Read Hits % 122 Read Aheads/sec 124 Fast Reads/sec 126 Sync Fast Reads/sec 128 Async Fast Reads/sec 130 Fast Read Resource Misses/sec 132 Fast Read Not Possibles/sec 134 Lazy Write Flushes/sec 136 Lazy Write Pages/sec 138 Data Flushes/sec 140 Data Flush Pages/sec 142 % User Time 144 % Privileged Time 146 Context Switches/sec 148 Interrupts/sec 150 System Calls/sec 152 Level 1 TLB Fills/sec 154 Level 2 TLB Fills/sec 156 Enumerations Server/sec 158 Enumerations Domain/sec 160 Enumerations Other/sec 162 Missed Server Announcements 164 Missed Mailslot Datagrams 166 Missed Server List Requests 168 Server Announce Allocations Failed/sec 170 Mailslot Allocations Failed 172 Virtual Bytes Peak 174 Virtual Bytes 178 Working Set Peak 180 Working Set 182 Page File Bytes Peak 184 Page File Bytes 186 Private Bytes 188 Announcements Total/sec 190 Enumerations Total/sec 198 Current Disk Queue Length 200 % Disk Time 202 % Disk Read Time 204 % Disk Write Time 206 Avg. Disk sec/Transfer 208 Avg. Disk sec/Read 210 Avg. Disk sec/Write 212 Disk Transfers/sec 214 Disk Reads/sec 216 Disk Writes/sec 218 Disk Bytes/sec 220 Disk Read Bytes/sec 222 Disk Write Bytes/sec 224 Avg. Disk Bytes/Transfer 226 Avg. Disk Bytes/Read 228 Avg. Disk Bytes/Write 230 Process 232 Thread 234 PhysicalDisk 236 LogicalDisk 238 Processor 240 % Total Processor Time 242 % Total User Time 244 % Total Privileged Time 246 Total Interrupts/sec 248 Processes 250 Threads 252 Events 254 Semaphores 256 Mutexes 258 Sections 260 Objects 262 Redirector 264 Bytes Received/sec 266 Packets Received/sec 268 Read Bytes Paging/sec 270 Read Bytes Non-Paging/sec 272 Read Bytes Cache/sec 274 Read Bytes Network/sec 276 Bytes Transmitted/sec 278 Packets Transmitted/sec 280 Write Bytes Paging/sec 282 Write Bytes Non-Paging/sec 284 Write Bytes Cache/sec 286 Write Bytes Network/sec 288 Read Operations/sec 290 Read Operations Random/sec 292 Read Packets/sec 294 Reads Large/sec 296 Read Packets Small/sec 298 Write Operations/sec 300 Write Operations Random/sec 302 Write Packets/sec 304 Writes Large/sec 306 Write Packets Small/sec 308 Reads Denied/sec 310 Writes Denied/sec 312 Network Errors/sec 314 Server Sessions 316 Server Reconnects 318 Connects Core 320 Connects Lan Manager 2.0 322 Connects Lan Manager 2.1 324 Connects Windows NT 326 Server Disconnects 328 Server Sessions Hung 330 Server 336 Thread Wait Reason 340 Sessions Timed Out 342 Sessions Errored Out 344 Sessions Logged Off 346 Sessions Forced Off 348 Errors Logon 350 Errors Access Permissions 352 Errors Granted Access 354 Errors System 356 Blocking Requests Rejected 358 Work Item Shortages 360 Files Opened Total 362 Files Open 366 File Directory Searches 370 Pool Nonpaged Failures 372 Pool Nonpaged Peak 376 Pool Paged Failures 378 Pool Paged Peak 388 Bytes Total/sec 392 Current Commands 398 NWLink NetBIOS 400 Packets/sec 404 Context Blocks Queued/sec 406 File Data Operations/sec 408 % Free Space 410 Free Megabytes 412 Connections Open 414 Connections No Retries 416 Connections With Retries 418 Disconnects Local 420 Disconnects Remote 422 Failures Link 424 Failures Adapter 426 Connection Session Timeouts 428 Connections Canceled 430 Failures Resource Remote 432 Failures Resource Local 434 Failures Not Found 436 Failures No Listen 438 Datagrams/sec 440 Datagram Bytes/sec 442 Datagrams Sent/sec 444 Datagram Bytes Sent/sec 446 Datagrams Received/sec 448 Datagram Bytes Received/sec 452 Packets Sent/sec 456 Frames/sec 458 Frame Bytes/sec 460 Frames Sent/sec 462 Frame Bytes Sent/sec 464 Frames Received/sec 466 Frame Bytes Received/sec 468 Frames Re-Sent/sec 470 Frame Bytes Re-Sent/sec 472 Frames Rejected/sec 474 Frame Bytes Rejected/sec 476 Expirations Response 478 Expirations Ack 480 Window Send Maximum 482 Window Send Average 484 Piggyback Ack Queued/sec 486 Piggyback Ack Timeouts 488 NWLink IPX 490 NWLink SPX 492 NetBEUI 494 NetBEUI Resource 496 Used Maximum 498 Used Average 500 Times Exhausted 502 NBT Connection 506 Bytes Sent/sec 508 Total Bytes/sec 510 Network Interface 512 Bytes/sec 520 Current Bandwidth 524 Packets Received Unicast/sec 526 Packets Received Non-Unicast/sec 528 Packets Received Discarded 530 Packets Received Errors 532 Packets Received Unknown 536 Packets Sent Unicast/sec 538 Packets Sent Non-Unicast/sec 540 Packets Outbound Discarded 542 Packets Outbound Errors 544 Output Queue Length 546 IP 552 Datagrams Received Header Errors 554 Datagrams Received Address Errors 556 Datagrams Forwarded/sec 558 Datagrams Received Unknown Protocol 560 Datagrams Received Discarded 562 Datagrams Received Delivered/sec 566 Datagrams Outbound Discarded 568 Datagrams Outbound No Route 570 Fragments Received/sec 572 Fragments Re-assembled/sec 574 Fragment Re-assembly Failures 576 Fragmented Datagrams/sec 578 Fragmentation Failures 580 Fragments Created/sec 582 ICMP 584 Messages/sec 586 Messages Received/sec 588 Messages Received Errors 590 Received Dest. Unreachable 592 Received Time Exceeded 594 Received Parameter Problem 596 Received Source Quench 598 Received Redirect/sec 600 Received Echo/sec 602 Received Echo Reply/sec 604 Received Timestamp/sec 606 Received Timestamp Reply/sec 608 Received Address Mask 610 Received Address Mask Reply 612 Messages Sent/sec 614 Messages Outbound Errors 616 Sent Destination Unreachable 618 Sent Time Exceeded 620 Sent Parameter Problem 622 Sent Source Quench 624 Sent Redirect/sec 626 Sent Echo/sec 628 Sent Echo Reply/sec 630 Sent Timestamp/sec 632 Sent Timestamp Reply/sec 634 Sent Address Mask 636 Sent Address Mask Reply 638 TCP 640 Segments/sec 642 Connections Established 644 Connections Active 646 Connections Passive 648 Connection Failures 650 Connections Reset 652 Segments Received/sec 654 Segments Sent/sec 656 Segments Retransmitted/sec 658 UDP 660 % Total DPC Time 662 % Total Interrupt Time 664 Datagrams No Port/sec 666 Datagrams Received Errors 670 Disk Storage Unit 672 Allocation Failures 674 System Up Time 676 System Handle Count 678 Free System Page Table Entries 680 Thread Count 682 Priority Base 684 Elapsed Time 686 Alignment Fixups/sec 688 Exception Dispatches/sec 690 Floating Emulations/sec 692 Logon/sec 694 Priority Current 696 % DPC Time 698 % Interrupt Time 700 Paging File 702 % Usage 704 % Usage Peak 706 Start Address 708 User PC 710 Mapped Space No Access 712 Mapped Space Read Only 714 Mapped Space Read/Write 716 Mapped Space Write Copy 718 Mapped Space Executable 720 Mapped Space Exec Read Only 722 Mapped Space Exec Read/Write 724 Mapped Space Exec Write Copy 726 Reserved Space No Access 728 Reserved Space Read Only 730 Reserved Space Read/Write 732 Reserved Space Write Copy 734 Reserved Space Executable 736 Reserved Space Exec Read Only 738 Reserved Space Exec Read/Write 740 Image 742 Reserved Space Exec Write Copy 744 Unassigned Space No Access 746 Unassigned Space Read Only 748 Unassigned Space Read/Write 750 Unassigned Space Write Copy 752 Unassigned Space Executable 754 Unassigned Space Exec Read Only 756 Unassigned Space Exec Read/Write 758 Unassigned Space Exec Write Copy 760 Image Space No Access 762 Image Space Read Only 764 Image Space Read/Write 766 Image Space Write Copy 768 Image Space Executable 770 Image Space Exec Read Only 772 Image Space Exec Read/Write 774 Image Space Exec Write Copy 776 Bytes Image Reserved 778 Bytes Image Free 780 Bytes Reserved 782 Bytes Free 784 ID Process 786 Process Address Space 788 No Access 790 Read Only 792 Read/Write 794 Write Copy 796 Executable 798 Exec Read Only 800 Exec Read/Write 802 Exec Write Copy 804 ID Thread 806 Mailslot Receives Failed 808 Mailslot Writes Failed 810 Mailslot Opens Failed/sec 812 Duplicate Master Announcements 814 Illegal Datagrams/sec 816 Thread Details 818 Cache Bytes 820 Cache Bytes Peak 822 Pages Input/sec 870 RAS Port 872 Bytes Transmitted 874 Bytes Received 876 Frames Transmitted 878 Frames Received. 880 Percent Compression Out 882 Percent Compression In 884 CRC Errors 886 Timeout Errors 888 Serial Overrun Errors 890 Alignment Errors 892 Buffer Overrun Errors 894 Total Errors 896 Bytes Transmitted/Sec 898 Bytes Received/Sec 900 Frames Transmitted/Sec 902 Frames Received/Sec 904 Total Errors/Sec 906 RAS Total 908 Total Connections 920 WINS Server 922 Unique Registrations/sec 924 Group Registrations/sec 926 Total Number of Registrations/sec 928 Unique Renewals/sec 930 Group Renewals/sec 932 Total Number of Renewals/sec 934 Releases/sec 936 Queries/sec 938 Unique Conflicts/sec 940 Group Conflicts/sec 942 Total Number of Conflicts/sec 944 Successful Releases/sec 946 Failed Releases/sec 948 Successful Queries/sec 950 Failed Queries/sec 952 Handle Count 1000 MacFile Server 1002 Max Paged Memory 1004 Current Paged Memory 1006 Max NonPaged Memory 1008 Current NonPaged memory 1010 Current Sessions 1012 Maximum Sessions 1014 Current Files Open 1016 Maximum Files Open 1018 Failed Logons 1020 Data Read/sec 1022 Data Written/sec 1024 Data Received/sec 1026 Data Transmitted/sec 1028 Current Queue Length 1030 Maximum Queue Length 1032 Current Threads 1034 Maximum Threads 1050 AppleTalk 1052 Packets In/sec 1054 Packets Out/sec 1056 Bytes In/sec 1058 Bytes Out/sec 1060 Average Time/DDP Packet 1062 DDP Packets/sec 1064 Average Time/AARP Packet 1066 AARP Packets/sec 1068 Average Time/ATP Packet 1070 ATP Packets/sec 1072 Average Time/NBP Packet 1074 NBP Packets/sec 1076 Average Time/ZIP Packet 1078 ZIP Packets/sec 1080 Average Time/RTMP Packet 1082 RTMP Packets/sec 1084 ATP Retries Local 1086 ATP Response Timouts 1088 ATP XO Response/Sec 1090 ATP ALO Response/Sec 1092 ATP Recvd Release/Sec 1094 Current NonPaged Pool 1096 Packets Routed In/Sec 1098 Packets dropped 1100 ATP Retries Remote 1102 Packets Routed Out/Sec 1110 Network Segment 1112 Total frames received/second 1114 Total bytes received/second 1116 Broadcast frames received/second 1118 Multicast frames received/second 1120 % Network utilization 1124 % Broadcast Frames 1126 % Multicast Frames 1150 Telephony 1152 Lines 1154 Telephone Devices 1156 Active Lines 1158 Active Telephones 1160 Outgoing Calls/sec 1162 Incoming Calls/sec 1164 Client Apps 1166 Current Outgoing Calls 1168 Current Incoming Calls 1228 Gateway Service For NetWare 1230 Client Service For NetWare 1232 Packet Burst Read NCP Count/sec 1234 Packet Burst Read Timeouts/sec 1236 Packet Burst Write NCP Count/sec 1238 Packet Burst Write Timeouts/sec 1240 Packet Burst IO/sec 1242 Connect NetWare 2.x 1244 Connect NetWare 3.x 1246 Connect NetWare 4.x 1260 Logon Total 1300 Server Work Queues 1302 Queue Length 1304 Active Threads 1306 Available Threads 1308 Available Work Items 1310 Borrowed Work Items 1312 Work Item Shortages 1314 Current Clients 1320 Bytes Transferred/sec 1324 Read Bytes/sec 1328 Write Bytes/sec 1332 Total Operations/sec 1334 DPCs Queued/sec 1336 DPC Rate 1342 Total DPCs Queued/sec 1344 Total DPC Rate 1350 % Registry Quota In Use 1360 VL Memory 1362 VLM % Virtual Size In Use 1364 VLM Virtual Size 1366 VLM Virtual Size Peak 1368 VLM Virtual Size Available 1370 VLM Commit Charge 1372 VLM Commit Charge Peak 1374 System VLM Commit Charge 1376 System VLM Commit Charge Peak 1378 System VLM Shared Commit Charge 1380 Available KBytes 1382 Available MBytes 1400 Avg. Disk Queue Length 1402 Avg. Disk Read Queue Length 1404 Avg. Disk Write Queue Length 1406 % Committed Bytes In Use 1408 Full Image 1410 Creating Process ID 1412 IO Read Operations/sec 1414 IO Write Operations/sec 1416 IO Data Operations/sec 1418 IO Other Operations/sec 1420 IO Read Bytes/sec 1422 IO Write Bytes/sec 1424 IO Data Bytes/sec 1426 IO Other Bytes/sec 1450 Print Queue 1452 Total Jobs Printed 1454 Bytes Printed/sec 1456 Total Pages Printed 1458 Jobs 1460 References 1462 Max References 1464 Jobs Spooling 1466 Max Jobs Spooling 1468 Out of Paper Errors 1470 Not Ready Errors 1472 Job Errors 1474 Enumerate Network Printer Calls 1476 Add Network Printer Calls 1478 Working Set - Private 1480 Working Set - Shared 1482 % Idle Time 1484 Split IO/Sec 1500 Job Object 1502 Current % Processor Time 1504 Current % User Mode Time 1506 Current % Kernel Mode Time 1508 This Period mSec - Processor 1510 This Period mSec - User Mode 1512 This Period mSec - Kernel Mode 1514 Pages/Sec 1516 Process Count - Total 1518 Process Count - Active 1520 Process Count - Terminated 1522 Total mSec - Processor 1524 Total mSec - User Mode 1526 Total mSec - Kernel Mode 1548 Job Object Details 1746 % Idle Time 1748 % C1 Time 1750 % C2 Time 1752 % C3 Time 1754 C1 Transitions/sec 1756 C2 Transitions/sec 1758 C3 Transitions/sec 1760 Heap 1762 Committed Bytes 1764 Reserved Bytes 1766 Virtual Bytes 1768 Free Bytes 1770 Free List Length 1772 Avg. alloc rate 1774 Avg. free rate 1776 Uncommitted Ranges Length 1778 Allocs - Frees 1780 Cached Allocs/sec 1782 Cached Frees/sec 1784 Allocs <1K/sec 1786 Frees <1K/sec 1788 Allocs 1-8K/sec 1790 Frees 1-8K/sec 1792 Allocs over 8K/sec 1794 Frees over 8K/sec 1796 Total Allocs/sec 1798 Total Frees/sec 1800 Blocks in Heap Cache 1802 Largest Cache Depth 1804 % Fragmentation 1806 % VAFragmentation 1808 Heap Lock contention 1846 End Marker 1848 RSVP Service 1850 Network Interfaces 1852 Network sockets 1854 Timers 1856 RSVP sessions 1858 QoS clients 1860 QoS-enabled senders 1862 QoS-enabled receivers 1864 Failed QoS requests 1866 Failed QoS sends 1868 QoS notifications 1870 Bytes in QoS notifications 1872 RSVP Interfaces 1874 Signaling bytes received 1876 Signaling bytes sent 1878 PATH messages received 1880 RESV messages received 1882 PATH ERR messages received 1884 RESV ERR messages received 1886 PATH TEAR messages received 1888 RESV TEAR messages received 1890 RESV CONFIRM messages received 1892 PATH messages sent 1894 RESV messages sent 1896 PATH ERR messages sent 1898 RESV ERR messages sent 1900 PATH TEAR messages sent 1902 RESV TEAR messages sent 1904 RESV CONFIRM messages sent 1906 Resource control failures 1908 Policy control failures 1910 General failures 1912 Blocked RESVs 1914 RESV state block timeouts 1916 PATH state block timeouts 1918 Send messages errors - Big messages 1920 Receive messages errors - Big messages 1922 Send messages errors - No memory 1924 Receive messages errors - No memory 1926 Number of incoming messages dropped 1928 Number of outgoing messages dropped 1930 Number of active flows 1932 Reserved bandwidth 1934 Maximum admitted bandwidth 1936 PSched Flow 1938 PSched Pipe 1940 Packets dropped 1942 Packets scheduled 1944 Packets transmitted 1946 Average packets in shaper 1948 Max packets in shaper 1950 Average packets in sequencer 1952 Max packets in sequencer 1954 Bytes scheduled 1956 Bytes transmitted 1958 Bytes transmitted/sec 1960 Bytes scheduled/sec 1962 Packets transmitted/sec 1964 Packets scheduled/sec 1966 Packets dropped/sec 1968 Nonconforming packets scheduled 1970 Nonconforming packets scheduled/sec 1972 Nonconforming packets transmitted 1974 Nonconforming packets transmitted/sec 1976 Maximum Packets in netcard 1978 Average Packets in netcard 1980 Out of packets 1982 Flows opened 1984 Flows closed 1986 Flows rejected 1988 Flows modified 1990 Flow mods rejected 1992 Max simultaneous flows 1994 Nonconforming packets scheduled 1996 Nonconforming packets scheduled/sec 1998 Nonconforming packets transmitted 2000 Nonconforming packets transmitted/sec 2002 Average packets in shaper 2004 Max packets in shaper 2006 Average packets in sequencer 2008 Max packets in sequencer 2010 Max packets in netcard 2012 Average packets in netcard 2014 RAS Port 2016 Bytes Transmitted 2018 Bytes Received 2020 Frames Transmitted 2022 Frames Received 2024 Percent Compression Out 2026 Percent Compression In 2028 CRC Errors 2030 Timeout Errors 2032 Serial Overrun Errors 2034 Alignment Errors 2036 Buffer Overrun Errors 2038 Total Errors 2040 Bytes Transmitted/Sec 2042 Bytes Received/Sec 2044 Frames Transmitted/Sec 2046 Frames Received/Sec 2048 Total Errors/Sec 2050 RAS Total 2052 Total Connections 2054 Terminal Services Session 2056 Input WdBytes 2058 Input WdFrames 2060 Input WaitForOutBuf 2062 Input Frames 2064 Input Bytes 2066 Input Compressed Bytes 2068 Input Compress Flushes 2070 Input Errors 2072 Input Timeouts 2074 Input Async Frame Error 2076 Input Async Overrun 2078 Input Async Overflow 2080 Input Async Parity Error 2082 Input Transport Errors 2084 Output WdBytes 2086 Output WdFrames 2088 Output WaitForOutBuf 2090 Output Frames 2092 Output Bytes 2094 Output Compressed Bytes 2096 Output Compress Flushes 2098 Output Errors 2100 Output Timeouts 2102 Output Async Frame Error 2104 Output Async Overrun 2106 Output Async Overflow 2108 Output Async Parity Error 2110 Output Transport Errors 2112 Total WdBytes 2114 Total WdFrames 2116 Total WaitForOutBuf 2118 Total Frames 2120 Total Bytes 2122 Total Compressed Bytes 2124 Total Compress Flushes 2126 Total Errors 2128 Total Timeouts 2130 Total Async Frame Error 2132 Total Async Overrun 2134 Total Async Overflow 2136 Total Async Parity Error 2138 Total Transport Errors 2140 Total Protocol Cache Reads 2142 Total Protocol Cache Hits 2144 Total Protocol Cache Hit Ratio 2146 Protocol Bitmap Cache Reads 2148 Protocol Bitmap Cache Hits 2150 Protocol Bitmap Cache Hit Ratio 2152 Protocol Glyph Cache Reads 2154 Protocol Glyph Cache Hits 2156 Protocol Glyph Cache Hit Ratio 2158 Protocol Brush Cache Reads 2160 Protocol Brush Cache Hits 2162 Protocol Brush Cache Hit Ratio 2164 Protocol Save Screen Bitmap Cache Reads 2166 Protocol Save Screen Bitmap Cache Hits 2168 Protocol Save Screen Bitmap Cache Hit Ratio 2170 Input Compression Ratio 2172 Output Compression Ratio 2174 Total Compression Ratio 2176 Terminal Services 2178 Total Sessions 2180 Active Sessions 2182 Inactive Sessions 2184 Distributed Transaction Coordinator 2186 Active Transactions 2188 Committed Transactions 2190 Aborted Transactions 2192 In Doubt Transactions 2194 Active Transactions Maximum 2196 Force Committed Transactions 2198 Force Aborted Transactions 2200 Response Time -- Minimum 2202 Response Time -- Average 2204 Response Time -- Maximum 2206 Transactions/sec 2208 Committed Transactions/sec 2210 Aborted Transactions/sec 2218 .NET CLR Networking 2220 Connections Established 2222 Bytes Received 2224 Bytes Sent 2226 Datagrams Received 2228 Datagrams Sent 2230 .NET CLR Data 2232 SqlClient: Current # pooled and nonpooled connections 2234 SqlClient: Current # pooled connections 2236 SqlClient: Current # connection pools 2238 SqlClient: Peak # pooled connections 2240 SqlClient: Total # failed connects 2242 SqlClient: Total # failed commands 2244 .NET CLR Memory 2246 # Gen 0 Collections 2248 # Gen 1 Collections 2250 # Gen 2 Collections 2252 Promoted Memory from Gen 0 2254 Promoted Memory from Gen 1 2256 Gen 0 Promoted Bytes/Sec 2258 Gen 1 Promoted Bytes/Sec 2260 Promoted Finalization-Memory from Gen 0 2262 Promoted Finalization-Memory from Gen 1 2264 Gen 0 heap size 2266 Gen 1 heap size 2268 Gen 2 heap size 2270 Large Object Heap size 2272 Finalization Survivors 2274 # GC Handles 2276 Allocated Bytes/sec 2278 # Induced GC 2280 % Time in GC 2282 Not Displayed 2284 # Bytes in all Heaps 2286 # Total committed Bytes 2288 # Total reserved Bytes 2290 # of Pinned Objects 2292 # of Sink Blocks in use 2294 .NET CLR Loading 2296 Total Classes Loaded 2298 % Time Loading 2300 Assembly Search Length 2302 Total # of Load Failures 2304 Rate of Load Failures 2306 Bytes in Loader Heap 2308 Total appdomains unloaded 2310 Rate of appdomains unloaded 2312 Current Classes Loaded 2314 Rate of Classes Loaded 2316 Current appdomains 2318 Total Appdomains 2320 Rate of appdomains 2322 Current Assemblies 2324 Total Assemblies 2326 Rate of Assemblies 2328 .NET CLR Jit 2330 # of Methods Jitted 2332 # of IL Bytes Jitted 2334 Total # of IL Bytes Jitted 2336 IL Bytes Jitted / sec 2338 Standard Jit Failures 2340 % Time in Jit 2342 Not Displayed 2344 .NET CLR Interop 2346 # of CCWs 2348 # of Stubs 2350 # of marshalling 2352 # of TLB imports / sec 2354 # of TLB exports / sec 2356 .NET CLR LocksAndThreads 2358 Total # of Contentions 2360 Contention Rate / sec 2362 Current Queue Length 2364 Queue Length Peak 2366 Queue Length / sec 2368 # of current logical Threads 2370 # of current physical Threads 2372 # of current recognized threads 2374 # of total recognized threads 2376 rate of recognized threads / sec 2378 .NET CLR Security 2380 Total Runtime Checks 2382 % Time Sig. Authenticating 2384 # Link Time Checks 2386 % Time in RT checks 2388 Not Displayed 2390 Stack Walk Depth 2392 .NET CLR Remoting 2394 Remote Calls/sec 2396 Channels 2398 Context Proxies 2400 Context-Bound Classes Loaded 2402 Context-Bound Objects Alloc / sec 2404 Contexts 2406 Total Remote Calls 2408 .NET CLR Exceptions 2410 # of Exceps Thrown 2412 # of Exceps Thrown / sec 2414 # of Filters / sec 2416 # of Finallys / sec 2418 Throw To Catch Depth / sec 2420 Indexing Service 2422 Word lists 2424 Saved indexes 2426 Index size (MB) 2428 Files to be indexed 2430 Unique keys 2432 Running queries 2434 Merge progress 2436 # documents indexed 2438 Total # documents 2440 Total # of queries 2442 Deferred for indexing 2444 Indexing Service Filter 2446 Total indexing speed (MB/hr) 2448 Binding time (msec) 2450 Indexing speed (MB/hr) 2452 Http Indexing Service 2454 Cache items 2456 % Cache hits 2458 Total cache accesses 1 2460 % Cache misses 2462 Total cache accesses 2 2464 Active queries 2466 Total queries 2468 Queries per minute 2470 Current requests queued 2472 Total requests rejected 3070 MSSQL$VAIO_VEDB:Buffer Manager 3072 Reserved pages 3074 Checkpoint pages/sec 3076 AWE lookup maps/sec 3078 Page writes/sec 3080 Total pages 3082 AWE unmap calls/sec 3084 Target pages 3086 AWE unmap pages/sec 3088 Buffer cache hit ratio base 3090 Free list stalls/sec 3092 Database pages 3094 Page life expectancy 3096 Buffer cache hit ratio 3098 AWE write maps/sec 3100 Page lookups/sec 3102 Stolen pages 3104 Page reads/sec 3106 Free pages 3108 Lazy writes/sec 3110 Readahead pages/sec 3112 AWE stolen maps/sec 3114 Procedure cache pages 3116 MSSQL$VAIO_VEDB:Buffer Partition 3118 Free pages 3120 Free list requests/sec 3122 Free list empty/sec 3124 MSSQL$VAIO_VEDB:General Statistics 3126 Logins/sec 3128 Logouts/sec 3130 User Connections 3132 MSSQL$VAIO_VEDB:Locks 3134 Lock Wait Time (ms) 3136 Lock Waits/sec 3138 Average Wait Time Base 3140 Number of Deadlocks/sec 3142 Lock Timeouts/sec 3144 Lock Requests/sec 3146 Average Wait Time (ms) 3148 MSSQL$VAIO_VEDB:Databases 3150 Repl. Pending Xacts 3152 DBCC Logical Scan Bytes/sec 3154 Repl. Trans. Rate 3156 Log File(s) Size (KB) 3158 Log Truncations 3160 Percent Log Used 3162 Log Shrinks 3164 Bulk Copy Throughput/sec 3166 Log Flush Wait Time 3168 Active Transactions 3170 Log Cache Reads/sec 3172 Log Flush Waits/sec 3174 Backup/Restore Throughput/sec 3176 Shrink Data Movement Bytes/sec 3178 Log Growths 3180 Transactions/sec 3182 Log Cache Hit Ratio Base 3184 Log Bytes Flushed/sec 3186 Log File(s) Used Size (KB) 3188 Log Cache Hit Ratio 3190 Data File(s) Size (KB) 3192 Bulk Copy Rows/sec 3194 Log Flushes/sec 3196 MSSQL$VAIO_VEDB:Latches 3198 Total Latch Wait Time (ms) 3200 Latch Waits/sec 3202 Average Latch Wait Time (ms) 3204 Average Latch Wait Time Base 3206 MSSQL$VAIO_VEDB:Access Methods 3208 Extents Allocated/sec 3210 Worktables Created/sec 3212 Skipped Ghosted Records/sec 3214 Full Scans/sec 3216 Pages Allocated/sec 3218 Page Splits/sec 3220 Mixed page allocations/sec 3222 Extent Deallocations/sec 3224 Probe Scans/sec 3226 FreeSpace Page Fetches/sec 3228 Worktables From Cache Base 3230 Table Lock Escalations/sec 3232 Page Deallocations/sec 3234 Worktables From Cache Ratio 3236 Index Searches/sec 3238 FreeSpace Scans/sec 3240 Forwarded Records/sec 3242 Workfiles Created/sec 3244 Scan Point Revalidations/sec 3246 Range Scans/sec 3248 MSSQL$VAIO_VEDB:SQL Statistics 3250 Auto-Param Attempts/sec 3252 Batch Requests/sec 3254 SQL Re-Compilations/sec 3256 Unsafe Auto-Params/sec 3258 SQL Compilations/sec 3260 Failed Auto-Params/sec 3262 Safe Auto-Params/sec 3264 MSSQL$VAIO_VEDB:Cache Manager 3266 Cache Use Counts/sec 3268 Cache Hit Ratio Base 3270 Cache Object Counts 3272 Cache Hit Ratio 3274 Cache Pages 3276 MSSQL$VAIO_VEDB:Memory Manager 3278 Maximum Workspace Memory (KB) 3280 Connection Memory (KB) 3282 Memory Grants Pending 3284 Granted Workspace Memory (KB) 3286 SQL Cache Memory (KB) 3288 Optimizer Memory (KB) 3290 Lock Blocks 3292 Total Server Memory (KB) 3294 Lock Owner Blocks Allocated 3296 Lock Memory (KB) 3298 Lock Blocks Allocated 3300 Target Server Memory(KB) 3302 Lock Owner Blocks 3304 Memory Grants Outstanding 3306 MSSQL$VAIO_VEDB:User Settable 3308 Query 3310 MSSQL$VAIO_VEDB:Replication Agents 3312 Running 3314 MSSQL$VAIO_VEDB:Replication Merge 3316 Conflicts/sec 3318 Uploaded Changes/sec 3320 Downloaded Changes/sec 3322 MSSQL$VAIO_VEDB:Replication Logreader 3324 Logreader:Delivery Latency 3326 Logreader:Delivered Trans/sec 3328 Logreader:Delivered Cmds/sec 3330 MSSQL$VAIO_VEDB:Replication Dist. 3332 Dist:Delivered Trans/sec 3334 Dist:Delivery Latency 3336 Dist:Delivered Cmds/sec 3338 MSSQL$VAIO_VEDB:Replication Snapshot 3340 Snapshot:Delivered Trans/sec 3342 Snapshot:Delivered Cmds/sec 3344 MSSQL$VAIO_VEDB:Backup Device 3346 Device Throughput Bytes/sec 3958 .NET Data Provider for Oracle 3960 HardConnectsPerSecond 3962 HardDisconnectsPerSecond 3964 SoftConnectsPerSecond 3966 SoftDisconnectsPerSecond 3968 NumberOfNonPooledConnections 3970 NumberOfPooledConnections 3972 NumberOfActiveConnectionPoolGroups 3974 NumberOfInactiveConnectionPoolGroups 3976 NumberOfActiveConnectionPools 3978 NumberOfInactiveConnectionPools 3980 NumberOfActiveConnections 3982 NumberOfFreeConnections 3984 NumberOfStasisConnections 3986 NumberOfReclaimedConnections 3988 .NET Data Provider for SqlServer 3990 HardConnectsPerSecond 3992 HardDisconnectsPerSecond 3994 SoftConnectsPerSecond 3996 SoftDisconnectsPerSecond 3998 NumberOfNonPooledConnections 4000 NumberOfPooledConnections 4002 NumberOfActiveConnectionPoolGroups 4004 NumberOfInactiveConnectionPoolGroups 4006 NumberOfActiveConnectionPools 4008 NumberOfInactiveConnectionPools 4010 NumberOfActiveConnections 4012 NumberOfFreeConnections 4014 NumberOfStasisConnections 4016 NumberOfReclaimedConnections 5196 ASP.NET State Service 5402 State Server Sessions Active 5404 State Server Sessions Abandoned 5406 State Server Sessions Timed Out 5408 State Server Sessions Total 5410 ASP.NET v2.0.50727 5412 ASP.NET Apps v2.0.50727 5414 Application Restarts 5416 Applications Running 5418 Requests Disconnected 5420 Request Execution Time 5422 Requests Rejected 5424 Requests Queued 5426 Worker Processes Running 5428 Worker Process Restarts 5430 Request Wait Time 5432 State Server Sessions Active 5434 State Server Sessions Abandoned 5436 State Server Sessions Timed Out 5438 State Server Sessions Total 5440 Requests Current 5442 Audit Success Events Raised 5444 Audit Failure Events Raised 5446 Error Events Raised 5448 Request Error Events Raised 5450 Infrastructure Error Events Raised 5452 Anonymous Requests 5454 Anonymous Requests/Sec 5456 Cache Total Entries 5458 Cache Total Turnover Rate 5460 Cache Total Hits 5462 Cache Total Misses 5464 Cache Total Hit Ratio 5466 Cache Total Hit Ratio Base 5468 Cache API Entries 5470 Cache API Turnover Rate 5472 Cache API Hits 5474 Cache API Misses 5476 Cache API Hit Ratio 5478 Cache API Hit Ratio Base 5480 Output Cache Entries 5482 Output Cache Turnover Rate 5484 Output Cache Hits 5486 Output Cache Misses 5488 Output Cache Hit Ratio 5490 Output Cache Hit Ratio Base 5492 Compilations Total 5494 Debugging Requests 5496 Errors During Preprocessing 5498 Errors During Compilation 5500 Errors During Execution 5502 Errors Unhandled During Execution 5504 Errors Unhandled During Execution/Sec 5506 Errors Total 5508 Errors Total/Sec 5510 Pipeline Instance Count 5512 Request Bytes In Total 5514 Request Bytes Out Total 5516 Requests Executing 5518 Requests Failed 5520 Requests Not Found 5522 Requests Not Authorized 5524 Requests In Application Queue 5526 Requests Timed Out 5528 Requests Succeeded 5530 Requests Total 5532 Requests/Sec 5534 Sessions Active 5536 Sessions Abandoned 5538 Sessions Timed Out 5540 Sessions Total 5542 Transactions Aborted 5544 Transactions Committed 5546 Transactions Pending 5548 Transactions Total 5550 Transactions/Sec 5552 Session State Server connections total 5554 Session SQL Server connections total 5556 Events Raised 5558 Events Raised/Sec 5560 Application Lifetime Events 5562 Application Lifetime Events/Sec 5564 Error Events Raised 5566 Error Events Raised/Sec 5568 Request Error Events Raised 5570 Request Error Events Raised/Sec 5572 Infrastructure Error Events Raised 5574 Infrastructure Error Events Raised/Sec 5576 Request Events Raised 5578 Request Events Raised/Sec 5580 Audit Success Events Raised 5582 Audit Failure Events Raised 5584 Membership Authentication Success 5586 Membership Authentication Failure 5588 Forms Authentication Success 5590 Forms Authentication Failure 5592 Viewstate MAC Validation Failure 5594 Request Execution Time 5596 Requests Disconnected 5598 Requests Rejected 5600 Request Wait Time 5602 Cache % Machine Memory Limit Used 5604 Cache % Machine Memory Limit Used Base 5606 Cache % Process Memory Limit Used 5608 Cache % Process Memory Limit Used Base 5610 Cache Total Trims 5612 Cache API Trims 5614 Output Cache Trims 5616 ASP.NET 5618 ASP.NET Applications 5620 Application Restarts 5622 Applications Running 5624 Requests Disconnected 5626 Request Execution Time 5628 Requests Rejected 5630 Requests Queued 5632 Worker Processes Running 5634 Worker Process Restarts 5636 Request Wait Time 5638 State Server Sessions Active 5640 State Server Sessions Abandoned 5642 State Server Sessions Timed Out 5644 State Server Sessions Total 5646 Requests Current 5648 Audit Success Events Raised 5650 Audit Failure Events Raised 5652 Error Events Raised 5654 Request Error Events Raised 5656 Infrastructure Error Events Raised 5658 Anonymous Requests 5660 Anonymous Requests/Sec 5662 Cache Total Entries 5664 Cache Total Turnover Rate 5666 Cache Total Hits 5668 Cache Total Misses 5670 Cache Total Hit Ratio 5672 Cache Total Hit Ratio Base 5674 Cache API Entries 5676 Cache API Turnover Rate 5678 Cache API Hits 5680 Cache API Misses 5682 Cache API Hit Ratio 5684 Cache API Hit Ratio Base 5686 Output Cache Entries 5688 Output Cache Turnover Rate 5690 Output Cache Hits 5692 Output Cache Misses 5694 Output Cache Hit Ratio 5696 Output Cache Hit Ratio Base 5698 Compilations Total 5700 Debugging Requests 5702 Errors During Preprocessing 5704 Errors During Compilation 5706 Errors During Execution 5708 Errors Unhandled During Execution 5710 Errors Unhandled During Execution/Sec 5712 Errors Total 5714 Errors Total/Sec 5716 Pipeline Instance Count 5718 Request Bytes In Total 5720 Request Bytes Out Total 5722 Requests Executing 5724 Requests Failed 5726 Requests Not Found 5728 Requests Not Authorized 5730 Requests In Application Queue 5732 Requests Timed Out 5734 Requests Succeeded 5736 Requests Total 5738 Requests/Sec 5740 Sessions Active 5742 Sessions Abandoned 5744 Sessions Timed Out 5746 Sessions Total 5748 Transactions Aborted 5750 Transactions Committed 5752 Transactions Pending 5754 Transactions Total 5756 Transactions/Sec 5758 Session State Server connections total 5760 Session SQL Server connections total 5762 Events Raised 5764 Events Raised/Sec 5766 Application Lifetime Events 5768 Application Lifetime Events/Sec 5770 Error Events Raised 5772 Error Events Raised/Sec 5774 Request Error Events Raised 5776 Request Error Events Raised/Sec 5778 Infrastructure Error Events Raised 5780 Infrastructure Error Events Raised/Sec 5782 Request Events Raised 5784 Request Events Raised/Sec 5786 Audit Success Events Raised 5788 Audit Failure Events Raised 5790 Membership Authentication Success 5792 Membership Authentication Failure 5794 Forms Authentication Success 5796 Forms Authentication Failure 5798 Viewstate MAC Validation Failure 5800 Request Execution Time 5802 Requests Disconnected 5804 Requests Rejected 5806 Request Wait Time 5808 Cache % Machine Memory Limit Used 5810 Cache % Machine Memory Limit Used Base 5812 Cache % Process Memory Limit Used 5814 Cache % Process Memory Limit Used Base 5816 Cache Total Trims 5818 Cache API Trims 5820 Output Cache Trims 5822 Windows Workflow Foundation 5824 Workflows Created 5826 Workflows Created/sec 5828 Workflows Unloaded 5830 Workflows Unloaded/sec 5832 Workflows Loaded 5834 Workflows Loaded/sec 5836 Workflows Completed 5838 Workflows Completed/sec 5840 Workflows Suspended 5842 Workflows Suspended/sec 5844 Workflows Terminated 5846 Workflows Terminated/sec 5848 Workflows In Memory 5850 Workflows Aborted 5852 Workflows Aborted/sec 5854 Workflows Persisted 5856 Workflows Persisted/sec 5858 Workflows Executing 5860 Workflows Idle/sec 5862 Workflows Runnable 5864 Workflows Pending 5866 ServiceModelEndpoint 3.0.0.0 5868 Calls 5870 Calls Per Second 5872 Calls Outstanding 5874 Calls Failed 5876 Calls Failed Per Second 5878 Calls Faulted 5880 Calls Faulted Per Second 5882 Calls Duration 5884 Calls Duration Base 5886 Transactions Flowed 5888 Transactions Flowed Per Second 5890 Security Validation and Authentication Failures 5892 Security Validation and Authentication Failures Per Second 5894 Security Calls Not Authorized 5896 Security Calls Not Authorized Per Second 5898 Reliable Messaging Sessions Faulted 5900 Reliable Messaging Sessions Faulted Per Second 5902 Reliable Messaging Messages Dropped 5904 Reliable Messaging Messages Dropped Per Second 5906 ServiceModelOperation 3.0.0.0 5908 Calls 5910 Calls Per Second 5912 Calls Outstanding 5914 Calls Failed 5916 Call Failed Per Second 5918 Calls Faulted 5920 Calls Faulted Per Second 5922 Calls Duration 5924 Calls Duration Base 5926 Transactions Flowed 5928 Transactions Flowed Per Second 5930 Security Validation and Authentication Failures 5932 Security Validation and Authentication Failures Per Second 5934 Security Calls Not Authorized 5936 Security Calls Not Authorized Per Second 5938 ServiceModelService 3.0.0.0 5940 Calls 5942 Calls Per Second 5944 Calls Outstanding 5946 Calls Failed 5948 Calls Failed Per Second 5950 Calls Faulted 5952 Calls Faulted Per Second 5954 Calls Duration 5956 Calls Duration Base 5958 Transactions Flowed 5960 Transactions Flowed Per Second 5962 Transacted Operations Committed 5964 Transacted Operations Committed Per Second 5966 Transacted Operations Aborted 5968 Transacted Operations Aborted Per Second 5970 Transacted Operations In Doubt 5972 Transacted Operations In Doubt Per Second 5974 Security Validation and Authentication Failures 5976 Security Validation and Authentication Failures Per Second 5978 Security Calls Not Authorized 5980 Security Calls Not Authorized Per Second 5982 Instances 5984 Instances Created Per Second 5986 Reliable Messaging Sessions Faulted 5988 Reliable Messaging Sessions Faulted Per Second 5990 Reliable Messaging Messages Dropped 5992 Reliable Messaging Messages Dropped Per Second 5994 Queued Poison Messages 5996 Queued Poison Messages Per Second 5998 Queued Messages Rejected 6000 Queued Messages Rejected Per Second 6002 Queued Messages Dropped 6004 Queued Messages Dropped Per Second 6006 SMSvcHost 3.0.0.0 6008 Protocol Failures over net.tcp 6010 Protocol Failures over net.pipe 6012 Dispatch Failures over net.tcp 6014 Dispatch Failures over net.pipe 6016 Connections Dispatched over net.tcp 6018 Connections Dispatched over net.pipe 6020 Connections Accepted over net.tcp 6022 Connections Accepted over net.pipe 6024 Registrations Active for net.tcp 6026 Registrations Active for net.pipe 6028 Uris Registered for net.tcp 6030 Uris Registered for net.pipe 6032 Uris Unregistered for net.tcp 6034 Uris Unregistered for net.pipe 6036 MSDTC Bridge 3.0.0.0 6038 Message send failures/sec 6040 Prepare retry count/sec 6042 Commit retry count/sec 6044 Prepared retry count/sec 6046 Replay retry count/sec 6048 Faults received count/sec 6050 Faults sent count/sec 6052 Average participant prepare response time 6054 Average participant prepare response time Base 6056 Average participant commit response time 6058 Average participant commit response time Base 6060 WMI Objects 6062 HiPerf Classes 6064 HiPerf Validity 6066 BatteryStatus 6068 ChargeRate 6070 DischargeRate 6072 RemainingCapacity 6074 Tag 6076 Voltage 6078 ProcessorPerformance 6080 frequency 6082 percentage 6084 power 6086 ASP.NET v1.1.4322 6088 ASP.NET Apps v1.1.4322 6090 Application Restarts 6092 Applications Running 6094 Requests Disconnected 6096 Request Execution Time 6098 Requests Rejected 6100 Requests Queued 6102 Worker Processes Running 6104 Worker Process Restarts 6106 Request Wait Time 6108 State Server Sessions Active 6110 State Server Sessions Abandoned 6112 State Server Sessions Timed Out 6114 State Server Sessions Total 6116 Requests Current 6118 Anonymous Requests 6120 Anonymous Requests/Sec 6122 Cache Total Entries 6124 Cache Total Turnover Rate 6126 Cache Total Hits 6128 Cache Total Misses 6130 Cache Total Hit Ratio 6132 Cache Total Hit Ratio Base 6134 Cache API Entries 6136 Cache API Turnover Rate 6138 Cache API Hits 6140 Cache API Misses 6142 Cache API Hit Ratio 6144 Cache API Hit Ratio Base 6146 Output Cache Entries 6148 Output Cache Turnover Rate 6150 Output Cache Hits 6152 Output Cache Misses 6154 Output Cache Hit Ratio 6156 Output Cache Hit Ratio Base 6158 Compilations Total 6160 Debugging Requests 6162 Errors During Preprocessing 6164 Errors During Compilation 6166 Errors During Execution 6168 Errors Unhandled During Execution 6170 Errors Unhandled During Execution/Sec 6172 Errors Total 6174 Errors Total/Sec 6176 Pipeline Instance Count 6178 Request Bytes In Total 6180 Request Bytes Out Total 6182 Requests Executing 6184 Requests Failed 6186 Requests Not Found 6188 Requests Not Authorized 6190 Requests In Application Queue 6192 Requests Timed Out 6194 Requests Succeeded 6196 Requests Total 6198 Requests/Sec 6200 Sessions Active 6202 Sessions Abandoned 6204 Sessions Timed Out 6206 Sessions Total 6208 Transactions Aborted 6210 Transactions Committed 6212 Transactions Pending 6214 Transactions Total 6216 Transactions/Sec 6218 Session State Server connections total 6220 Session SQL Server connections total"
[HKEY_USERS\.DEFAULT\Software\Avg]
[HKEY_USERS\.DEFAULT\Software\Avg\Avg8]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-19\Software\Avg]
[HKEY_USERS\S-1-5-19\Software\Avg\Avg8]
[HKEY_USERS\S-1-5-20\Software\Avg]
[HKEY_USERS\S-1-5-20\Software\Avg\Avg8]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Adobe\Acrobat Reader\7.0\AVGeneral]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Adobe\Acrobat Reader\8.0\AVGeneral]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Search Assistant\ACMru\5603]
""000""=="avg"
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AVG Free 8.0]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-21-4018273451-2680207556-3909945764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-18\Software\Avg]
[HKEY_USERS\S-1-5-18\Software\Avg\Avg8]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
-=End Of File=-
Shall I just run combofix? it might work as AVg is clearly not installed, might just be a bug?
Hi Dave
Shall I just run combofix?
yes do it..........
Thanks peku006
ComboFix 09-06-16.02 - Dave 17/06/2009 7:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.581 [GMT 1:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090616-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Dave\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\kb913800.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ACPI32
-------\Legacy_ATI64SI
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_OREANS32
-------\Legacy_PORT135SIK
-------\Legacy_SECURENTM
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK
-------\Service_oreans32
((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.
2009-06-14 18:42 . 2009-06-14 18:42 -------- d-----w- c:\documents and settings\Dave\Application Data\AVG8
2009-06-13 06:29 . 2009-06-13 06:29 -------- d-----w- C:\rsit
2009-06-13 06:26 . 2009-06-13 06:26 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes
2009-06-13 06:26 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-13 06:26 . 2009-06-13 06:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-13 06:26 . 2009-06-13 06:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-13 06:26 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 08:30 . 2009-06-12 08:30 -------- d-----w- c:\program files\ERUNT
2009-06-12 07:30 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-12 07:30 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-12 07:30 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-12 07:30 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-12 07:30 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-12 07:30 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-12 07:30 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-12 07:30 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-12 07:29 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-11 11:14 . 2009-06-11 11:14 -------- d-----w- C:\EmergencyUtils
2009-06-11 10:59 . 2009-06-13 06:29 -------- d-----w- c:\program files\Trend Micro
2009-06-11 10:00 . 2009-06-11 10:00 -------- d-----w- c:\program files\Alwil Software
2009-06-08 06:18 . 2009-06-08 06:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-05-28 16:01 . 2009-05-28 16:01 -------- d-----w- c:\documents and settings\Dave\Application Data\dvdcss
2009-05-27 07:11 . 2009-05-27 07:11 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-27 07:11 . 2009-05-27 07:11 152576 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-05-19 18:05 . 2009-05-19 18:05 32 --s-a-w- c:\windows\system32\3698531482.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 06:53 . 2008-12-14 08:38 -------- d-----w- c:\program files\DNA
2009-06-17 06:53 . 2008-12-14 08:38 -------- d-----w- c:\documents and settings\Dave\Application Data\DNA
2009-06-17 06:42 . 2007-02-01 10:03 -------- d-----w- c:\program files\Steam
2009-06-14 21:58 . 2009-03-26 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-14 18:46 . 2009-02-01 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-06-13 15:34 . 2006-12-19 15:29 -------- d-----w- c:\program files\MSN Messenger
2009-06-11 06:16 . 2006-12-19 12:31 -------- d-----w- c:\program files\Microsoft Works
2009-06-08 17:55 . 2008-12-14 08:44 -------- d-----w- c:\documents and settings\Dave\Application Data\BitTorrent
2009-06-08 17:52 . 2006-07-26 09:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 19:29 . 2008-11-11 10:10 -------- d-----w- c:\documents and settings\Dave\Application Data\LimeWire
2009-05-27 07:11 . 2006-07-26 11:14 -------- d-----w- c:\program files\Java
2009-05-19 18:22 . 2006-12-19 15:17 -------- d-----w- c:\program files\World of Warcraft
2009-05-18 21:00 . 2008-11-04 18:35 81488 ----a-w- c:\documents and settings\Dave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 16:17 . 2009-04-25 08:08 -------- d-----w- c:\program files\Driving Test Success - All Tests (2008-2009)
2009-05-18 16:17 . 2009-04-25 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Driving Test Success
2009-05-14 18:08 . 2009-05-14 18:08 27136 ----a-w- c:\windows\system32\drivers\tapvpn.sys
2009-05-14 16:47 . 2009-05-14 16:47 -------- d-----w- c:\documents and settings\Dave\Application Data\MozillaControl
2009-05-10 21:56 . 2009-05-10 21:56 -------- d-----w- c:\documents and settings\Dave\Application Data\Apple Computer
2009-05-10 21:56 . 2009-05-10 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-10 21:56 . 2009-05-10 21:55 -------- d-----w- c:\program files\iTunes
2009-05-10 21:55 . 2009-05-10 21:55 -------- d-----w- c:\program files\iPod
2009-05-10 21:55 . 2009-05-10 21:54 -------- d-----w- c:\program files\Common Files\Apple
2009-05-10 21:53 . 2009-05-10 21:52 -------- d-----w- c:\program files\QuickTime
2009-05-10 21:52 . 2006-12-29 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-10 21:50 . 2009-05-10 21:50 -------- d-----w- c:\program files\Apple Software Update
2009-05-10 21:50 . 2009-05-10 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-07 15:32 . 2006-07-25 08:28 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 08:57 . 2009-05-05 08:57 -------- d-----w- c:\documents and settings\Dave\Application Data\DivX
2009-05-01 11:56 . 2007-01-20 19:32 -------- d-----w- c:\program files\DivX
2009-05-01 11:55 . 2009-05-01 11:55 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-01 11:38 . 2009-05-01 11:38 -------- d-----w- c:\documents and settings\Dave\Application Data\vlc
2009-05-01 11:37 . 2009-05-01 11:37 -------- d-----w- c:\program files\VideoLAN
2009-04-29 04:46 . 2006-07-25 08:29 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2006-07-25 08:28 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 07:53 . 2009-04-27 07:53 -------- d-----w- c:\documents and settings\Dave\Application Data\AccurateRip
2009-04-27 07:53 . 2009-04-27 07:53 -------- d-----w- c:\program files\Illustrate
2009-04-27 07:52 . 2009-04-27 07:53 5433520 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-04-26 18:13 . 2009-04-26 18:13 -------- d-----w- c:\documents and settings\Dave\Application Data\Samsung
2009-04-26 18:00 . 2009-04-26 17:34 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-04-26 17:32 . 2009-04-26 17:32 -------- d-----w- c:\program files\Samsung
2009-04-25 08:11 . 2006-07-26 11:17 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-22 21:13 . 2009-04-22 21:13 -------- d-----w- c:\documents and settings\Dave\Application Data\gtk-2.0
2009-04-17 12:26 . 2006-07-25 08:29 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 20:25 . 2009-05-01 11:56 129784 ------w- c:\windows\system32\pxafs.dll
2009-04-15 20:25 . 2006-07-26 11:17 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2006-07-26 11:17 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-04-15 20:25 . 2005-11-03 03:00 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-15 14:51 . 2006-07-25 08:29 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-02 15:29 . 2009-04-02 15:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-26 14:23 . 2009-05-10 21:55 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-26 14:23 . 2009-05-10 21:55 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-19 15:32 . 2009-05-10 21:56 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 15:32 . 2009-03-19 15:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-14 342848]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-08-24 870240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-27 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\Dave\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 13:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pulg666\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\WINDOWS\\eHome\\ehmsas.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtMng.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtHsp.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtHid.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosA2dp.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Program Files\\Sony\\VAIO Update 4\\VAIOUpdt.exe"=
"c:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"=
"c:\\Program Files\\Sony\\VAIO Camera Utility\\VCUServe.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Apoint\\Apoint.exe"=
"c:\\Program Files\\Apoint\\ApntEx.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader: 3724
"7499:TCP"= 7499:TCP:BitComet 7499 TCP
"7499:UDP"= 7499:UDP:BitComet 7499 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/06/2009 08:30 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/06/2009 08:30 20560]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [25/07/2006 09:30 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [25/07/2006 09:30 226304]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [19/12/2006 14:53 88960]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [19/12/2006 14:53 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [19/12/2006 14:53 65152]
S3 TSClient;Tatara Protocol Driver;c:\windows\system32\drivers\tsclient.sys --> c:\windows\system32\drivers\tsclient.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: &Search - ?p=ZKfox000
IE: Add RSS Support Site to VAIO Information FLOW - c:\program files\Sony\VAIO Information FLOW\aiesc.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath -
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 07:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\VESWinlogon.dll
- - - - - - - > 'explorer.exe'(2256)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\CF23003.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-06-17 7:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-17 06:59
Pre-Run: 30,347,968,512 bytes free
Post-Run: 30,384,369,664 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
287 --- E O F --- 2009-06-14 21:59
Hi Dave
it seems that you still have AVG Anti-Virus Free installed on your computer........
please try running the avg removal tool from Kaspersky (AVG8_Kleaner.exe), which can be downloaded from here (http://support.kaspersky.com/kis2009/install?qid=208279831)
remove all P2P programs also (c:\program files\DNA)
After that, please t run RSIT again and post here RSIT log.tx
Thanks peku006
Ok It said Grisoft AVG has successfully been removed, I rebooted, uninstalled Bittorrent and DNA and here is the log :)
Logfile of random's system information tool 1.06 (written by random/random)
Run by Dave at 2009-06-17 16:59:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (38%) free of 76 GB
Total RAM: 1022 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:08, on 17/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dave\Desktop\RSIT.exe
C:\Program Files\trend micro\Dave.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.3
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [VAIO Update 4] "C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
--
End of file - 10106 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-05-27 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-27 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-27 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-08 7561216]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-11-17 118784]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"VAIOCameraUtility"=C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe [2005-12-27 69632]
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2006-06-27 217088]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-20 32768]
"Switcher.exe"=C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2006-02-14 176128]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2005-03-03 483328]
"VAIO Update 4"=C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2008-08-24 870240]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-27 136600]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2006-05-08 81920]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2006-02-02 1753088]
C:\Documents and Settings\Dave\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2006-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Steam\SteamApps\pulg666\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\pulg666\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\ehome\ehtray.exe"="C:\WINDOWS\ehome\ehtray.exe:*:Disabled:ENABLE"
"C:\WINDOWS\eHome\ehmsas.exe"="C:\WINDOWS\eHome\ehmsas.exe:*:Disabled:ENABLE"
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe"="C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe:*:Disabled:ENABLE"
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe"="C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe:*:Disabled:ENABLE"
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe"="C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe:*:Disabled:ENABLE"
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe"="C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe:*:Disabled:ENABLE"
"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe:*:Disabled:ENABLE"
"C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe"="C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe:*:Disabled:ENABLE"
"C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe:*:Disabled:ENABLE"
"C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe:*:Disabled:ENABLE"
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe:*:Disabled:ENABLE"
"C:\Program Files\iTunes\iTunesHelper.exe"="C:\Program Files\iTunes\iTunesHelper.exe:*:Disabled:ENABLE"
"C:\Program Files\Apoint\Apoint.exe"="C:\Program Files\Apoint\Apoint.exe:*:Disabled:ENABLE"
"C:\Program Files\Apoint\ApntEx.exe"="C:\Program Files\Apoint\ApntEx.exe:*:Disabled:ENABLE"
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe:*:Disabled:ENABLE"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2009-06-17 07:59:15 ----A---- C:\ComboFix.txt
2009-06-17 07:45:56 ----A---- C:\Boot.bak
2009-06-17 07:45:47 ----RASHD---- C:\cmdcons
2009-06-17 07:44:06 ----A---- C:\WINDOWS\zip.exe
2009-06-17 07:44:06 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-17 07:44:06 ----A---- C:\WINDOWS\SWSC.exe
2009-06-17 07:44:06 ----A---- C:\WINDOWS\SWREG.exe
2009-06-17 07:44:06 ----A---- C:\WINDOWS\sed.exe
2009-06-17 07:44:06 ----A---- C:\WINDOWS\PEV.exe
2009-06-17 07:44:06 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-17 07:44:06 ----A---- C:\WINDOWS\grep.exe
2009-06-17 07:43:59 ----A---- C:\WINDOWS\system32\CF23003.exe
2009-06-14 19:42:22 ----D---- C:\Documents and Settings\Dave\Application Data\AVG8
2009-06-14 17:23:32 ----D---- C:\Qoobox
2009-06-13 07:29:10 ----D---- C:\rsit
2009-06-13 07:26:27 ----D---- C:\Documents and Settings\Dave\Application Data\Malwarebytes
2009-06-13 07:26:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-13 07:26:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-12 09:30:50 ----D---- C:\WINDOWS\ERDNT
2009-06-12 09:30:15 ----D---- C:\Program Files\ERUNT
2009-06-12 08:29:48 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-06-12 08:06:41 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-11 12:14:22 ----D---- C:\EmergencyUtils
2009-06-11 11:59:52 ----D---- C:\Program Files\Trend Micro
2009-06-11 11:28:35 ----D---- C:\WINDOWS\pss
2009-06-11 11:00:45 ----D---- C:\Program Files\Alwil Software
2009-06-11 07:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 07:15:25 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-11 07:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 07:14:21 ----A---- C:\WINDOWS\system32\MRT.INI
2009-06-11 07:11:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 07:11:35 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-05-28 17:01:36 ----D---- C:\Documents and Settings\Dave\Application Data\dvdcss
2009-05-27 08:11:56 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-27 08:11:56 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-27 08:11:56 ----A---- C:\WINDOWS\system32\java.exe
2009-05-27 08:11:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-20 16:58:41 ----A---- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests Uninstall Log.txt
======List of files/folders modified in the last 1 months======
2009-06-17 16:59:57 ----D---- C:\WINDOWS\Prefetch
2009-06-17 16:59:30 ----RD---- C:\Program Files
2009-06-17 16:57:43 ----D---- C:\Program Files\Mozilla Firefox
2009-06-17 16:57:19 ----A---- C:\WINDOWS\ModemLog_Standard 33600 bps Modem.txt
2009-06-17 16:57:14 ----A---- C:\WINDOWS\ModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt
2009-06-17 16:57:13 ----A---- C:\WINDOWS\ModemLog_Standard 33600 bps Modem #2.txt
2009-06-17 16:57:11 ----D---- C:\WINDOWS\Temp
2009-06-17 16:57:11 ----D---- C:\WINDOWS
2009-06-17 16:56:41 ----D---- C:\WINDOWS\Registration
2009-06-17 16:55:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-17 16:54:04 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-17 08:03:16 ----D---- C:\Program Files\Steam
2009-06-17 07:59:18 ----D---- C:\WINDOWS\system32\drivers
2009-06-17 07:54:06 ----A---- C:\WINDOWS\system.ini
2009-06-17 07:53:56 ----D---- C:\WINDOWS\system32
2009-06-17 07:51:03 ----D---- C:\WINDOWS\system32\config
2009-06-17 07:49:48 ----D---- C:\WINDOWS\AppPatch
2009-06-17 07:49:43 ----D---- C:\Program Files\Common Files
2009-06-17 07:45:56 ----RASH---- C:\boot.ini
2009-06-14 22:59:00 ----SHD---- C:\WINDOWS\Installer
2009-06-14 22:59:00 ----D---- C:\Config.Msi
2009-06-14 22:58:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-06-14 19:48:01 ----SD---- C:\Documents and Settings\Dave\Application Data\Microsoft
2009-06-14 19:46:51 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2009-06-13 16:34:28 ----D---- C:\Program Files\MSN Messenger
2009-06-11 13:23:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-11 12:45:39 ----A---- C:\WINDOWS\win.ini
2009-06-11 10:15:49 ----HD---- C:\WINDOWS\inf
2009-06-11 07:16:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-11 07:16:29 ----D---- C:\Program Files\Microsoft Works
2009-06-11 07:15:38 ----A---- C:\WINDOWS\imsins.BAK
2009-06-11 07:15:14 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-08 18:52:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-08 18:52:13 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-07 20:54:07 ----RD---- C:\WINDOWS\I386
2009-06-07 20:54:07 ----D---- C:\WINDOWS\Help
2009-06-01 17:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-31 10:29:49 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile USB Modem.txt
2009-05-28 21:05:44 ----D---- C:\WINDOWS\network diagnostic
2009-05-27 20:29:19 ----D---- C:\Documents and Settings\Dave\Application Data\LimeWire
2009-05-27 08:11:35 ----D---- C:\Program Files\Java
2009-05-20 07:42:56 ----A---- C:\WINDOWS\WININIT.INI
2009-05-19 19:22:15 ----D---- C:\Program Files\World of Warcraft
2009-05-18 17:17:41 ----D---- C:\Program Files\Driving Test Success - All Tests (2008-2009)
2009-05-18 17:17:41 ----D---- C:\Documents and Settings\All Users\Application Data\Driving Test Success
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-04-26 5632]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-22 108767]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-18 202112]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-08 3661312]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 SonyImgF;Sony Image Conversion Filter Driver; C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 30080]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-25 1177032]
R3 ti21sony;ti21sony; C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 226304]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-11-24 47104]
R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-02-03 108928]
R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-12-14 37632]
R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-02-08 62848]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-01-31 39808]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvm321;Sony Visual Communication Camera VGP-VCC1; C:\WINDOWS\System32\Drivers\usbvm321.sys [2005-12-29 234496]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Dave\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-07-06 176128]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2006-10-02 88960]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2006-10-02 88960]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface; C:\WINDOWS\system32\DRIVERS\ewusbapp.sys [2006-03-28 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface; C:\WINDOWS\system32\DRIVERS\ewusbser.sys [2006-03-28 65152]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-03-28 36736]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2009-05-14 27136]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-11-11 52864]
S3 TSClient;Tatara Protocol Driver; C:\WINDOWS\system32\drivers\tsclient.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-27 152984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-08 143428]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2006-04-13 176128]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 VCI;VAIO Cooporated Initialisation; C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe [2005-01-04 398336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-04-27 53337]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-04-27 49241]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-04-27 69718]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2006-06-13 2084864]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2006-05-18 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2006-05-18 770048]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2006-06-07 155648]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-18 66872]
S4 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe []
-----------------EOF-----------------
Hi Dave
1 - Remove bad HijackThis entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
2 - Clean temp files
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
3 - Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the Kaspersky online scanner report
2. a fresh HijackThis log
How's the computer running now? Any problems?
Thanks peku006
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, June 17, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, June 17, 2009 18:46:42
Records in database: 2358044
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
Scan statistics:
Files scanned: 93896
Threat name: 1
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 01:45:28
File name / Threat name / Threats count
C:\Program Files\ISP\Orange\Preload.EXE Infected: not-a-virus:AdWare.Win32.BHO.ahy 4
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:10, on 17/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Dave\Desktop\renamed.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [VAIO Update 4] "C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
--
End of file - 9739 bytes
Hi, yes my computer is now running much much much smoother and faster, I have no errors or any pop ups any more, its brilliant, thank you so much for your help, its much appreciated! your work is amazing. Thank you so much.
1 last thing, when i open the task manager (ctrl+alt+del) It does not open fully, I have inserted a link to the image of a screen shot showing what my task manager looks like.
http://img26.imageshack.us/i/taskmanagers.jpg/
Thanks again!
Hi Dave
Great that your computer works better......
I am not quite sure why your task manager is not working properly....let´s try this
Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here: http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe Double-click FixPolicies.exe.
Click the Install button on the bottom toolbar of the box that will open.
The program will create a new Folder called FixPolicies.
Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
A black box should briefly appear and then close. This will enable your Control Panel and stop the Administrative warnings, at least until the malware infection resets the registry policy keys again. You can run this as many times as you like. A permanent fix requires removing the infection.
post back if it helped.
Thanks peku006
No did not seem to work :(
wouldn't the infection be removed by doing all them scans?
Hi Dave
At this stage your machine looks to be clean of malware, so the problems you are experiencing are not likely to be malware related. I think the best and fastest solution for you is to post on a PC troubleshooting forum like the Browsers, Internet & email forum (http://forums.whatthetech.com/Browsers_Internet_and_email_f123.html) at WhatTheTech (http://forums.whatthetech.com/forums.html). They specialize in handling problems like this so you are certain to get expert assistance and a speedy resolution is very likely.
I'm sorry that I could not be of more help to you, and I wish you the best of luck with solving your computer problems. If you have any questions or require any other assistance please let me know.
Thanks peku006
Hi Peku, ok I will do that, you have been the biggest help, thank you so much. I will donate some money for you guys because your volunteer work is excellent. Thanks.
Dave.
Hi Dave
the scans are fine and it looks like your machine is clean :yahoo:
Now lets uninstall ComboFix:
Click START then RUN
Now type Combofix /u in the runbox and click OK
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:
Turn off System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
This will remove all restore points except the new one you just created.
Here are some free programs I recommend that could help you improve your computer's security.
Spybot Search and Destroy
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)
Install SpyWare Blaster
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Install WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)
Install FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)
Install MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)
Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.
Happy safe surfing! :bigthumb: