about .blank [Archive] - Safer-Networking Forums

View Full Version : about .blank

neil09

2011-12-03, 10:17

Help please
have run full scans Malwarebytes, spybot and avg

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Harrison at 21:58:35 on 2011-12-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1698 [GMT 13:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\afasrv32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\tcnz\McciTrayApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nz.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [tcnz_McciTrayApp] c:\program files\tcnz\McciTrayApp.exe
mRun: [LTMSG] LTMSG.exe 7
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\harrison\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: motive.com\ptcnztbc.tcnz
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7DF3C198-92CE-4706-9203-8EC6881273EC} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
S3 cpuz132;cpuz132;\??\c:\docume~1\harrison\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\harrison\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [2008-12-12 23552]
S3 USTORAGE;UMass Storage Device;c:\windows\system32\drivers\UStorage.sys [2009-4-14 31104]
.
=============== Created Last 30 ================
.
2011-12-03 00:32:54 32824 ----a-w- c:\windows\system32\rrMon.sys
2011-12-03 00:32:48 -------- d-----w- c:\program files\Registrar Registry Manager
2011-11-20 19:15:26 -------- d-----w- c:\program files\Ghost Mouse Auto Clicker
2011-11-14 17:53:51 -------- d-----w- c:\documents and settings\all users\application data\DVD-Cloner
2011-11-14 17:53:46 -------- d-----w- c:\documents and settings\harrison\application data\DVD-Cloner
2011-11-14 17:53:43 -------- d-----w- c:\program files\DVD-Cloner
2011-11-13 08:15:19 -------- d-----w- c:\documents and settings\harrison\local settings\application data\WMTools Downloaded Files
2011-11-10 01:37:54 -------- d-----w- c:\windows\system32\cache
.
==================== Find3M ====================
.
2011-11-15 18:37:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-06 17:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-03 17:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-25 22:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-25 22:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-25 22:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-12 17:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 22:01:49.00 ===============

mambass

2011-12-06, 14:33

Hi Neil, :)

Welcome to Safer-Networking's Malware Removal forum.

My nickname is mambass and I'll be helping you with any malware problems.

Before we begin...please read and follow these important guidelines so things will proceed smoothly.

If you haven't done so already, please read the topic BEFORE You POST (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.
The instructions being given are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
Please read all instructions carefully before executing them and perform the steps in the order given.
lf you have any questions or problems executing these instructions then <<STOP>> do not proceed but rather post back with the question or problem.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured that any links I give are safe.
You must have Administrator rights permissions for this computer.
DO NOT run any other fix or removal tools unless instructed to do so!
DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Only post your problem at one (1) help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread. Do not start another thread.
The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
You might want to place a link to this thread in your Favorites/Bookmarks for easy access.
No Reply Within 3 Days Will Result In Your Topic Being Closed! Please let me know in advance if you will not be able to reply within this time limit.
The logs I request can take a while to research so please be patient.
I am currently in training at Malware Removal University (http://www.malwareremoval.com/). Each set of instructions that I provide will be reviewed by a faculty member before being posted to this thread. This process may add a small amount of time to my replies. On the positive side you will have two people working together to resolve your malware issues.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection. I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system or to necessitate you taking your computer to a repair shop.
Because of this I advise you to backup any personal files and folders before you start.

How to back up or transfer your data on a Windows-based computer (http://support.microsoft.com/kb/971759)

-----------------------------------------------------------

I am currently reviewing your log and will return as soon as possible with additional instructions.

Thanks,

mambass

neil09

2011-12-09, 14:12

Thanks for your help

mambass

2011-12-09, 16:02

Hi Neil,

Thanks for your help You're welcome. :)

Punkbuster warning
I see you have Punkbuster (http://en.wikipedia.org/wiki/PunkBuster) installed.( read the section on Published features) This is spyware. Punkbuster can take control over various aspects of your computer, and some gaming tools not unlike Punkbuster also hinder their removals. By the definition we handle here, Punkbuster is actual spyware. Therefore, I now ask you to decide the following:
Either we try to leave Punkbuster alone but there is no guarantee a spyware component doesn't 'accidentally' get taken out; so Punkbuster might break. This will, of course, also break your ability to play games using Punkbuster enabled servers.
Or we can just remove Punkbuster. You can reinstall it afterwards if you wish, but please keep in mind that It is spyware.
Another option is to not clean this computer at all. This ensures Punkbuster will continue to function. If you choose this option then please mention that in your reply and you can ignore the remaining steps below.
Please let me know what you would like to do.

Description of problems
Please provide a description of the problems you are experiencing that have brought you here. The description does not need to be technically detailed but, if your computer has given you any Error Codes or flashed up any messages, then the exact wording of them can be very useful and you should include them.

Run a Scan with OTL

Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) by OldTimer and save it to your desktop.
Double click on the OTL icon on your Desktop to run it.
Check the boxes labeled : Scan All Users
LOP check
Purity check
Extra Registry > Use SafeList
Make sure all other windows are closed to let it run uninterrupted.
Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

Run a scan with GMER

Please download the GMER Rootkit Scanner from here (http://www2.gmer.net/download.php).
Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than the System drive (which is typically C:\)
Show All (don't miss this one)
See image below
http://i314.photobucket.com/albums/ll435/melboy08/GMER_2.png

Then click the Scan button & wait for it to finish
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in your next reply
Note: Do not run any other programs while Gmer is running.

Please include in your reply:

The text of any error messages and/or a description of any problems you encountered while performing these steps.
Your decision concerning cleaning your system given PunkBuster is installed.
A description of the problems you are experiencing with this computer.
The contents of the OTL.txt and Extras.txt logs.
The contents of the Gmer.txt log.
After posting your reply message, please verify that the last line of the last report is present in the post. If any log is cut off then please post the logs in sections.

mambass

neil09

2011-12-09, 22:28

mambass

would like to remove punkbuster. Dont know when or how it was installed on system

Problem is that When i close and sometimes open a window with explorer about.blank starts loading pages

OTL logfile created on: 10/12/2011 10:08:13 a.m. - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Harrison\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.34% Memory free
2.85 Gb Paging File | 2.32 Gb Available in Paging File | 81.20% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 25.95 Gb Free Space | 34.82% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 175.16 Gb Free Space | 37.61% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 26.76 Gb Free Space | 17.95% Space Free | Partition Type: NTFS

Computer Name: PC-ED35CABDA717 | User Name: Harrison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/10 10:04:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harrison\Desktop\OTL.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/10/16 08:44:22 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\afasrv32.exe
PRC - [2008/06/21 08:23:45 | 001,464,832 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\tcnz\McciTrayApp.exe
PRC - [2008/04/14 13:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 20:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/05/18 10:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2004/11/15 23:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/07/14 11:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
MOD - [2011/10/16 08:44:22 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\afasrv32.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (usnjsvc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/05/25 16:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\afasrv32.exe -- (AfaService)
SRV - [2007/08/09 20:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/18 10:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/04/12 03:40:28 | 000,019,200 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2010/04/12 03:17:36 | 000,324,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2010/01/09 12:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/04/14 04:05:22 | 000,031,104 | ---- | M] (USB Mass Storage.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UStorage.sys -- (USTORAGE)
DRV - [2008/12/12 12:26:10 | 000,023,552 | ---- | M] (defrag Development Team) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dfg.sys -- (dfg)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/07 04:50:26 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/05/07 04:50:26 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/04/11 10:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2007/02/27 15:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/05/03 14:49:57 | 000,166,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2006/02/21 21:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/18 00:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 11:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/07/09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/12/12 20:03:10 | 000,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nz.yahoo.com/
IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://nz.yahoo.com/
IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/22 08:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2011/11/04 15:10:14 | 000,000,000 | ---D | M]

[2010/07/20 13:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Harrison\Application Data\Mozilla\Extensions
[2010/01/12 13:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Harrison\Application Data\Mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Yahoo! Search ()
CHR - default_search_provider: search_url = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2011/11/20 20:08:56 | 000,437,905 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15063 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [tcnz_McciTrayApp] C:\Program Files\tcnz\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Harrison\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..Trusted Domains: motive.com ([ptcnztbc.tcnz] http in Trusted sites)
O15 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Value error.)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DF3C198-92CE-4706-9203-8EC6881273EC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Harrison/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Harrison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Harrison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/14 15:59:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/30 14:45:31 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 01:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/10 10:03:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Harrison\Desktop\OTL.exe
[2011/12/03 22:26:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/03 22:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/03 22:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/12/03 13:32:54 | 000,032,824 | ---- | C] (Resplendence Software Projects Sp) -- C:\WINDOWS\System32\rrMon.sys
[2011/12/03 13:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registrar Registry Manager
[2011/12/03 13:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2011/11/21 19:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/21 08:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Ghost Mouse Auto Clicker
[2011/11/21 08:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ghost Mouse Auto Clicker
[2011/11/16 08:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Desktop\I'm with You [Limited Edition]
[2011/11/15 06:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD-Cloner
[2011/11/15 06:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Application Data\DVD-Cloner
[2011/11/15 06:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD-Cloner
[2011/11/15 06:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\DVD-Cloner
[2011/11/13 21:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Local Settings\Application Data\WMTools Downloaded Files
[2011/11/10 14:37:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2010/01/03 07:52:49 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Harrison\Application Data\pcouffin.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/10 10:19:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6A4810CF-FB95-456B-B035-835C578DDBD1}.job
[2011/12/10 10:04:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harrison\Desktop\OTL.exe
[2011/12/10 10:04:07 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe
[2011/12/10 09:38:03 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/10 09:25:49 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/10 09:25:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/10 09:22:04 | 111,718,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/09 19:55:01 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/04 18:52:08 | 000,250,667 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/03 22:26:02 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/12/03 18:42:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\dvdtest10024.dat
[2011/11/22 08:25:25 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/21 19:40:44 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/21 08:15:26 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ghost Mouse Auto Clicker.lnk
[2011/11/20 20:17:33 | 000,000,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/11/20 20:08:56 | 000,437,905 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/16 07:37:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/13 22:42:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/13 22:08:01 | 000,239,104 | ---- | M] () -- C:\Documents and Settings\Harrison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/13 20:39:15 | 000,013,747 | ---- | M] () -- C:\Documents and Settings\Harrison\Desktop\imagesCAI50S1J.jpg
[2011/11/13 19:38:54 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\Harrison\Desktop\New Microsoft Office Publisher Document.pub
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/10 10:04:01 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe
[2011/12/03 22:26:02 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/12/03 13:32:49 | 000,120,376 | ---- | C] () -- C:\WINDOWS\System32\rrsec.dll
[2011/12/03 13:32:49 | 000,097,888 | ---- | C] () -- C:\WINDOWS\System32\rrsec2k.exe
[2011/11/21 19:40:44 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/21 08:15:26 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ghost Mouse Auto Clicker.lnk
[2011/11/20 20:17:23 | 000,000,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/11/14 12:30:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dvdtest10024.dat
[2011/11/13 20:41:31 | 000,013,747 | ---- | C] () -- C:\Documents and Settings\Harrison\Desktop\imagesCAI50S1J.jpg
[2011/11/13 19:38:54 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\Harrison\Desktop\New Microsoft Office Publisher Document.pub
[2011/10/16 11:59:25 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/10/09 14:54:27 | 000,176,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/14 15:21:50 | 000,012,800 | ---- | C] () -- C:\WINDOWS\sysutils.dll
[2011/04/18 14:28:38 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/02/26 13:38:49 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/27 08:28:27 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/09/21 19:59:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2010/09/17 19:54:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/20 13:54:12 | 000,012,264 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/07/20 13:44:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/20 12:53:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
[2010/02/12 21:32:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2010/01/03 07:52:49 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\inst.exe
[2010/01/03 07:52:49 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\pcouffin.cat
[2010/01/03 07:52:49 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\pcouffin.inf
[2009/07/19 14:59:22 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\FixVTS.ini
[2009/07/13 19:09:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\afasrv32.exe
[2009/06/27 20:09:03 | 000,066,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/13 10:39:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/02/26 09:58:44 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/02/26 09:58:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/27 19:59:01 | 000,094,083 | ---- | C] () -- C:\WINDOWS\hpqins11.dat.temp
[2009/01/27 19:40:32 | 000,094,065 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2009/01/19 07:12:19 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Harrison\Local Settings\Application Data\fusioncache.dat
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/31 17:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/12/29 12:29:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/12/25 10:40:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/25 10:40:40 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/24 09:49:07 | 000,139,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/12/24 09:48:59 | 000,189,672 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/12/24 09:48:51 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/12/20 10:02:50 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/12/05 22:54:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/05 16:02:36 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008/11/24 18:54:52 | 000,093,684 | ---- | C] () -- C:\WINDOWS\hpqins07.dat.temp
[2008/11/24 18:31:37 | 000,117,048 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/11/24 18:24:05 | 000,117,579 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2008/11/24 18:24:05 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2008/11/24 18:21:31 | 000,093,684 | ---- | C] () -- C:\WINDOWS\hpqins07.dat
[2008/10/26 12:07:54 | 000,009,379 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (DOS).EML
[2008/10/26 12:05:54 | 000,009,387 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Tab Separated Values (Windows).EML
[2008/10/26 12:00:57 | 000,038,502 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Tab Separated Values (Windows).ADR
[2008/07/25 13:53:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/19 12:15:33 | 000,094,083 | ---- | C] () -- C:\WINDOWS\hpqins11.dat
[2008/07/19 11:49:59 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/07/18 15:50:20 | 000,239,104 | ---- | C] () -- C:\Documents and Settings\Harrison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/15 03:47:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/15 03:45:51 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/14 22:54:47 | 000,038,463 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (Windows).ADR
[2008/07/14 22:51:01 | 000,021,750 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (Windows).EML
[2008/07/14 16:15:56 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/07/14 16:09:07 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/07/14 16:09:03 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/07/14 16:09:03 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/07/14 16:08:53 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2008/07/14 16:05:27 | 000,003,335 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/14 16:05:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/07/14 16:00:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/14 15:56:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/12 23:09:25 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/05/05 23:10:17 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/01/19 03:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005/10/07 08:13:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2005/10/07 08:13:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/08/05 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/05 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/05 01:00:00 | 000,505,478 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/05 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/05 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/05 01:00:00 | 000,087,692 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/05 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/05 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/05 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/05 01:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/05 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/05 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/06/14 15:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/10/16 09:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/11/05 10:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/20 15:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/07/14 08:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/11/05 10:27:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/15 06:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD-Cloner
[2011/02/26 13:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/12/03 08:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/02/07 10:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/12/10 09:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/01/12 12:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2008/07/27 14:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/18 15:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/08/07 19:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2009/01/06 08:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/10/28 20:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/10/15 12:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2010/08/12 12:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/26 18:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/07 04:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/23 21:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\asoftech
[2011/10/16 08:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG Secure Search
[2011/10/16 08:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG2012
[2010/03/23 08:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG9
[2010/02/18 10:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Azureus
[2008/07/19 14:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/15 06:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\DVD-Cloner
[2011/10/20 13:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft
[2011/03/07 15:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\DVDVideoSoftIEHelpers
[2010/02/12 20:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\FrostWire
[2010/07/20 12:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\FUJIFILM
[2011/05/26 20:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\HandBrake
[2011/11/07 14:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Image Zone Express
[2011/02/07 18:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\IObit
[2009/10/21 19:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\MSNInstaller
[2011/08/07 19:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Netscape
[2010/01/18 17:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Nokia
[2010/01/14 22:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\PC Suite
[2011/11/08 09:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\PriceGong
[2011/11/13 22:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\RipIt4Me
[2011/02/26 18:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Sony Online Entertainment
[2009/01/06 08:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Ulead Systems
[2011/10/15 12:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Uniblue
[2011/08/20 15:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Vso
[2010/06/18 10:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Windows Desktop Search
[2010/06/18 17:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Windows Search
[2011/07/23 21:17:34 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\AsoftechAutoClicker_4.job
[2011/12/10 10:19:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6A4810CF-FB95-456B-B035-835C578DDBD1}.job

========== Purity Check ==========

< End of report >

neil09

2011-12-09, 22:32

OTL Extras logfile created on: 10/12/2011 10:08:13 a.m. - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Harrison\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.34% Memory free
2.85 Gb Paging File | 2.32 Gb Available in Paging File | 81.20% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 25.95 Gb Free Space | 34.82% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 175.16 Gb Free Space | 37.61% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 26.76 Gb Free Space | 17.95% Space Free | Partition Type: NTFS

Computer Name: PC-ED35CABDA717 | User Name: Harrison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:BF2
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\raven__69\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\raven__69\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.EXE" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.EXE:*:Disabled:Age of Empires II -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe Edition
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{1935BDD9-9F57-4BF6-AE59-ED07860D33EE}_is1" = Ghost Mouse Auto Clicker 3.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{336091F7-459B-48D1-A6EB-04E4A9D727EB}" = TR150-Call Center
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A71E27C-07D2-4CB8-ACA9-165242416758}" = Digital Video
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}" = PC Connectivity Solution
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{534C6D59-D6E3-48A6-AD0B-747799019960}" = XVID Codec Installation
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{5F1ECD36-0DFA-4C58-830B-0F089083407F}" = AVG 2012
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}" = OviMPlatform
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}" = Nokia Ovi Suite
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F1C3541D-5B93-4131-B440-692FBA3DD250}" = Ovi Desktop Sync Engine
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Activision_StarTrekArmadaUninstallKey" = Star Trek: Armada
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"Card Icon Program_is1" = Card Icon Program 1.2
"conduitEngine" = Conduit Engine
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD-Cloner 8_is1" = DVD-Cloner V8.70 Build 1016
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ERUNT_is1" = ERUNT 1.1j
"Federal 2010 Ammunition" = Federal 2010 Ammunition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
"IObit Security 360_is1" = IObit Security 360
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Photodex Presenter" = Photodex Presenter
"Picasa 3" = Picasa 3
"Planescape - Torment" = Planescape - Torment
"PROR" = Microsoft Office Professional 2007
"Registrar_is1" = Registrar Registry Manager 6.52
"RegZooka" = RegZooka
"Starcraft" = Starcraft
"Steam App 240" = Counter-Strike: Source
"Tag&Rename_is1" = Tag&Rename 3.1.7
"Telecom Help Assistant" = Telecom Help Assistant
"Total Annihilation: Kingdoms" = Total Annihilation: Kingdoms
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-Clone Wars" = Clone Wars

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/10/2011 7:06:41 p.m. | Computer Name = PC-ED35CABDA717 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\HARRISON\DESKTOP\REGISTRYBOOSTER.EXE>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 14/10/2011 7:06:41 p.m. | Computer Name = PC-ED35CABDA717 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\HARRISON\DESKTOP\REGISTRYBOOSTER.EXE>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/11/2011 3:29:27 a.m. | Computer Name = PC-ED35CABDA717 | Source = IS360service | ID = 0
Description =

Error - 9/11/2011 4:46:28 a.m. | Computer Name = PC-ED35CABDA717 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 9/11/2011 4:19:03 p.m. | Computer Name = PC-ED35CABDA717 | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3625 - Fatal Execution Engine Error
(7A0BC59E) (80131506)

Error - 11/11/2011 12:20:30 a.m. | Computer Name = PC-ED35CABDA717 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module SPhoneParser.dll, version 1.0.1.184, fault address 0x00077316.

Error - 17/11/2011 4:10:23 p.m. | Computer Name = PC-ED35CABDA717 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 20/11/2011 6:45:22 p.m. | Computer Name = PC-ED35CABDA717 | Source = EventSystem | ID = 4618
Description = The COM+ Event System raised an unexpected access violation at address
0x7C91072F, attempting to access address 0x00165195. Please contact Microsoft
Product Support Services to report this error. ntdll!wcsncpy+0x1b0 ntdll!wcsncpy+0x2cd
ole32!ComPs_NdrDllCanUnloadNow+0xdb
ole32!CoTaskMemFree+0x13
es!DllGetClassObject+0x4e5d
es!DllGetClassObject+0x687b
sens!+0x3352
sens!+0x31a7
ole32!FreePropVariantArray+0x7be
es!+0x109f3
es!+0x10d95
es!+0x294a1
es!+0x29519
ole32!FreePropVariantArray+0x7be
es!+0xe884
es!+0x12a86
es!+0x12b10
ole32!FreePropVariantArray+0x6fb
ole32!FreePropVariantArray+0x5de
es!+0x2b0b1
es!+0x2b394
es!+0x2b4d8
kernel32!GetModuleFileNameA+0x1ba

Error - 20/11/2011 6:45:39 p.m. | Computer Name = PC-ED35CABDA717 | Source = WinMgmt | ID = 24
Description = Event provider attempted to register query "select * from __InstanceOperationEvent"
whose target class "__InstanceOperationEvent" does not exist. The query will be ignored.

Error - 21/11/2011 4:39:11 p.m. | Computer Name = PC-ED35CABDA717 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ OSession Events ]
Error - 17/12/2009 1:59:34 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 720
seconds with 120 seconds of active time. This session ended with a crash.

Error - 22/02/2010 3:53:53 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/03/2010 4:30:06 a.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10871
seconds with 480 seconds of active time. This session ended with a crash.

Error - 9/10/2010 6:08:32 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/11/2010 3:45:16 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 57
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/01/2011 9:14:16 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 70
seconds with 0 seconds of active time. This session ended with a crash.

Error - 23/03/2011 2:51:04 a.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5465
seconds with 300 seconds of active time. This session ended with a crash.

Error - 9/07/2011 8:30:48 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3802
seconds with 180 seconds of active time. This session ended with a crash.

Error - 20/07/2011 11:59:19 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 10201
seconds with 420 seconds of active time. This session ended with a crash.

Error - 11/09/2011 3:02:35 a.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 8835
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/11/2011 4:22:38 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 9/11/2011 5:36:45 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 9/11/2011 5:36:48 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 10/11/2011 3:40:48 a.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 10/11/2011 3:40:52 a.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 10/11/2011 3:42:24 a.m. | Computer Name = PC-ED35CABDA717 | Source = DCOM | ID = 10010
Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register
with DCOM within the required timeout.

Error - 10/11/2011 2:49:19 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 10/11/2011 2:49:21 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 10/11/2011 5:39:35 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 10/11/2011 5:39:38 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

< End of report >

neil09

2011-12-10, 07:24

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-10 19:22:15
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-00JHA0 rev.05.01C05
Running: bq5tr07d.exe; Driver: C:\DOCUME~1\Harrison\LOCALS~1\Temp\awlcypob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAE419F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAE419FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAE41A080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAE41A11C]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\AVG Secure Search\vprot.exe[172] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG Secure Search\vprot.exe[172] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\AVG Secure Search\vprot.exe[172] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG Secure Search\vprot.exe[172] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\AVG Secure Search\vprot.exe[172] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02130001
.text C:\Program Files\AVG Secure Search\vprot.exe[172] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\AVG Secure Search\vprot.exe[172] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\AVG Secure Search\vprot.exe[172] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\AVG Secure Search\vprot.exe[172] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG Secure Search\vprot.exe[172] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\AVG Secure Search\vprot.exe[172] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\AVG Secure Search\vprot.exe[172] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[228] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[228] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[228] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[228] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[228] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AD0001
.text C:\WINDOWS\system32\ctfmon.exe[228] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[228] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[228] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[228] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[228] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[228] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[228] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FD0001
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[240] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe[424] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1712] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1712] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[1712] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1712] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\Ati2evxx.exe[1712] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01670001
.text C:\WINDOWS\system32\Ati2evxx.exe[1712] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1712] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1712] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1712] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1712] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[1712] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1712] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[1796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04A90001
.text C:\WINDOWS\Explorer.EXE[1796] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1796] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1796] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1796] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1796] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\SOUNDMAN.EXE[2024] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\SOUNDMAN.EXE[2024] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\SOUNDMAN.EXE[2024] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\SOUNDMAN.EXE[2024] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\SOUNDMAN.EXE[2024] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E90001
.text C:\WINDOWS\SOUNDMAN.EXE[2024] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[2024] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[2024] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\SOUNDMAN.EXE[2024] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\SOUNDMAN.EXE[2024] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\SOUNDMAN.EXE[2024] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\SOUNDMAN.EXE[2024] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\tcnz\McciTrayApp.exe[2032] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\tcnz\McciTrayApp.exe[2032] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\tcnz\McciTrayApp.exe[2032] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\tcnz\McciTrayApp.exe[2032] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\tcnz\McciTrayApp.exe[2032] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012F0001
.text C:\Program Files\tcnz\McciTrayApp.exe[2032] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\tcnz\McciTrayApp.exe[2032] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\tcnz\McciTrayApp.exe[2032] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\tcnz\McciTrayApp.exe[2032] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\tcnz\McciTrayApp.exe[2032] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\tcnz\McciTrayApp.exe[2032] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\tcnz\McciTrayApp.exe[2032] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\LTMSG.exe[2040] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\LTMSG.exe[2040] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\LTMSG.exe[2040] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\LTMSG.exe[2040] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\LTMSG.exe[2040] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E70001
.text C:\WINDOWS\LTMSG.exe[2040] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\LTMSG.exe[2040] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\LTMSG.exe[2040] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\LTMSG.exe[2040] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\LTMSG.exe[2040] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\LTMSG.exe[2040] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\LTMSG.exe[2040] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[2728] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109A10090400000000000F01FEC\Usage@OutlookMAPI2Intl_1033 1066017040
Reg HKLM\SOFTWARE\Classes\CLSID\{75D01070-1234-44E9-82F6-DB5B39A47C13}\DataFormats\DefaultFiÿe@ MSPresentation
Reg HKLM\SOFTWARE\Classes\Interface\{AD194525-6E01-4BCA-929C-23C7383336AF}\ProxyStub

---- EOF - GMER 1.0.15 ----

mambass

2011-12-11, 17:17

Hi Neil, :)

I have a few questions

Problem is that When i close and sometimes open a window with explorer about.blank starts loading pages
Could you please explain what you mean by "about.blank"?
By "loading pages" do you mean that windows are popping up?
What type of pages are loading? Are they in any way related to what you had been viewing?

MGADiag

Please click here (http://go.microsoft.com/fwlink/?linkid=52012) to download MGADiag.exe from Microsoft and save it to your Desktop.
Double click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in. Save this file and post it in your next reply.

CKScanner

Please click here (http://downloads.malwareremoval.com/CKScanner.exe) to download CKScanner© by askey127 and save to your Desktop.
Double click on CKScanner.exe and click Search For Files. Note: It's important that you only run this program one time.
After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
Post the contents of ckfiles.txt in your reply, it is located on your desktop.

WVCheck

Please click here (http://artellos.com/ccount/click.php?id=7) to download WVCheck.exe and save it to your Desktop.
Double click WVCheck.exe, to run the process.
Read the comments on the screen... then press Enter.
The scan can take a while, depending on the size of your hard drive.
Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
Please copy and paste the contents of the Notepad scan report in your next reply.

Please include in your reply:

The text of any error messages and/or a description of any problems you encountered while performing these steps.
The answers to my questions.
The contents of the MGADiag log.
The contents of the CKScanner log.
The contents of the WVCheck log.
After posting your reply message, please verify that the last line of the last report is present in the post. If any log is cut off then please post the logs in sections.

mambass

neil09

2011-12-11, 18:33

a page i have been viewing pops open by itself multiply times. opens as about.blank then goes to page.
Im away for work for 3 days and will post logs as soon as i get back. thanks for your help
Neil

neil09

2011-12-14, 05:31

what next, ready to reformat c. whats my best options

mambass

2011-12-14, 14:12

Hi Neil,

Please run the scans requested in my previous post (MGADiag, CKScanner and WVCheck) and provide the logs in your reply.

mambass

neil09

2011-12-14, 22:35

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-KVMH8-G4HV6-H8YFJ
Windows Product Key Hash: H5rDjxMGPk05nzMyD0gCE1hoIFU=
Windows Product ID: 76477-OEM-2160032-12871
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {2F4DD347-B443-490D-8C04-03DE62D7A2E5}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: 1.7.105.35
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: 100
Version: 1.7.105.35
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional 2007 - 100 Genuine
OGA Version: Registered, 1.7.105.35
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2F4DD347-B443-490D-8C04-03DE62D7A2E5}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-H8YFJ</PKey><PID>76477-OEM-2160032-12871</PID><PIDType>3</PIDType><SID>S-1-5-21-1547161642-2111687655-839522115</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1001.026</Version><SMBIOSVersion major="2" minor="3"/><Date>20050224000000.000000+000</Date></BIOS><HWID>2B873AD70184A07D</HWID><UserLCID>1409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>New Zealand Standard Time(GMT+12:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.105.35"/><File Name="OGAAddin.dll" Version="1.7.105.35"/><File Name="OGAVerify.exe" Version="1.7.105.35"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0014-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional 2007</Name><Ver>12</Ver><Val>2C3F4CA0208F77A</Val><Hash>pDEyh9epmLDwbUC5JfSsF6x8KUc=</Hash><Pid>81605-957-5155302-65618</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1753B:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

neil09

2011-12-14, 22:46

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-216d-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetailcrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_2965_3\rashaderstmbasedetaildirtcrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\bf2\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetailcrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\documents and settings\harrison\my documents\battlefield 2\mods\xpack\cache\{d7b71ee2-0909-11cf-f66f-482da1c2cb35}_3153_3\rashaderstmbasedetaildirtcrackshadow.cfx
scanner sequence 3.ZZ.11.GKAPST
----- EOF -----

neil09

2011-12-14, 23:09

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1049_15-12-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2011-12-14 04:28:01
Last Success Time for Update Download: 2011-11-10 18:52:56
Last Success Time for Update Installation: 2011-11-10 21:27:17

WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------

WVCheck's File Dump
-----------------------
WVCheck found no known bad files.

WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.

WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.

WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.

WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.

WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b26b135ff1b9f60c9388b4a7d16f600b

-------- End of File, program close at 1059_15-12-2011 --------

mambass

2011-12-15, 17:31

Hi Neil, :)

Thank you for the logs. :bigthumb:

Registry Cleaners

Re. Registrar Registry Manager, RegZooka and RegistryBooster

I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop. I believe that you will find this post by Bill Castner to be very informative: WhatTheTech Forum (http://forums.whatthetech.com/Regcleaner_t42862.html&st=30&p=418272#entry418272)

We're going to be doing a lot of work in this post. Just execute the steps in the order given and it won't be too difficult. After the computer reboots at the end of the last step, please determine whether you are still experiencing problems with your computer and report your findings in your reply.

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

A few more questions

When a new Internet Explorer window first appears and the display area is blank before the page you were viewing appears, do you see "about:blank" in the address area near the top of the window?
Do new windows appear when you are
Typing?
Using the mouse?
Doing nothing (i.e., you are not using the keyboard or mouse)?

If you have any browsers installed other than Internet Explorer could you please see if they exhibit similar behavior and report back?
I noticed entries in your log indicating that restrictions exist concerning your ability to make changes to certain Internet Explorer settings and/or access certain Internet Explorer features. These could have been added by security software that you may have installed or they could have been added by malware. Could you please let me know if you wish to retain those restrictions or if you would like to have them removed?

Backup Your Registry with ERUNT
You already appear to have ERUNT on your computer. Please run it.
OK all the prompts to back up your registry to the default location.
Note: If you ever need to restore your registry later, you would go to the default backup folder and start ERDNT.exe
(The default backup folder is C:\Windows\ERDNT\ and the backups are saved according to date stamp)

Download the OTL fix file to be used later
Right-click on the attachment link at the bottom of this page, select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename: Fix.txt
This file must be saved to your Desktop as fix.txt.

Uninstall PunkBuster

Please click here (http://www.evenbalance.com/downloads/pbsvc/pbsvc.exe) to download the PBSVC Setup Program and save it to your Desktop.
Double click on pbsvc.exe to start it... then click Uninstall.
Once that's finished...
Click Start > Run and copy and paste the following into the open text box:

cmd /c for %i in (A B K) do sc delete PnkBstr%i
Click OK. A black box will flash very briefly. This is normal.

Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Conduit Engine
DVDVideoSoftTB Toolbar
IObit Security 360
Registrar Registry Manager 6.52
RegZooka

Take extra care in answering questions posed by any Uninstaller.

Reboot (restart) your computer

Run an OTL fix
Double Click the OTL icon on your Desktop
Click the Run Fix button at the top.
You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt and click Open
Some text will appear in the Custom scans/Fixes box.
Click the Run Fix button.
Let the program run unhindered and reboot the PC when it is done.
When the computer Reboots, and you start your usual account, a Notepad text file will appear.
Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt

If no log then please look in the C:\_OTL\MovedFiles folder for a file whose filename format is MMDDYYY_HHMMSS.log based on the date/time OTL was run.

Please include in your reply:

The text of any error messages and/or a description of any problems you encountered while performing these steps.
The answers to my questions.
The contents of the OTL.txt log.
A description of how your computer is running and any Malware symptoms that are still present.

mambass

neil09

2011-12-16, 04:04

========== PROCESSES ==========
All processes killed
========== OTL ==========
Error: No service named IS360service was found to stop!
Service\Driver key IS360service not found.
File C:\Program Files\IObit\IObit Security 360\is360srv.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ deleted successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm moved successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\motive.com\ptcnztbc.tcnz\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET1FF.tmp deleted successfully.
C:\WINDOWS\System32\SET20B.tmp deleted successfully.
C:\WINDOWS\System32\SET253.tmp deleted successfully.
C:\WINDOWS\002578_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\drivers\OLD92.tmp deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Registrar Registry Manager not found.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\setup folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\logs folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\FreeYouTubeToMP3Converter\Themes folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\FreeYouTubeToMP3Converter\History folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\FreeYouTubeToMP3Converter folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\FreeDVDVideoBurner\Themes folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft\FreeDVDVideoBurner folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\DVDVideoSoftIEHelpers folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire\xml\data folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire\xml folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire\themes folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire\overlays folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire\.NetworkShare folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\FrostWire folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\IObit\SmartRAM folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\IObit\InternetBooster folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\IObit\Advanced SystemCare\Backup\Registry folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\IObit\Advanced SystemCare\Backup folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\IObit\Advanced SystemCare folder moved successfully.
C:\Documents and Settings\Harrison\Application Data\IObit folder moved successfully.
C:\Program Files\IObit\IObit Security 360\Update folder moved successfully.
C:\Program Files\IObit\IObit Security 360\Quarantine Zone folder moved successfully.
C:\Program Files\IObit\IObit Security 360\log\Scan folder moved successfully.
C:\Program Files\IObit\IObit Security 360\log folder moved successfully.
C:\Program Files\IObit\IObit Security 360\Downloaded folder moved successfully.
C:\Program Files\IObit\IObit Security 360 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3 folder moved successfully.
C:\Program Files\IObit folder moved successfully.
File\Folder C:\Program Files\DVDVideoSoftTB not found.
File\Folder C:\Program Files\ConduitEngine not found.
c:\program files\Registrar Registry Manager folder moved successfully.
c:\program files\RegZooka\Logs folder moved successfully.
c:\program files\RegZooka\Backups folder moved successfully.
c:\program files\RegZooka folder moved successfully.
C:\WINDOWS\System32\rrMon.sys moved successfully.
File\Folder C:\WINDOWS\System32\rrsec.dll not found.
File\Folder C:\WINDOWS\System32\rrsec2k.exe not found.
File\Folder C:\WINDOWS\System32\drivers\PnkBstrK.sys not found.
File\Folder C:\WINDOWS\System32\PnkBstrB.exe not found.
File\Folder C:\WINDOWS\System32\PnkBstrA.exe not found.
File\Folder C:\DOCUMENTS AND SETTINGS\HARRISON\DESKTOP\REGISTRYBOOSTER.EXE not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 12162011_155243

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

neil09

2011-12-16, 04:13

Answers to questions

1. yes about.blank then to web page i had just closed

2. Windows re'open after I close a window

3. No other browser

4. No reason to retain something I have no idea what it does. If theres a chance its malware I would appreciate your help in removing it.

Thank you your help is greatly apprerciated

mambass

2011-12-17, 12:19

Hi Neil, :)

Perform a Custom Fix with OTL

Double-click the OTL icon on your Desktop to run the program.
In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):

:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present

:Commands
[CREATERESTOREPOINT]
[REBOOT]

Then click the Run Fix button at the top.
Let the program run unhindered and reboot the PC when it is done.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Run an aswMBR scan

Please click here (http://public.avast.com/~gmerek/aswMBR.exe) to download aswMBR and save it to your Desktop.
Double click the aswMBR.exe icon on your Desktop to run it.
Click No if asked "Would you like to download latest Avst! Virus definitions?"
Click the Scan button.
After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
Click OK
Two files will be created, aswMBR.txt & a file named MBR.dat
Save MBR.dat to a USB flash drive. This is a backup of your MBR (Master Boot record). Do not delete this file.
NOTE: Do not click to fix anything at this stage!
Click EXIT.
Copy & Paste the contents of aswMBR.txt into your next reply.

Please include in your reply:

The text of any error messages and/or a description of any problems you encountered while performing these steps.
The contents of the OTL.txt log.
The contents of the aswMBR.txt log.
Please let me know if you are still experiencing problems.

mambass

neil09

2011-12-18, 01:08

OTL logfile created on: 18/12/2011 12:51:42 p.m. - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Harrison\Desktop\repair
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.35% Memory free
2.85 Gb Paging File | 2.41 Gb Available in Paging File | 84.50% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 27.42 Gb Free Space | 36.80% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 465.76 Gb Total Space | 170.44 Gb Free Space | 36.59% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 23.49 Gb Free Space | 15.76% Space Free | Partition Type: NTFS

Computer Name: PC-ED35CABDA717 | User Name: Harrison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/10 10:04:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harrison\Desktop\repair\OTL.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/10/16 08:44:22 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\afasrv32.exe
PRC - [2008/06/21 08:23:45 | 001,464,832 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\tcnz\McciTrayApp.exe
PRC - [2008/04/14 13:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 20:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/05/18 10:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2004/11/15 23:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/07/14 11:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
MOD - [2011/10/16 08:44:22 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\afasrv32.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (usnjsvc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/05/25 16:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\afasrv32.exe -- (AfaService)
SRV - [2007/08/09 20:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/18 10:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/04/12 03:40:28 | 000,019,200 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2010/04/12 03:17:36 | 000,324,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2010/01/09 12:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/04/14 04:05:22 | 000,031,104 | ---- | M] (USB Mass Storage.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UStorage.sys -- (USTORAGE)
DRV - [2008/12/12 12:26:10 | 000,023,552 | ---- | M] (defrag Development Team) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dfg.sys -- (dfg)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/07 04:50:26 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/05/07 04:50:26 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/04/11 10:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2007/02/27 15:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/05/03 14:49:57 | 000,166,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2006/02/21 21:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/18 00:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 11:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/07/09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/12/12 20:03:10 | 000,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nz.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://nz.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/15 09:23:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2011/11/04 15:10:14 | 000,000,000 | ---D | M]

[2010/07/20 13:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Harrison\Application Data\Mozilla\Extensions
[2010/01/12 13:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Harrison\Application Data\Mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Yahoo! Search ()
CHR - default_search_provider: search_url = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2011/11/20 20:08:56 | 000,437,905 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15063 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [tcnz_McciTrayApp] C:\Program Files\tcnz\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: motive.com ([ptcnztbc.tcnz] http in Trusted sites)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Value error.)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DF3C198-92CE-4706-9203-8EC6881273EC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Harrison/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Harrison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Harrison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/14 15:59:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/30 14:45:31 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 01:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/16 15:52:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/16 14:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Desktop\drivers
[2011/12/15 19:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD-Cloner
[2011/12/15 19:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\DVD-Cloner
[2011/12/15 19:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Application Data\dvd-cloner
[2011/12/15 10:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Desktop\repair
[2011/12/03 22:26:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/03 22:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/03 22:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/11/21 19:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/21 08:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Ghost Mouse Auto Clicker
[2011/11/21 08:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ghost Mouse Auto Clicker
[2010/01/03 07:52:49 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Harrison\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/12/18 12:59:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6A4810CF-FB95-456B-B035-835C578DDBD1}.job
[2011/12/18 12:41:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/18 12:40:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/18 12:38:10 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/18 11:50:40 | 084,460,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/16 13:34:42 | 000,009,387 | ---- | M] () -- C:\Documents and Settings\Harrison\Application Data\Tab Separated Values (Windows).EML
[2011/12/16 07:59:35 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 21:39:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/15 19:26:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\dvdtest10024.dat
[2011/12/15 10:30:21 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/14 18:28:40 | 000,271,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/03 22:26:02 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/21 19:40:44 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/21 08:15:26 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ghost Mouse Auto Clicker.lnk
[2011/11/20 20:17:33 | 000,000,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg

========== Files Created - No Company Name ==========

[2011/12/03 22:26:02 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/21 19:40:44 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/21 08:15:26 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ghost Mouse Auto Clicker.lnk
[2011/11/20 20:17:23 | 000,000,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/11/14 12:30:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dvdtest10024.dat
[2011/10/16 11:59:25 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/10/09 14:54:27 | 000,176,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/14 15:21:50 | 000,012,800 | ---- | C] () -- C:\WINDOWS\sysutils.dll
[2011/04/18 14:28:38 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/02/26 13:38:49 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/27 08:28:27 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/09/21 19:59:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2010/09/17 19:54:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/20 13:54:12 | 000,012,264 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/07/20 13:44:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/20 12:53:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
[2010/02/12 21:32:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2010/01/03 07:52:49 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\inst.exe
[2010/01/03 07:52:49 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\pcouffin.cat
[2010/01/03 07:52:49 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\pcouffin.inf
[2009/07/19 14:59:22 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\FixVTS.ini
[2009/07/13 19:09:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\afasrv32.exe
[2009/06/27 20:09:03 | 000,066,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/13 10:39:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/02/26 09:58:44 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/02/26 09:58:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/27 19:59:01 | 000,094,083 | ---- | C] () -- C:\WINDOWS\hpqins11.dat.temp
[2009/01/27 19:40:32 | 000,094,065 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2009/01/19 07:12:19 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Harrison\Local Settings\Application Data\fusioncache.dat
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/31 17:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/12/29 12:29:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/12/25 10:40:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/25 10:40:40 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/20 10:02:50 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/12/05 22:54:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/05 16:02:36 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008/11/24 18:54:52 | 000,093,684 | ---- | C] () -- C:\WINDOWS\hpqins07.dat.temp
[2008/11/24 18:31:37 | 000,117,048 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/11/24 18:24:05 | 000,117,579 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2008/11/24 18:24:05 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2008/11/24 18:21:31 | 000,093,684 | ---- | C] () -- C:\WINDOWS\hpqins07.dat
[2008/10/26 12:07:54 | 000,009,379 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (DOS).EML
[2008/10/26 12:05:54 | 000,009,387 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Tab Separated Values (Windows).EML
[2008/10/26 12:00:57 | 000,038,502 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Tab Separated Values (Windows).ADR
[2008/07/25 13:53:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/19 12:15:33 | 000,094,083 | ---- | C] () -- C:\WINDOWS\hpqins11.dat
[2008/07/19 11:49:59 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/07/18 15:50:20 | 000,239,104 | ---- | C] () -- C:\Documents and Settings\Harrison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/15 03:47:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/15 03:45:51 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/14 22:54:47 | 000,038,463 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (Windows).ADR
[2008/07/14 22:51:01 | 000,021,750 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (Windows).EML
[2008/07/14 16:15:56 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/07/14 16:09:07 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/07/14 16:09:03 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/07/14 16:09:03 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/07/14 16:08:53 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2008/07/14 16:05:27 | 000,003,335 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/14 16:05:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/07/14 16:00:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/14 15:56:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/12 23:09:25 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/05/05 23:10:17 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/01/19 03:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005/10/07 08:13:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2005/10/07 08:13:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/08/05 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/05 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/05 01:00:00 | 000,505,478 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/05 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/05 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/05 01:00:00 | 000,087,692 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/05 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/05 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/05 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/05 01:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/05 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/05 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/06/14 15:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/10/16 09:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/11/05 10:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/20 15:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/07/14 08:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/11/05 10:27:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/15 19:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD-Cloner
[2011/02/26 13:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/12/03 08:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/02/07 10:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/12/18 11:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/01/12 12:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2008/07/27 14:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/18 15:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/08/07 19:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2009/01/06 08:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/10/28 20:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/10/15 12:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2010/08/12 12:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/26 18:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/07 04:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/23 21:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\asoftech
[2011/10/16 08:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG Secure Search
[2011/10/16 08:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG2012
[2010/03/23 08:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG9
[2010/02/18 10:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Azureus
[2008/07/19 14:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/15 19:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\dvd-cloner
[2010/07/20 12:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\FUJIFILM
[2011/05/26 20:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\HandBrake
[2011/11/07 14:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Image Zone Express
[2009/10/21 19:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\MSNInstaller
[2011/08/07 19:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Netscape
[2010/01/18 17:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Nokia
[2010/01/14 22:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\PC Suite
[2011/11/08 09:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\PriceGong
[2011/11/13 22:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\RipIt4Me
[2011/02/26 18:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Sony Online Entertainment
[2009/01/06 08:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Ulead Systems
[2011/10/15 12:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Uniblue
[2011/08/20 15:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Vso
[2010/06/18 10:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Windows Desktop Search
[2010/06/18 17:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Windows Search
[2011/07/23 21:17:34 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\AsoftechAutoClicker_4.job
[2011/12/18 12:59:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6A4810CF-FB95-456B-B035-835C578DDBD1}.job

========== Purity Check ==========

< End of report >

neil09

2011-12-18, 01:18

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-18 13:11:36
-----------------------------
13:11:36.906 OS Version: Windows 5.1.2600 Service Pack 3
13:11:36.906 Number of processors: 2 586 0x401
13:11:36.906 ComputerName: PC-ED35CABDA717 UserName: Harrison
13:11:39.625 Initialize success
13:12:09.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:12:09.781 Disk 0 Vendor: WDC_WD800BB-00JHA0 05.01C05 Size: 76319MB BusType: 3
13:12:09.812 Disk 0 MBR read successfully
13:12:09.812 Disk 0 MBR scan
13:12:09.812 Disk 0 Windows XP default MBR code
13:12:09.828 Disk 0 scanning sectors +156280320
13:12:09.921 Disk 0 scanning C:\WINDOWS\system32\drivers
13:12:32.343 Service scanning
13:12:35.468 Modules scanning
13:12:56.765 Disk 0 trace - called modules:
13:12:56.781 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
13:12:56.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a562ab8]
13:12:56.796 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000060[0x8a5c4210]
13:12:56.796 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5c3940]
13:12:56.796 Scan finished successfully
13:14:24.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Harrison\Desktop\MBR.dat"
13:14:24.843 The log file has been saved successfully to "C:\Documents and Settings\Harrison\Desktop\aswMBR.txt"

neil09

2011-12-18, 06:26

Comp runs way faster.

Havent had windows re load with about.blank so far.
Fingers crossed

Thank you so very much for your help

Neil

mambass

2011-12-19, 03:24

Hi Neil,

Thank you so very much for your help You're welcome. :)

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

Download Java installer to be used later
Goto http://www.oracle.com/technetwork/java/javase/downloads/index.html (http://www.oracle.com/technetwork/java/javase/downloads/index.html)
Find the section labeled Java SE 6 Update 30 and click on the JRE Download button. (DO NOT click the JDK Download button).
Click the Accept License Agreement option.
Find the Windows x86 Offline entry, click the jre-6u30-windows-i586.exe link and save the installer on your Desktop.
Find the installer icon on your Desktop so you'll know where to look later.

Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Java Auto Updater
Java(TM) 6 Update 24

Take extra care in answering questions posed by any Uninstaller.

Reboot (restart) your computer

Perform a Custom Fix with OTL

Double-click the OTL icon on your Desktop to run the program.
In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):

:processes
killallprocesses

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O15 - HKCU\..Trusted Domains: motive.com ([ptcnztbc.tcnz] http in Trusted sites)

[CREATERESTOREPOINT]
[EMPTYTEMP]

Then click the Run Fix button at the top.
Let the program run unhindered and reboot the PC when it is done.
When the computer Reboots, and you start your usual account, a Notepad text file will appear.
Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

Install Java Runtime Environment
Double-click the jre-6u30-windows-i586.exe icon on your Desktop and it will install the newest version of Java for you to use.
During the Installation, be sure to UNCHECK any offer for McAfee Security Scan Plus. It's just adware.
Also always UNCHECK any offer for Ask Toolbar during the installation of Java or any other product.
When it finishes, you can remove the Installer from your desktop.

Please include in your reply:

The text of any error messages and/or a description of any problems you encountered while performing these steps.
The contents of the OTL Fix log.
Please let me know how your computer is running and note any Malware symptoms that are still present.

mambass[/quote]

neil09

2011-12-19, 10:32

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\motive.com\ptcnztbc.tcnz\ deleted successfully.
File EATERESTOREPOINT] not found.
File PTYTEMP] not found.

OTL by OldTimer - Version 3.2.31.0 log created on 12192011_221808

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

neil09

2011-12-19, 10:35

comp very slow now to start up or restart.

Thanks again for your time to help me.

mambass

2011-12-21, 02:04

Hi Neil, :)

Questions related to slow performance

Some of our tools schedule tasks to be performed the next time the system boots. This can cause the system to come up slowly. That should however only happen on the next boot operation after running the tool. Can you tell me if reboots are still slow to come up? If so, is the slowness in

The time it takes for the login screen to appear.
The time it takes after logging in for the system to be usable.
Both of the above.

If you are still experiencing slow boots then try booting a second time immediately after the system comes up and let me know if the second consecutive boot is faster than the first.

You had previously said that things were much faster. Then they became slower. Can you quantify "fast" vs. "slow" in terms of how long things took/are taking? If the second boot is faster than the first, can you tell me how the second boot compares to when the system was "fast"?

Are you experiencing any issues other than possibly general performance problems?

Backup Your Registry with ERUNT

Please run ERUNT.
OK all the prompts to back up your registry to the default location.
Note: If you ever need to restore your registry later, you would go to the default backup folder and start ERDNT.exe
(The default backup folder is C:\Windows\ERDNT\ and the backups are saved according to date stamp)

ESET online scannner

Please disable any Antivirus you have active, as shown in This Topic (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html).
Hold down Ctrl then click on the following link to open a new window to ESET online scannner (http://www.eset.com/us/online-scanner/run)

If Internet Explorer is being used then check Yes, I accept the Terms of Use and then click the Start button.
Allow the ESET Scanner Active-X component to be installed if asked and click the Retry button if prompted to restart the download.

If a browser other than Internet Explorer is being used then click the esetsmartinstaller_enu.exe link and save the installer to your Desktop.
Double-click on the installer to run it.
Check Yes, I accept the Terms of Use and click the Start button.

Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following: Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology Now click on Start.
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on Finish.
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
Re-enable your Antivirus software.

Please include in your reply:

The text of any error messages and/or a description of any problems you encountered while performing these steps.
The answers to questions related to performance.
The contents of the ESET log.

mambass

mambass

2011-12-24, 02:05

Hi Neil,

It's been 72 hours since I posted my instructions. I just wanted to remind you that, per Forum policy here (http://forums.spybot.info/showthread.php?t=288), this thread may now be closed.

Could you please let me know if you still need help and, if so, if you require additional time to perform the requested tasks?

Thank you. :)

mambass

Jack&Jill

2011-12-26, 07:20

Due to lack of response, this topic is now closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log. (http://forums.spybot.info/showpost.php?p=1150&postcount=2)

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.