The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Redirect virus not found by malwarebyte

Posted 4/19/2010 5:59 PM
#85148
User avatar

xsnapplemanx Valued member

Date Joined Nov 2016
Total Posts: 14
Hi, I've seen several different fixes that seem to be tailored specifically for each individual issue. I've been having a redirect issue with any search engine results. The search engine will pull up the results, but when I click on the link it redirects me to generic search sites with unrelated topics. It started happening after I removed a trojan horse that wouldn't let me open exe files and kept referring me to use a fake windows virus scanner. I have already run hijack this... here is my log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:32 PM, on 4/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Belkin\F5D8051v2\chkdev.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*https://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Salling Media Sync] "C:\Program Files\Salling Software AB\Salling Media Sync\Salling Media Sync.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FreeMem Pro] "C:\Program Files\FreeMem Standard\freemem.exe" Startup
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: prxernsp.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - https://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - https://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - https://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - https://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - https://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - https://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - https://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {A8C1E502-4FCF-4AF2-ADDB-ABF540CA5BA7} (XVideoShow Control) - https://twcam.www.gov.tw/webcam/ocx/xVideoShow.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - https://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
O16 - DPF: {C7DEAFF2-1DEB-4647-9631-43C09BB8CEC6} (DVSTools Control) - https://twcam.www.gov.tw/webcam/ocx/DVSTools.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - https://asp.mathxl.com/books/_Players/MathPlayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8252 bytes
Posted 4/23/2010 9:35 AM
#85232
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
We need to create an OTL Report

1. Please download OTL
https://oldtimer.geekstogo.com/OTL.exe
2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Click the "Scan All Users" checkbox.
5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
6. Copy and Paste the following into the textbox.


netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
winlogon.exe
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

7. Push "scan"
8. Two reports will open, copy and paste them in a reply here:
• OTListIt.txt <-- Will be opened
• Extra.txt <-- Will be minimized
perhaps you must post in two or more parts.
Posted 4/23/2010 3:38 PM
#85244
User avatar

xsnapplemanx Valued member

Date Joined Nov 2016
Total Posts: 14
Thanks for the help... I had two information boxes on my computer this morning. The first from windows itself saying, "Generic Host Process for Win32 Services has encountered problem and needs to close. We are sorry for the inconvenience." I opened the error report and this is what it said:
szAppName : svchost.exe szAppVer : 5.1.2600.2180 szModName : mshtml.dll
szModVer : 6.0.2900.3676 offset : 001e42e1
The second window was from AVG resident shield. It said accessed file is infected. File Name: C:\WINDOWS\system32\drivers\tcpip.sys Threat Detected: Virus identified Win32/Patched.DO Detected in open. Process name: system Process ID: 4

I'll be pasting my reports for OTL asap. Hope this helps, thanks again.
Posted 4/23/2010 3:47 PM
#85249
User avatar

xsnapplemanx Valued member

Date Joined Nov 2016
Total Posts: 14
OTL logfile created on: 4/23/2010 11:29:19 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Alexander\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 37.33 Gb Free Space | 24.34% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 29.98 Gb Free Space | 80.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 347.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDER
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/04/23 11:23:19 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alexander\Desktop\OTL.exe
PRC - [2010/04/22 08:24:25 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/22 08:24:20 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/03 08:15:10 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/02 16:41:47 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 23:29:32 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/30 23:29:29 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/30 23:28:56 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/30 23:28:52 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/20 14:27:06 | 000,332,944 | ---- | M] (Salling Software AB) -- C:\Program Files\Salling Software AB\Salling Media Sync\Salling Media Sync.exe
PRC - [2009/08/10 14:04:04 | 005,210,112 | ---- | M] (Rick Meyers) -- C:\Program Files\e-Sword\e-Sword.exe
PRC - [2007/10/18 22:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/18 18:35:08 | 001,576,960 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
PRC - [2006/09/01 17:11:36 | 000,233,472 | ---- | M] () -- C:\Program Files\Belkin\F5D8051v2\ChkDev.exe
PRC - [2006/06/19 18:19:26 | 000,304,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2006/03/03 23:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/07/19 19:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/14 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2005/04/01 13:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/04/23 11:23:19 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alexander\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/06/14 08:00:00 | 001,852,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AcGenral.dll
MOD - [2005/06/14 08:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare9)
SRV - [2010/03/30 23:28:56 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/03/30 23:28:52 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/02 00:39:18 | 001,029,456 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/16 18:00:36 | 001,138,880 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2006/11/16 17:59:58 | 000,123,064 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2006/03/03 23:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/04/01 13:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/04/22 08:24:21 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/30 23:30:17 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/30 23:30:15 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/04/26 00:39:45 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2007/12/30 23:46:56 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/05/21 16:21:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/01/24 07:30:03 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2006/10/22 14:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/08/30 03:52:00 | 000,476,416 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245)
DRV - [2006/06/25 20:48:49 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2006/06/25 20:46:45 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/01/07 14:09:50 | 000,007,548 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Samhid.sys -- (samhid)
DRV - [2005/07/18 14:26:40 | 000,085,952 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w600obex.sys -- (w600obex)
DRV - [2005/07/18 14:25:36 | 000,088,080 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w600mgmt.sys -- (w600mgmt)
DRV - [2005/07/18 14:24:32 | 000,096,672 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w600mdm.sys -- (w600mdm)
DRV - [2005/07/18 14:24:26 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w600mdfl.sys -- (w600mdfl)
DRV - [2005/07/18 14:23:02 | 000,060,928 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w600bus.sys -- (w600bus) Sony Ericsson W600 driver (WDM)
DRV - [2005/06/14 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2005/05/27 11:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 11:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/04/18 21:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/02/02 04:33:18 | 000,026,752 | R--- | M] (IC Plus Corp. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfnd51.sys -- (ip100xp)
DRV - [2004/08/04 01:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2001/12/19 13:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\VCdRom.sys -- (vcdrom)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = https://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*https://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1078081533-926492609-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.aol.com/puccini/start
IE - HKU\S-1-5-21-1078081533-926492609-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/22 08:29:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/10 23:57:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/19 13:12:47 | 000,000,000 | ---D | M]

[2009/07/13 16:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Extensions
[2010/04/19 13:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\u02k6mmb.default\extensions
[2009/07/08 16:05:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\u02k6mmb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/17 00:31:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\u02k6mmb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/06 18:05:15 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\u02k6mmb.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/03/14 15:19:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\u02k6mmb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/15 17:37:07 | 000,001,941 | ---- | M] () -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\u02k6mmb.default\searchplugins\goodsearch.xml
[2009/05/04 20:23:10 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\u02k6mmb.default\searchplugins\youtube.xml
[2010/04/19 13:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/14 10:37:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/19 13:12:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2007/05/27 20:54:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\divx@partners.mozilla.com
[2010/04/19 13:12:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/06 00:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/04/17 08:54:10 | 000,000,156 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-1078081533-926492609-682003330-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Salling Media Sync] C:\Program Files\Salling Software AB\Salling Media Sync\Salling Media Sync.exe (Salling Software AB)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
O4 - HKU\S-1-5-21-1078081533-926492609-682003330-1005..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-1078081533-926492609-682003330-1005..\Run: [FreeMem Pro] C:\Program Files\FreeMem Standard\freemem.exe (Meikel.com)
O4 - Startup: C:\Documents and Settings\Alexander\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-926492609-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\PrxerNsp.dll ( )
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} https://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} https://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} https://www.streamplug.com/StreamPlug/beta/SP.cab (StreamPlug Class)
O16 - DPF: {3234504D-9980-0010-8000-00AA00389B71} https://download.microsoft.com/download/a/0/0/a0043c6c-8cd6-428e-9c9e-01883020f5ce/mpg4dmo.CAB (Reg Error: Key error.)
O16 - DPF: {3334504D-0000-0010-8000-00AA00389B71} https://codecs.microsoft.com/codecs/i386/mpeg4ax.cab (Reg Error: Key error.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} https://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} https://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} https://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} https://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} https://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} https://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {A8C1E502-4FCF-4AF2-ADDB-ABF540CA5BA7} https://twcam.www.gov.tw/webcam/ocx/xVideoShow.cab (XVideoShow Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} https://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C7DEAFF2-1DEB-4647-9631-43C09BB8CEC6} https://twcam.www.gov.tw/webcam/ocx/DVSTools.cab (DVSTools Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} https://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O29 - HKLM SecurityProviders - (mjoovjcr.dll) - C:\WINDOWS\System32\mjoovjcr.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/30 02:02:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/11/11 12:48:23 | 007,127,040 | R--- | M] (FIRAXIS Games, Inc.) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/08/24 05:33:16 | 000,000,027 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/05/29 17:45:59 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {01C22038-CE1F-0B30-50B2-D0BED9F6F862} - Viewpoint Media Player
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Macromedia Shockwave Director 10.1.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Hacked With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\WINDOWS\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.MJPG - C:\WINDOWS\System32\pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: vidc.mp42 - mpg4c32.dll File not found
Drivers32: vidc.mp43 - mpg4c32.dll File not found
Drivers32: vidc.mpg4 - mpg4c32.dll File not found
Drivers32: vidc.pmp4 - C:\WINDOWS\System32\pv3decoder.dll (Innova)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (63345480511258624)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/04/23 11:23:18 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alexander\Desktop\OTL.exe
[2010/04/19 13:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/19 13:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/19 13:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/19 13:12:47 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/19 13:12:47 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/19 13:12:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/19 13:12:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/19 13:12:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/19 05:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2010/04/19 05:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/19 05:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/18 23:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexander\Application Data\Ventrilo
[2010/04/18 23:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/04/18 23:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/18 06:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Opera
[2010/04/17 09:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2010/04/17 00:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/17 00:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/17 00:13:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/04/17 00:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/04/14 12:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexander\Local Settings\Application Data\Google
[2010/04/14 12:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexander\Local Settings\Application Data\Deployment
[2010/04/14 02:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/14 02:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/09 12:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexander\Application Data\U3
[2010/04/07 01:47:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Alexander\UserData
[2010/04/03 11:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexander\Local Settings\Application Data\Salling_Software_AB
[2010/04/03 11:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\Salling Software AB
[2010/04/01 17:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexander\My Documents\New Folder
[2010/03/30 23:30:44 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/30 23:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/30 22:57:58 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2010/03/30 15:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexander\Local Settings\Application Data\Help
[2010/03/30 15:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexander\Application Data\Help
[2010/03/30 15:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\FreeMem Standard
[2010/03/29 18:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexander\Desktop\Desktop
[2010/03/29 16:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/03/29 16:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexander\Local Settings\Application Data\Blizzard Entertainment
[2010/03/29 14:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/03/29 14:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2010/03/29 13:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2007/02/06 03:47:28 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\PrxerNsp.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/04/23 11:23:19 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alexander\Desktop\OTL.exe
[2010/04/23 10:30:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/23 09:29:15 | 000,360,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2010/04/23 09:25:53 | 059,202,755 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/23 02:41:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\prvlcl.dat
[2010/04/22 08:32:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/22 08:32:30 | 000,019,224 | ---- | M] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/22 08:31:00 | 000,087,585 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/22 08:30:49 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/04/22 08:29:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/22 08:29:42 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/22 08:29:42 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/22 08:28:09 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Alexander\NTUSER.DAT
[2010/04/22 08:28:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Alexander\ntuser.ini
[2010/04/22 08:24:21 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/20 15:18:10 | 000,011,776 | ---- | M] () -- C:\WINDOWS\System32\mjoovjcr.dll
[2010/04/19 23:39:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/19 13:12:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/19 13:12:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/19 13:12:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/19 13:12:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/19 13:12:27 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/18 23:23:40 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/18 23:23:39 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2010/04/18 13:43:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/17 16:41:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/17 09:40:03 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Alexander\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/04/15 06:49:40 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Alexander\Desktop\Internet.lnk
[2010/04/14 12:46:39 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/14 12:32:36 | 000,014,134 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\50vGiJ1FW7x2
[2010/04/14 12:32:36 | 000,014,134 | -HS- | M] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\50vGiJ1FW7x2
[2010/04/14 12:17:41 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 12:12:49 | 000,014,316 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2509137411
[2010/04/14 12:12:49 | 000,014,316 | -HS- | M] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\2509137411
[2010/04/14 12:03:36 | 000,014,134 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3469191438
[2010/04/14 12:03:06 | 000,014,146 | -HS- | M] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\3469191438
[2010/04/14 03:02:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/01 17:17:43 | 000,002,652 | ---- | M] () -- C:\Documents and Settings\Alexander\Desktop\Worship.rtf
[2010/03/31 00:02:58 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\Alexander\Desktop\Shortcut to Wow.lnk
[2010/03/30 23:30:17 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/30 23:30:15 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/30 23:30:08 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/03/30 23:30:07 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/30 23:30:06 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 14:48:33 | 004,236,454 | -H-- | M] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\IconCache.db
[2010/03/27 09:24:14 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/04/20 15:18:10 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\mjoovjcr.dll
[2010/04/18 23:23:38 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2010/04/18 23:23:31 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/18 13:43:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/17 09:40:03 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Alexander\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/04/15 06:49:40 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Alexander\Desktop\Internet.lnk
[2010/04/14 12:46:39 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/14 12:01:51 | 000,014,146 | -HS- | C] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\3469191438
[2010/04/14 12:01:22 | 000,014,316 | -HS- | C] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\2509137411
[2010/04/14 12:01:22 | 000,014,134 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3469191438
[2010/04/14 12:00:34 | 000,014,316 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2509137411
[2010/04/14 12:00:34 | 000,014,134 | -HS- | C] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\50vGiJ1FW7x2
[2010/04/14 11:29:34 | 000,014,134 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\50vGiJ1FW7x2
[2010/04/14 11:29:34 | 000,014,130 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\50vGiJ1FW7x2
[2010/04/02 19:24:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\prvlcl.dat
[2010/04/01 17:17:43 | 000,002,652 | ---- | C] () -- C:\Documents and Settings\Alexander\Desktop\Worship.rtf
[2010/03/31 00:02:58 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\Alexander\Desktop\Shortcut to Wow.lnk
[2010/03/30 23:30:08 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/03/30 22:57:58 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2010/03/30 15:49:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\GkSui16.EXE
[2008/09/05 18:30:57 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/01/15 04:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007/04/02 02:51:01 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/02/11 17:14:57 | 000,000,286 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/02/06 02:38:27 | 000,000,221 | ---- | C] () -- C:\WINDOWS\SOFTEK.INI
[2007/01/24 07:41:32 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/01/03 03:20:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Gnucleus.INI
[2006/12/28 16:39:18 | 000,000,054 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI
[2006/11/23 22:39:44 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2006/11/02 16:21:00 | 000,001,128 | ---- | C] () -- C:\WINDOWS\7thlevel.ini
[2006/10/30 03:02:32 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\sam.ini
[2006/10/30 02:56:11 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\FDRpage.dll
[2006/10/30 02:56:11 | 000,007,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samhid.sys
[2006/08/19 07:27:35 | 000,000,068 | ---- | C] () -- C:\WINDOWS\ZMatrixSS.ini
[2006/08/06 23:18:15 | 000,379,904 | ---- | C] () -- C:\WINDOWS\System32\vstudiotm.dll
[2006/08/05 16:55:52 | 000,000,445 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/10 01:19:11 | 000,000,020 | ---- | C] () -- C:\WINDOWS\avi2divx.INI
[2006/07/09 21:27:56 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/09 21:27:56 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/09 21:27:56 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/25 20:48:48 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys
[2006/06/25 20:46:45 | 000,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/06/25 20:46:45 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd1133.sys
[2006/06/21 01:29:15 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/06/17 02:09:18 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI
[2006/06/17 01:27:33 | 000,000,369 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/05/30 02:10:03 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/05/30 02:09:59 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/05/24 18:47:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/18 20:04:53 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2005/10/21 20:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/10/21 20:35:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/02/17 07:31:58 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/02/17 07:31:58 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/02/17 07:31:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/02/17 07:31:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/02/17 07:31:58 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/02/17 07:31:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2004/12/20 13:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 13:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/03/24 12:04:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2004/03/24 12:04:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/03/17 07:26:24 | 000,078,336 | ---- | C] () -- C:\WINDOWS\System32\txppro.dll
[2003/03/13 19:50:18 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\wimadll.dll
[2002/08/15 13:59:42 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2002/03/02 22:26:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cypher.dll
[2000/11/24 20:05:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\CPUINFO2.DLL
[1997/06/13 22:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2008/09/03 21:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\acccore
[2008/12/02 02:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Nikon
[2009/11/12 10:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Opera
[2009/04/20 22:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\uniblue
[2009/05/28 01:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Viewpoint
[2008/09/02 23:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Zeon
[2008/09/03 21:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/03/30 23:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/12/02 02:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/01/13 17:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/12/02 02:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2006/07/09 22:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2010/04/17 00:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/04/19 13:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/04/17 13:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/02 02:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/06/27 21:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/06/17 01:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2009/11/19 13:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/02/15 01:36:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/06/23 09:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/06/16 16:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Kinko's
[2006/05/30 01:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\.BitTornado
[2006/08/19 07:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\.ZMatrix
[2008/09/01 12:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\Aim
[2006/12/18 06:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\Aston
[2007/01/03 03:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\BearShare
[2007/12/26 01:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\Blackberry Desktop
[2006/08/11 05:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\Camfrog
[2006/11/27 04:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\CopyToDvd
[2006/11/24 01:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\DeepBurner
[2006/06/16 16:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\Downloaded Installations
[2008/05/20 19:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\FinalBurner .ISO
[2007/03/05 03:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\FinalBurner Audio CD
[2008/05/20 19:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\FinalBurner DATA
[2006/06/30 04:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\GlobalSCAPE
[2008/06/25 17:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\LimeWire
[2006/12/15 08:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\Morpheus
[2007/01/08 05:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\MP3Rocket
[2006/07/06 02:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\Opera
[2006/06/19 01:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\Publish Providers
[2007/12/26 02:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\Research In Motion
[2006/07/09 22:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\River Past G4
[2006/07/09 22:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\RiverPast G4
[2006/06/25 21:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\SlySoft
[2006/06/19 01:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\Sony
[2007/11/11 13:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\Sony Setup
[2008/03/26 15:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\TwonkyMedia
[2008/03/15 14:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\uTorrent
[2007/09/13 19:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\Viewpoint
[2008/05/19 01:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\Vso
[2006/06/17 01:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\max\Application Data\Zeon
[2010/04/18 06:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Opera
[2010/04/19 23:39:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/22 08:30:49 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[2008/09/03 21:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/04/19 16:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/04/19 16:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2008/09/03 21:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/06/27 21:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2008/09/03 21:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2008/02/08 22:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/02/09 00:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/03/30 23:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2010/03/30 23:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/29 14:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/03/29 16:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2008/12/02 02:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/01/06 13:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2007/04/02 02:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2006/12/04 00:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/02/15 01:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/04/19 05:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2010/03/19 11:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/14 01:38:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/05/27 20:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2008/01/13 17:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/12/02 02:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2006/12/01 03:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2008/04/23 19:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2006/07/09 22:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2010/04/19 13:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2010/04/17 00:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/04/19 13:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2007/12/26 01:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2006/11/28 04:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/19 13:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/19 13:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/04/17 13:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/02 02:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/06/27 21:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/06/22 01:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/04/17 00:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2006/06/17 01:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2009/11/19 13:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/02/15 01:36:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/06/23 09:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[2009/02/04 15:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe
[2009/01/18 17:43:37 | 002,892,112 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
[2009/05/19 02:35:46 | 002,402,104 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\AIMinst.exe
[2009/05/19 02:35:48 | 000,550,024 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\AIMLang.exe
[2009/05/19 02:36:04 | 000,142,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
[2009/05/19 02:35:52 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\amoinst.exe
[2009/05/19 02:35:52 | 000,069,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\amos.exe
[2009/05/19 02:35:58 | 000,120,368 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\aoldlmgr.exe
[2009/05/19 02:36:04 | 000,097,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
[2009/05/19 02:35:52 | 000,231,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\migrator.exe
[2009/05/19 02:35:52 | 001,225,352 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\msvc9rt.exe
[2009/05/19 02:35:54 | 004,480,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\ocpinst.exe
[2009/05/19 02:35:44 | 000,036,704 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\postproc.exe
[2009/05/19 02:35:42 | 000,172,840 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\setup.exe
[2009/05/19 02:35:56 | 000,383,128 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\tbsetup.exe
[2009/05/19 02:36:04 | 001,484,856 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
[2009/05/19 02:35:56 | 000,376,568 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\unagi3.exe
[2009/05/19 02:36:02 | 000,030,512 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
[2009/05/19 02:36:04 | 002,884,832 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
[2009/11/12 18:07:12 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
[2010/03/02 00:39:18 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
[2010/03/02 00:39:18 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
[2009/09/22 00:39:20 | 000,640,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
[2010/03/02 00:39:19 | 002,357,064 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
[2010/03/02 00:39:20 | 000,567,144 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
[2010/03/02 00:39:20 | 000,566,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
[2010/03/02 00:39:21 | 003,701,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
[2010/03/02 00:39:24 | 000,015,688 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
[2010/03/02 00:39:25 | 000,315,736 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
[2009/06/30 00:39:14 | 000,085,352 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
[2009/09/22 00:39:26 | 000,303,976 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
[2010/04/15 01:15:57 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2007/05/27 20:54:44 | 000,072,704 | ---- | M] (Google) -- C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
[2007/09/07 17:32:22 | 000,868,352 | ---- | M] (Alex Rosenbaum and KishKish.com) -- C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2008/09/03 21:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\acccore
[2010/04/22 21:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Adobe
[2009/01/25 00:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\AdobeUM
[2009/11/19 14:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Apple Computer
[2008/12/02 03:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\ArcSoft
[2009/02/16 21:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\dvdcss
[2010/03/30 15:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Help
[2008/09/01 14:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Identities
[2008/12/02 03:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Jasc Software Inc
[2008/09/03 19:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Macromedia
[2010/03/19 11:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Malwarebytes
[2010/03/30 23:25:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Alexander\Application Data\Microsoft
[2009/11/09 00:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Move Networks
[2009/07/13 16:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Mozilla
[2008/12/02 02:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Nikon
[2009/11/12 10:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Opera
[2008/09/21 21:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Sun
[2008/09/02 23:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Talkback
[2010/04/09 12:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\U3
[2009/04/20 22:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\uniblue
[2010/04/18 23:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Ventrilo
[2009/05/28 01:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Viewpoint
[2008/09/02 23:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\vlc
[2010/04/17 00:16:25 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Alexander\Application Data\yahoo!
[2008/09/02 23:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexander\Application Data\Zeon

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/03/15 13:59:39 | 000,003,310 | R--- | M] () -- C:\Documents and Settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_16496df1.exe
[2010/03/15 13:59:39 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_18be6784.exe
[2010/03/15 13:59:39 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_294823.exe
[2010/03/15 13:59:39 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_2cd672ae.exe
[2010/03/15 13:59:39 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_4ae13d6c.exe
[2010/03/15 13:59:39 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_69525f90.exe
[2008/12/02 02:34:19 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Alexander\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
[2009/10/06 23:50:00 | 001,686,272 | ---- | M] () -- C:\Documents and Settings\Alexander\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
[2009/10/06 23:50:05 | 000,127,872 | ---- | M] () -- C:\Documents and Settings\Alexander\Application Data\Move Networks\uninstall.exe
[2009/06/16 02:35:42 | 000,097,144 | ---- | M] () -- C:\Documents and Settings\Alexander\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2005/06/14 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2005/06/14 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2005/06/14 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2005/06/14 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2005/06/14 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2005/06/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2005/06/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2005/06/14 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2005/06/14 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2005/06/14 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2005/06/14 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe

[color=#A23BEC]< MD5 for: VAXSCSI.SYS >[/color]
[2006/06/25 20:48:49 | 000,223,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\vaxscsi.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2005/06/14 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2005/06/14 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[2006/06/25 20:46:45 | 000,642,560 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
[2006/06/25 20:46:45 | 000,096,256 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd1133.sys
[2006/06/25 20:48:49 | 000,223,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\vaxscsi.sys

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2006/05/29 17:50:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/05/29 17:50:03 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/05/29 17:50:03 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
Posted 4/23/2010 4:04 PM
#85253
User avatar

xsnapplemanx Valued member

Date Joined Nov 2016
Total Posts: 14
Test post.....
Posted 4/23/2010 4:05 PM
#85254
User avatar

xsnapplemanx Valued member

Date Joined Nov 2016
Total Posts: 14
OTL Extras logfile created on: 4/23/2010 11:29:19 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Alexander\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 37.33 Gb Free Space | 24.34% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 29.98 Gb Free Space | 80.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 347.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDER
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-21-1078081533-926492609-682003330-1005\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- File not found
"C:\Program Files\Java\jre1.5.0_03\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_03\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"C:\Program Files\WASTE\WASTE.exe" = C:\Program Files\WASTE\WASTE.exe:*:Enabled:Waste Secure Network -- (GNU)
"C:\Program Files\utorrent\utorrent.exe" = C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Opera\Opera.exe" = C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\maxjones24\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\steamapps\maxjones24\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"D:\aoe\empires2.EXE" = D:\aoe\empires2.EXE:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Land Of The Dead\System\LOTD.exe" = C:\Land Of The Dead\System\LOTD.exe:*:Enabled:Land Of The Dead -- (Groove Games/Brainbox Games)
"C:\Program Files\Steam\steamapps\maxjones24\half-life 2\hl2.exe" = C:\Program Files\Steam\steamapps\maxjones24\half-life 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service -- (SiSoftware)
"C:\Program Files\Gimme P2P\Gimme P2P\Gimme P2P.exe" = C:\Program Files\Gimme P2P\Gimme P2P\Gimme P2P.exe:*:Enabled:Gimme P2P -- File not found
"C:\Program Files\ProxyWay\proxyway.exe" = C:\Program Files\ProxyWay\proxyway.exe:*:Enabled:proxyway -- (ProxyWay.com)
"C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Steam\steamapps\maxjones24\source sdk base\hl2.exe" = C:\Program Files\Steam\steamapps\maxjones24\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Tweak-XP Pro\AdBlocker.exe" = C:\Program Files\Tweak-XP Pro\AdBlocker.exe:*:Enabled:Ad Blocker of Tweak-XP -- (Totalidea Software, Germany, New Zealand)
"C:\Program Files\Games\Privateer\bin\soundserver.exe" = C:\Program Files\Games\Privateer\bin\soundserver.exe:*:Enabled:soundserver -- ()
"C:\Program Files\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- File not found
"C:\candc\Command & Conquer Generals\game.dat" = C:\candc\Command & Conquer Generals\game.dat:*:Enabled:game -- ()
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Documents and Settings\max\My Documents\utorrent.exe" = C:\Documents and Settings\max\My Documents\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\TorrentQ\TorrentQ.exe" = C:\Program Files\TorrentQ\TorrentQ.exe:*:Enabled:Torrent P2P application -- File not found
"C:\Program Files\TwonkyMedia\TwonkyMedia.exe" = C:\Program Files\TwonkyMedia\TwonkyMedia.exe:*:Enabled:TwonkyMedia -- (PacketVideo)
"C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe" = C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe:*:Enabled:TwonkyMediaServer -- ()
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module -- File not found
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9 -- File not found
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client -- (Veoh Networks)
"C:\Program Files\Cybered\Algebra Equation Solver\AEqSolvr.exe" = C:\Program Files\Cybered\Algebra Equation Solver\AEqSolvr.exe:*:Enabled:Algebra Equation Solver -- File not found
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Steam\steamapps\maxjones24\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\maxjones24\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"E:\bin\IA\Core\MDM_Util.exe" = E:\bin\IA\Core\MDM_Util.exe:*:Enabled:MDM_Util -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Documents and Settings\Alexander\Desktop\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Documents and Settings\Alexander\Desktop\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Documents and Settings\Alexander\Desktop\World of Warcraft\Launcher.exe" = C:\Documents and Settings\Alexander\Desktop\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0186F98B-19A2-4791-8ECA-BD7870FD0C65}_is1" = DVD Rebuilder
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v1.13.0.85
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{29BB5153-133B-4C82-AF51-BF303F2BFD63}" = King's Quest Collection(TM)
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E48A9E4-C531-4B71-ADF1-F80403413914}" = Opera 9.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{386AD29A-1D8E-4E6E-A3F5-08F631517902}" = Salling Media Sync
"{39A409D2-F7DF-4D52-B7F9-5E397A92B130}" = Belkin N1 Wireless USB Network Adapter Setup
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{4414606E-B8D4-4688-BE1F-F2075CFE7978}" = 3D Canvas
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5636E517-8100-4E2A-B69E-2B16AFFA2360}" = Sony Sound Forge 8.0d
"{5C0856B6-6260-4952-8FF5-C79C3FD3AA44}" = e-Sword
"{620797B0-A022-4B57-A95E-DD7DD0321032}" = ProxyWay
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{830D40F7-7092-4418-BE17-F7F7899F2B41}" = e-Sword
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B061C8B2-6EC7-4C3D-BBE3-DC366258729D}" = Intelligent Voice Operating System
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BA3BC81F-0035-4D62-8AB4-6F83D7C1F480}" = Tweak-XP Pro
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C184D1AB-53A1-42D9-9ECA-109F6DEE8EF3}" = Totalidea RAM-Disk Driver
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XI (Win64/32/CE)
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F919DF1E-8869-4732-A79B-B232B37B1F6F}" = Voice and Speech Recognition Software
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF377A7C-0A0F-4A0E-B921-4888DC4C0ACE}" = Nitro PDF Professional
"274c5407c4fa26908310cb5c1c5500001954585185" = NetBeans IDE 5.5
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AIM_6" = AIM 6
"Artisan DVD/DivX Player_is1" = Artisan DVD/DivX Player
"Audacity_is1" = Audacity 1.2.4
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.2.6
"DVD Backup Xpress_is1" = DVD Backup Xpress 2.6.0.0
"DvdComposer_is1" = DvdComposer 1.0.5
"dvdSanta 3.43 - Create Your Own DVD Movies!_is1" = dvdSanta 3.43
"FreeMem Standard" = FreeMem Standard
"GoogleVideoPlayer" = Google Video Player
"HijackThis" = HijackThis 2.0.2
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Instrument-Tuner" = Instrument-Tuner
"JungleGames" = Jungle Games
"Kai's Power Tools 5" = Kai's Power Tools 5
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP3 Rocket" = MP3 Rocket
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSCSR" = Microsoft Speech Recognition Engine 4.0 (English)
"MSN Music Assistant" = MSN Music Assistant
"MVApplication1" = SureThing CD Labeler 4 SE
"NVIDIA Drivers" = NVIDIA Drivers
"Pacadou" = Pacadou
"PCDJ Red" = PCDJ Red
"Perfect DVD Duplication_is1" = Perfect DVD Duplication 3.0
"Pirates, Vikings and Knights II" = Pirates, Vikings and Knights II Beta 1.0
"Proxifier_is1" = Proxifier version 2.5
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"Room Arranger" = Room Arranger
"Security Task Manager" = Security Task Manager 1.7h
"SlippedStreamTV Client" = SlippedStreamTV Client
"Socks Proxy Search" = Socks Proxy Search
"Socks2HTTP 15-day trial_is1" = Socks2HTTP v. 0.981
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareGuard_is1" = SpywareGuard v2.2
"Steam" = Steam
"Steam App 440" = Team Fortress 2
"Sweet Home 3D_is1" = Sweet Home 3D version 1.1
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"TVUPlayer" = TVUPlayer 2.3.0.0
"Tweak UI 2.10" = Tweak UI
"TwonkyvisionUPnPTwonkyMedia" = TwonkyMedia
"Valve Hammer Editor" = Valve Hammer Editor
"VegaStrike-Privateer" = Privateer
"Video Cleaner Pro" = River Past Video Cleaner Pro
"Video Fixer 3.23_is1" = Video Fixer 3.23
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.5
"WASTE" = WASTE
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMoto" = X-Moto
"XviD_is1" = XviD MPEG-4 Video Codec
"ZMatrix_is1" = ZMatrix 1.5.2
Posted 4/23/2010 4:08 PM
#85255
User avatar

xsnapplemanx Valued member

Date Joined Nov 2016
Total Posts: 14
Well, there is the first half.... Still having trouble posting the second half
Posted 4/23/2010 4:09 PM
#85256
User avatar

xsnapplemanx Valued member

Date Joined Nov 2016
Total Posts: 14
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1078081533-926492609-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
Posted 4/23/2010 4:10 PM
#85257
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
Uninstall
Viewpoint


follow at first:
https://thespykiller.co.uk/index.php?topic=8973.0
restart.
uninstall norton!
restart.
download combofix.
https://www.bleepingcomputer.com/combofix/how-to-use-combofix
but not run, at first create the script.

We need to execute a CF-script.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Click Start > Run and in the box that opens type notepad and press enter
Copy/paste the text

Killall::
Rootkit::
C:\WINDOWS\System32\mjoovjcr.dll
tdl::
C:\WINDOWS\system32\drivers\vaxscsi.sys
Folder::
C:\Documents and Settings\All Users\Application Data\SecTaskMan
hosts::

Select file, safe, type all files, name cfscript.txt
Safe it in the same location as ComboFix.exe

drag CFScript into ComboFix.exe

combofix will start, post the log.
Posted 4/24/2010 5:26 PM
#85283
User avatar

xsnapplemanx Valued member

Date Joined Nov 2016
Total Posts: 14
ComboFix 10-04-21.01 - Alexander 04/24/2010 13:11:00.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1515 [GMT -4:00]
Running from: c:\documents and settings\Alexander\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Alexander\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\SecTaskMan
c:\documents and settings\All Users\Application Data\SecTaskMan\_10
c:\documents and settings\All Users\Application Data\SecTaskMan\_AAWService26EFB55F
c:\documents and settings\All Users\Application Data\SecTaskMan\_aolsoftware182CA130
c:\documents and settings\All Users\Application Data\SecTaskMan\_AppleMobileDeviceService8A6B354A
c:\documents and settings\All Users\Application Data\SecTaskMan\_avgemc1289FD25
c:\documents and settings\All Users\Application Data\SecTaskMan\_avgssie157A7578
c:\documents and settings\All Users\Application Data\SecTaskMan\_entreelist.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\_LVCOMSX15476003
c:\documents and settings\All Users\Application Data\SecTaskMan\_MORPHBAR27FAA003
c:\documents and settings\All Users\Application Data\SecTaskMan\_SDHelper34C96B5
c:\documents and settings\All Users\Application Data\SecTaskMan\_sprthook3C7BC629
c:\documents and settings\All Users\Application Data\SecTaskMan\_ssv1A20A597
c:\documents and settings\All Users\Application Data\SecTaskMan\_yiesrvc21585FB
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0000196603B837941A95361743A5FF5A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0000196603B837941A95361743A5FF5A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_000021599B0090400000000000F01FEC
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_01E4D47B330100000000000000000010
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_01E4D47B330100000000000000000010.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0987579E5CE78C6499BA0BF0706B25C5
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0987579E5CE78C6499BA0BF0706B25C5.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B797026220A75B49AE5DDD70D230123
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B797026220A75B49AE5DDD70D230123.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0C5F3C32B665B874AA6B91A7AD0D9C54
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0C5F3C32B665B874AA6B91A7AD0D9C54.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0CB8AE65157339B4CBD96615CC635EAA
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0CB8AE65157339B4CBD96615CC635EAA.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_12341rg
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_12345db
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2410811E13B3CCD4D972A72C3D6726FB
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2410811E13B3CCD4D972A72C3D6726FB.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2B8C160B7CE6D3C4BB3ECD63268527D9
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2B8C160B7CE6D3C4BB3ECD63268527D9.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_32178270CA8BEC143864D37727543CB5
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_32178270CA8BEC143864D37727543CB5.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_34CE1E53CF4DA4E4AA3B02DD2AE7B80B
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_34CE1E53CF4DA4E4AA3B02DD2AE7B80B.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_393793D005B925C4485D773E4482F978
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_393793D005B925C4485D773E4482F978.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3A6C348FD4225164498FC364B19DEA0A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3A6C348FD4225164498FC364B19DEA0A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3B94178DD1A78454C9FB30B297E19580
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3B94178DD1A78454C9FB30B297E19580.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3e43b73803c7c394f8a6b2f0402e19c2
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3e43b73803c7c394f8a6b2f0402e19c2.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4C7BB6329144DF244090E152A7523ED4
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4C7BB6329144DF244090E152A7523ED4.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4E9A84E2135C17B4DA1F8F4030149341
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4E9A84E2135C17B4DA1F8F4030149341.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4F4A3A23297B6D117AA8000B0D511000
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4F4A3A23297B6D117AA8000B0D511000.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5519F91B733970845BFEDE74D1BDC2EC
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5519F91B733970845BFEDE74D1BDC2EC.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_59E4214C16056774D8D53E9D137C871E
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_59E4214C16056774D8D53E9D137C871E.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5EAD28C50BE647342945EB3391ABE428
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5EAD28C50BE647342945EB3391ABE428.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_67F947028224DA34A85B7E2BD008044C
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_67F947028224DA34A85B7E2BD008044C.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7447A8000000020
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7447A8000000020.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68DF23614AB14CF4B8528A6C556DF386
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68DF23614AB14CF4B8528A6C556DF386.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6B6580C506262594F85F7CC9F33DAA44
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6B6580C506262594F85F7CC9F33DAA44.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_70B83354632A0724A977BE4B1155715B
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_70B83354632A0724A977BE4B1155715B.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_715E63650018A2E46BE9B261FAAF3206
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_715E63650018A2E46BE9B261FAAF3206.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7475C687330100005BE8000000000010
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7475C687330100005BE8000000000010.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7CFCFF386C886C14782559A85423C528
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7CFCFF386C886C14782559A85423C528.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7E577B2224C65CF4E801A9E52375DB49
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7E577B2224C65CF4E801A9E52375DB49.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7F04D03829078144EB717F7F98F9B214
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7F04D03829078144EB717F7F98F9B214.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8767879E33010000E876000000000010
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8767879E33010000E876000000000010.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510003
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510003.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510007
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510007.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511000
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D511000.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8EE82118DAE80BD4586C712CEC05FF17
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8EE82118DAE80BD4586C712CEC05FF17.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_952CE54D91A465645B882C3C06DD81AE
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_952CE54D91A465645B882C3C06DD81AE.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9CF66F1AEE11F2F4899C618F1D6EF97B
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9CF66F1AEE11F2F4899C618F1D6EF97B.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9F13FFD239872294FA669C1ABEE4BB13
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9F13FFD239872294FA669C1ABEE4BB13.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A06CC9B718B93A649A35676BFBE9CE79
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A06CC9B718B93A649A35676BFBE9CE79.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A68FDF6A145FB7E4EA0A88942A7A005D
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A68FDF6A145FB7E4EA0A88942A7A005D.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A80D00DEF5C3D884390A0AF4122F9365
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A80D00DEF5C3D884390A0AF4122F9365.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A8DDC9166B411A34BAC6F0E44EC80E84
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A8DDC9166B411A34BAC6F0E44EC80E84.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A92DA683E8D1E6E43A5F806F13159720
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A92DA683E8D1E6E43A5F806F13159720.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AA171D66F0769034C947B57A7FBD0A3B
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AA171D66F0769034C947B57A7FBD0A3B.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ABB21E0F66DA22044A351A8C0A4C5D07
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ABB21E0F66DA22044A351A8C0A4C5D07.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ABE1051053CEF9F48898B33E645EAD31
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ABE1051053CEF9F48898B33E645EAD31.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0860B8CEADC9084F91983B7D60EF0C7
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0860B8CEADC9084F91983B7D60EF0C7.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B4B39F110F84E4A4EA77FD9AA69966B4
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B4B39F110F84E4A4EA77FD9AA69966B4.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B5476D57932228143AF19FC5BE3B0599
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B5476D57932228143AF19FC5BE3B0599.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B55DF58AB1984134795AAE690CDB085B
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B55DF58AB1984134795AAE690CDB085B.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B6ED15411EBA26F4EBA93B361A57882A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B6ED15411EBA26F4EBA93B361A57882A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BA1D481C1A359D24E9AC01F9D6EEE83F
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BA1D481C1A359D24E9AC01F9D6EEE83F.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BD72CDA88C2EC6445A6761C6502CDD42
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BD72CDA88C2EC6445A6761C6502CDD42.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C491DB6F091437D41B1B4CC89929B1EF
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C491DB6F091437D41B1B4CC89929B1EF.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C5B9B7045CAD44F47A655BC7BAE4A6B8
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C5B9B7045CAD44F47A655BC7BAE4A6B8.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C7A773FFF0A0E0A49B128488CDC4A0EC
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C7A773FFF0A0E0A49B128488CDC4A0EC.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_CF80410CC7117B44B8C07197E425A610
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_CF80410CC7117B44B8C07197E425A610.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D33A333FC5212A23D8ECC5D54132E172
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D33A333FC5212A23D8ECC5D54132E172.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D47ABDE8686099C4FBDD8F4976E8B593
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D47ABDE8686099C4FBDD8F4976E8B593.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D55AEDAA438CBCB4893AB4D8C1814FEE
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D55AEDAA438CBCB4893AB4D8C1814FEE.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DC3BF90CC0D3D2F398A9A6D1762F70F3
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DC3BF90CC0D3D2F398A9A6D1762F70F3.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDB6C50237B7ED245850A990F3532A83
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDB6C50237B7ED245850A990F3532A83.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DEA27ECB2333368459765CCD9B50C22A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DEA27ECB2333368459765CCD9B50C22A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DF7206C8CD35D644BB57ACDC07821A43
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DF7206C8CD35D644BB57ACDC07821A43.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E08AC3B60CA65274ABFBB9F0FE88C03B
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E08AC3B60CA65274ABFBB9F0FE88C03B.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E15E504028597024F883CA4402D18380
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E15E504028597024F883CA4402D18380.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E1FD919F968823747AB92B233BB7F1F6
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E1FD919F968823747AB92B233BB7F1F6.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E60641444D8B8864EBF12F70C5EF9787
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E60641444D8B8864EBF12F70C5EF9787.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E88D304AD7DE3E8419DF8B8C7A02DE1A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E88D304AD7DE3E8419DF8B8C7A02DE1A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EA1CCF2D11365C7418036C6CD677DD17
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EA1CCF2D11365C7418036C6CD677DD17.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_F18CB3AB530026D4A84BF6387D1C4F08
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_F18CB3AB530026D4A84BF6387D1C4F08.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_F65865963B6B0EB4ABB0F894B53E0233
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_F65865963B6B0EB4ABB0F894B53E0233.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_FD563AF386D2DE54F838C8A8336E1534
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_FD563AF386D2DE54F838C8A8336E1534.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-24 to 2010-04-24 )))))))))))))))))))))))))))))))
.

2010-04-23 16:38 . 2010-04-23 16:38 -------- d-----w- c:\program files\Belarc
2010-04-23 16:38 . 2008-02-27 17:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-04-19 17:13 . 2010-04-19 17:13 -------- d-----w- c:\program files\Trend Micro
2010-04-19 17:13 . 2010-04-19 17:13 -------- d-----w- c:\program files\Common Files\Java
2010-04-19 17:12 . 2010-04-19 17:12 61440 ----a-w- c:\documents and settings\Alexander\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4473ca55-n\decora-sse.dll
2010-04-19 17:12 . 2010-04-19 17:12 503808 ----a-w- c:\documents and settings\Alexander\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-64235531-n\msvcp71.dll
2010-04-19 17:12 . 2010-04-19 17:12 499712 ----a-w- c:\documents and settings\Alexander\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-64235531-n\jmc.dll
2010-04-19 17:12 . 2010-04-19 17:12 348160 ----a-w- c:\documents and settings\Alexander\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-64235531-n\msvcr71.dll
2010-04-19 17:12 . 2010-04-19 17:12 12800 ----a-w- c:\documents and settings\Alexander\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4473ca55-n\decora-d3d.dll
2010-04-17 04:12 . 2010-04-17 04:13 -------- d-----w- c:\program files\Security Task Manager
2010-04-15 05:15 . 2010-04-15 05:15 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-14 16:12 . 2010-04-14 16:12 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Google
2010-04-14 16:11 . 2010-04-14 16:12 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Deployment
2010-04-14 07:47 . 2010-04-14 07:47 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-04-09 16:36 . 2010-04-09 16:36 -------- d-----w- c:\documents and settings\Alexander\Application Data\U3
2010-04-07 05:47 . 2010-04-07 05:47 -------- d-s---w- c:\documents and settings\Alexander\UserData
2010-04-03 15:25 . 2010-04-03 15:27 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Salling_Software_AB
2010-04-03 15:24 . 2010-04-03 15:24 -------- d-----w- c:\program files\Salling Software AB
2010-04-02 23:24 . 2010-04-24 15:41 0 ----a-w- c:\documents and settings\Alexander\Local Settings\Application Data\prvlcl.dat
2010-03-31 03:30 . 2010-03-31 03:30 -------- d-----w- C:\$AVG
2010-03-31 03:27 . 2010-03-31 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-31 02:57 . 2003-06-25 20:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-03-30 19:50 . 2010-03-30 19:50 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Help
2010-03-30 19:49 . 2010-03-30 19:50 -------- d-----w- c:\program files\FreeMem Standard
2010-03-30 19:49 . 2000-03-15 00:07 57344 ----a-w- c:\windows\system32\GkSui16.EXE
2010-03-29 20:29 . 2010-03-29 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-03-29 20:14 . 2010-03-29 20:14 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Blizzard Entertainment
2010-03-29 18:54 . 2010-03-29 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-03-29 18:44 . 2010-04-11 04:00 -------- d-----w- c:\program files\World of Warcraft
2010-03-29 17:19 . 2010-03-29 18:54 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 16:37 . 2010-04-20 23:03 0 ----a-w- c:\windows\system32\tmp.tmp
2010-04-24 15:32 . 2010-04-18 17:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-23 13:29 . 2005-06-14 12:00 360320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-22 12:32 . 2008-09-03 03:16 19224 ----a-w- c:\documents and settings\Alexander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-22 12:24 . 2009-04-22 22:23 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-19 17:47 . 2007-01-13 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-19 17:47 . 2007-01-13 08:20 -------- d-----w- c:\program files\Skype
2010-04-19 17:43 . 2007-01-03 08:08 -------- d-----w- c:\program files\mIRC
2010-04-19 17:39 . 2008-01-26 22:59 -------- d-----w- c:\program files\IncrediBubble Demo
2010-04-19 17:38 . 2007-01-03 10:12 -------- d-----w- c:\program files\IIrcCC32v29
2010-04-19 17:37 . 2007-02-19 19:54 -------- d-----w- c:\program files\CandleWorks
2010-04-19 17:36 . 2009-11-17 16:10 -------- d-----w- c:\program files\Common Files\SupportSoft
2010-04-19 17:36 . 2009-11-17 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2010-04-19 17:34 . 2006-05-30 06:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 17:32 . 2006-08-06 03:12 -------- d-----w- c:\program files\Camfrog
2010-04-19 17:29 . 2007-12-26 05:55 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-19 17:29 . 2007-12-26 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-04-19 17:20 . 2006-12-18 10:38 -------- d-----r- c:\program files\Aston
2010-04-19 17:12 . 2010-04-17 13:40 -------- d-----w- c:\program files\SpywareGuard
2010-04-19 17:12 . 2010-04-19 17:12 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-19 17:12 . 2006-05-30 05:15 -------- d-----w- c:\program files\Java
2010-04-19 16:45 . 2009-09-10 02:51 -------- d-----w- c:\program files\CCleaner
2010-04-19 03:32 . 2010-04-19 03:24 -------- d-----w- c:\documents and settings\Alexander\Application Data\Ventrilo
2010-04-19 03:23 . 2010-04-19 03:23 -------- d-----w- c:\program files\Ventrilo
2010-04-19 03:21 . 2010-04-19 03:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-17 17:07 . 2007-06-07 20:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-17 04:42 . 2010-04-17 04:42 4600 ----a-w- c:\documents and settings\All Users\Application Data\rss13D.tmp
2010-04-17 04:42 . 2010-04-17 04:42 18040 ----a-w- c:\documents and settings\All Users\Application Data\rss13C.tmp
2010-04-17 04:16 . 2008-09-27 04:32 -------- d--h--r- c:\documents and settings\Alexander\Application Data\yahoo!
2010-04-17 04:16 . 2006-06-12 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-04-15 05:16 . 2010-03-19 15:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 12:34 . 2009-02-19 04:10 -------- d-----w- c:\program files\e-Sword
2010-03-31 03:30 . 2009-04-22 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-31 03:30 . 2009-04-22 22:23 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-31 03:30 . 2007-04-21 03:10 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-31 03:30 . 2009-04-22 22:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-31 03:27 . 2009-04-22 22:23 -------- d-----w- c:\program files\AVG
2010-03-30 04:46 . 2010-03-19 15:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2010-03-19 15:22 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 17:19 . 2007-01-29 20:54 -------- d-----w- c:\program files\Games
2010-03-27 13:24 . 2008-09-05 22:30 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-03-19 15:35 . 2007-01-03 07:13 -------- d-----w- c:\program files\Gnucleus
2010-03-19 15:33 . 2006-11-03 07:00 -------- d-----w- c:\program files\Insaniquarium Deluxe
2010-03-19 15:22 . 2010-03-19 15:22 -------- d-----w- c:\documents and settings\Alexander\Application Data\Malwarebytes
2010-03-19 15:22 . 2010-03-19 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-15 17:59 . 2010-03-15 17:59 3310 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_16496df1.exe
2010-03-15 17:59 . 2010-03-15 17:59 1078 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_69525f90.exe
2010-03-15 17:59 . 2010-03-15 17:59 1078 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_4ae13d6c.exe
2010-03-15 17:59 . 2010-03-15 17:59 1078 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_2cd672ae.exe
2010-03-15 17:59 . 2010-03-15 17:59 1078 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_294823.exe
2010-03-15 17:59 . 2010-03-15 17:59 1078 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_18be6784.exe
2010-03-15 17:59 . 2010-03-15 17:59 -------- d-----w- c:\program files\Power Tab Software
2010-03-10 08:02 . 2005-06-14 12:00 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 06:05 . 2005-06-14 12:00 668672 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:05 . 2005-06-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2005-06-14 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19 . 2005-06-14 12:00 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-03 22:59 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2005-06-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2005-06-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2006-09-21 09:37 . 2006-08-07 00:55 9008 --sh--r- c:\windows\system32\msivs11.dll
2006-09-21 09:37 . 2006-09-21 09:37 9008 --sh--r- c:\windows\system32\msivsvt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeMem Pro"="c:\program files\FreeMem Standard\freemem.exe" [2000-04-05 388096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Salling Media Sync"="c:\program files\Salling Software AB\Salling Media Sync\Salling Media Sync.exe" [2010-01-20 332944]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Alexander\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8051v2\Belkinwcui.exe [2008-9-4 1576960]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-31 03:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mjoovjcr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\WASTE\\WASTE.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Steam\\steamapps\\maxjones24\\half-life 2 deathmatch\\hl2.exe"=
"d:\\aoe\\empires2.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Land Of The Dead\\System\\LOTD.exe"=
"c:\\Program Files\\Steam\\steamapps\\maxjones24\\half-life 2\\hl2.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\ProxyWay\\proxyway.exe"=
"c:\\Program Files\\Steam\\steamapps\\maxjones24\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Tweak-XP Pro\\AdBlocker.exe"=
"c:\\Program Files\\Games\\Privateer\\bin\\soundserver.exe"=
"c:\\candc\\Command & Conquer Generals\\game.dat"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Documents and Settings\\max\\My Documents\\utorrent.exe"=
"c:\\Program Files\\TwonkyMedia\\TwonkyMedia.exe"=
"c:\\Program Files\\TwonkyMedia\\TwonkyMediaServer.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\steamapps\\maxjones24\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/15/2009 1:39 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/22/2009 6:23 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/22/2009 6:23 PM 242896]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [12/19/2001 1:45 PM 8576]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/30/2010 11:28 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/30/2010 11:28 PM 308064]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [1/24/2007 7:30 AM 2368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 6:43 AM 24652]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [5/30/2006 2:09 AM 26752]
S0 Ramdisk;Ramdisk Driver;c:\windows\system32\DRIVERS\ramdisk.sys --> c:\windows\system32\DRIVERS\ramdisk.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [10/30/2006 2:56 AM 7548]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [6/25/2006 8:48 PM 223128]
S3 w600bus;Sony Ericsson W600 driver (WDM);c:\windows\system32\drivers\w600bus.sys [7/18/2005 2:23 PM 60928]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;c:\windows\system32\drivers\w600mdfl.sys [7/18/2005 2:24 PM 8336]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;c:\windows\system32\drivers\w600mdm.sys [7/18/2005 2:24 PM 96672]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;c:\windows\system32\drivers\w600mgmt.sys [7/18/2005 2:25 PM 88080]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\w600obex.sys [7/18/2005 2:26 PM 85952]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 04:39]

2010-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-04-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-10 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/puccini/start
mStart Page = hxxp://www.comcast.net/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*https://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
LSP: PrxerDrv.dll
DPF: {A8C1E502-4FCF-4AF2-ADDB-ABF540CA5BA7} - hxxp://twcam.www.gov.tw/webcam/ocx/xVideoShow.cab
DPF: {C7DEAFF2-1DEB-4647-9631-43C09BB8CEC6} - hxxp://twcam.www.gov.tw/webcam/ocx/DVSTools.cab
FF - ProfilePath - c:\documents and settings\Alexander\Application Data\Mozilla\Firefox\Profiles\u02k6mmb.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Alexander\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-04-24 13:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(472)
c:\windows\system32\shdoclc.dll
c:\windows\system32\PrxerDrv.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\WgaTray.exe
c:\program files\Belkin\F5D8051v2\chkdev.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-04-24 13:24:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-24 17:24
ComboFix2.txt 2010-04-24 16:50

Pre-Run: 49,661,202,432 bytes free
Post-Run: 49,630,810,112 bytes free

- - End Of File - - 3FF858C22E42161FAD03101585F0DEC9
Posted 4/24/2010 5:28 PM
#85284
User avatar

xsnapplemanx Valued member

Date Joined Nov 2016
Total Posts: 14
Just a question.... I'm going to be wiping my computer and starting over, but I'm going to copy the drivers to my second hard drive. Do you think my drivers were/are infected?
Posted 4/24/2010 6:00 PM
#85288
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
how are things running
we must see, if the drivers are infected.
Posted 4/26/2010 1:27 PM
#85332
User avatar

xsnapplemanx Valued member

Date Joined Nov 2016
Total Posts: 14
It seems to have taken care of the problem, thanks for all your help
Posted 4/26/2010 1:39 PM
#85333
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
we are not ready now, please post at first the norman log.
Posted 4/26/2010 4:32 PM
#85342
User avatar

xsnapplemanx Valued member

Date Joined Nov 2016
Total Posts: 14
Posted 4/26/2010 6:12 PM
#85343
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
yes the norman log
and a fresh combofix log
Posted 4/26/2010 9:06 PM
#85351
User avatar

xsnapplemanx Valued member

Date Joined Nov 2016
Total Posts: 14
I'm not sure what a norman log is, but here is my combofix log.


ComboFix 10-04-26.02 - Alexander 04/26/2010 16:56:23.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1474 [GMT -4:00]
Running from: c:\documents and settings\Alexander\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-23 16:38 . 2010-04-23 16:38 -------- d-----w- c:\program files\Belarc
2010-04-23 16:38 . 2008-02-27 17:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-04-19 17:13 . 2010-04-19 17:13 -------- d-----w- c:\program files\Trend Micro
2010-04-19 17:13 . 2010-04-19 17:13 -------- d-----w- c:\program files\Common Files\Java
2010-04-19 17:12 . 2010-04-19 17:12 61440 ----a-w- c:\documents and settings\Alexander\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4473ca55-n\decora-sse.dll
2010-04-19 17:12 . 2010-04-19 17:12 503808 ----a-w- c:\documents and settings\Alexander\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-64235531-n\msvcp71.dll
2010-04-19 17:12 . 2010-04-19 17:12 499712 ----a-w- c:\documents and settings\Alexander\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-64235531-n\jmc.dll
2010-04-19 17:12 . 2010-04-19 17:12 348160 ----a-w- c:\documents and settings\Alexander\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-64235531-n\msvcr71.dll
2010-04-19 17:12 . 2010-04-19 17:12 12800 ----a-w- c:\documents and settings\Alexander\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4473ca55-n\decora-d3d.dll
2010-04-17 04:12 . 2010-04-17 04:13 -------- d-----w- c:\program files\Security Task Manager
2010-04-15 05:15 . 2010-04-15 05:15 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-14 16:12 . 2010-04-14 16:12 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Google
2010-04-14 16:11 . 2010-04-14 16:12 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Deployment
2010-04-14 07:47 . 2010-04-14 07:47 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-04-09 16:36 . 2010-04-09 16:36 -------- d-----w- c:\documents and settings\Alexander\Application Data\U3
2010-04-07 05:47 . 2010-04-07 05:47 -------- d-s---w- c:\documents and settings\Alexander\UserData
2010-04-03 15:25 . 2010-04-03 15:27 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Salling_Software_AB
2010-04-03 15:24 . 2010-04-03 15:24 -------- d-----w- c:\program files\Salling Software AB
2010-04-02 23:24 . 2010-04-25 18:41 0 ----a-w- c:\documents and settings\Alexander\Local Settings\Application Data\prvlcl.dat
2010-03-31 03:30 . 2010-03-31 03:30 -------- d-----w- C:\$AVG
2010-03-31 03:27 . 2010-03-31 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-31 02:57 . 2003-06-25 20:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-03-30 19:50 . 2010-03-30 19:50 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Help
2010-03-30 19:49 . 2010-03-30 19:50 -------- d-----w- c:\program files\FreeMem Standard
2010-03-30 19:49 . 2000-03-15 00:07 57344 ----a-w- c:\windows\system32\GkSui16.EXE
2010-03-29 20:29 . 2010-03-29 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-03-29 20:14 . 2010-03-29 20:14 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Blizzard Entertainment
2010-03-29 18:54 . 2010-03-29 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-03-29 18:44 . 2010-04-26 02:45 -------- d-----w- c:\program files\World of Warcraft
2010-03-29 17:19 . 2010-03-29 18:54 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 16:37 . 2010-04-20 23:03 0 ----a-w- c:\windows\system32\tmp.tmp
2010-04-24 15:32 . 2010-04-18 17:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-23 13:29 . 2005-06-14 12:00 360320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-22 12:32 . 2008-09-03 03:16 19224 ----a-w- c:\documents and settings\Alexander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-22 12:24 . 2009-04-22 22:23 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-19 17:47 . 2007-01-13 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-19 17:47 . 2007-01-13 08:20 -------- d-----w- c:\program files\Skype
2010-04-19 17:43 . 2007-01-03 08:08 -------- d-----w- c:\program files\mIRC
2010-04-19 17:39 . 2008-01-26 22:59 -------- d-----w- c:\program files\IncrediBubble Demo
2010-04-19 17:38 . 2007-01-03 10:12 -------- d-----w- c:\program files\IIrcCC32v29
2010-04-19 17:37 . 2007-02-19 19:54 -------- d-----w- c:\program files\CandleWorks
2010-04-19 17:36 . 2009-11-17 16:10 -------- d-----w- c:\program files\Common Files\SupportSoft
2010-04-19 17:36 . 2009-11-17 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2010-04-19 17:34 . 2006-05-30 06:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 17:32 . 2006-08-06 03:12 -------- d-----w- c:\program files\Camfrog
2010-04-19 17:29 . 2007-12-26 05:55 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-19 17:29 . 2007-12-26 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-04-19 17:20 . 2006-12-18 10:38 -------- d-----r- c:\program files\Aston
2010-04-19 17:12 . 2010-04-17 13:40 -------- d-----w- c:\program files\SpywareGuard
2010-04-19 17:12 . 2010-04-19 17:12 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-19 17:12 . 2006-05-30 05:15 -------- d-----w- c:\program files\Java
2010-04-19 16:45 . 2009-09-10 02:51 -------- d-----w- c:\program files\CCleaner
2010-04-19 03:32 . 2010-04-19 03:24 -------- d-----w- c:\documents and settings\Alexander\Application Data\Ventrilo
2010-04-19 03:23 . 2010-04-19 03:23 -------- d-----w- c:\program files\Ventrilo
2010-04-19 03:21 . 2010-04-19 03:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-17 17:07 . 2007-06-07 20:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-17 04:42 . 2010-04-17 04:42 4600 ----a-w- c:\documents and settings\All Users\Application Data\rss13D.tmp
2010-04-17 04:42 . 2010-04-17 04:42 18040 ----a-w- c:\documents and settings\All Users\Application Data\rss13C.tmp
2010-04-17 04:16 . 2008-09-27 04:32 -------- d--h--r- c:\documents and settings\Alexander\Application Data\yahoo!
2010-04-17 04:16 . 2006-06-12 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-04-15 05:16 . 2010-03-19 15:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 12:34 . 2009-02-19 04:10 -------- d-----w- c:\program files\e-Sword
2010-03-31 06:05 . 2007-03-06 09:00 43872 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-31 06:05 . 2007-02-06 22:03 129520 ------w- c:\windows\system32\PxAFS.DLL
2010-03-31 06:05 . 2006-07-10 03:03 118256 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 03:30 . 2009-04-22 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-31 03:30 . 2009-04-22 22:23 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-31 03:30 . 2007-04-21 03:10 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-31 03:30 . 2009-04-22 22:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-31 03:27 . 2009-04-22 22:23 -------- d-----w- c:\program files\AVG
2010-03-30 04:46 . 2010-03-19 15:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2010-03-19 15:22 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 17:19 . 2007-01-29 20:54 -------- d-----w- c:\program files\Games
2010-03-27 13:24 . 2008-09-05 22:30 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-03-19 15:35 . 2007-01-03 07:13 -------- d-----w- c:\program files\Gnucleus
2010-03-19 15:33 . 2006-11-03 07:00 -------- d-----w- c:\program files\Insaniquarium Deluxe
2010-03-19 15:22 . 2010-03-19 15:22 -------- d-----w- c:\documents and settings\Alexander\Application Data\Malwarebytes
2010-03-19 15:22 . 2010-03-19 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-15 17:59 . 2010-03-15 17:59 3310 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_16496df1.exe
2010-03-15 17:59 . 2010-03-15 17:59 1078 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_69525f90.exe
2010-03-15 17:59 . 2010-03-15 17:59 1078 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_4ae13d6c.exe
2010-03-15 17:59 . 2010-03-15 17:59 1078 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_2cd672ae.exe
2010-03-15 17:59 . 2010-03-15 17:59 1078 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_294823.exe
2010-03-15 17:59 . 2010-03-15 17:59 1078 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_18be6784.exe
2010-03-15 17:59 . 2010-03-15 17:59 -------- d-----w- c:\program files\Power Tab Software
2010-03-10 08:02 . 2005-06-14 12:00 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 06:05 . 2005-06-14 12:00 668672 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:05 . 2005-06-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2005-06-14 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19 . 2005-06-14 12:00 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-03 22:59 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2005-06-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2005-06-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2006-09-21 09:37 . 2006-08-07 00:55 9008 --sh--r- c:\windows\system32\msivs11.dll
2006-09-21 09:37 . 2006-09-21 09:37 9008 --sh--r- c:\windows\system32\msivsvt.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-24_16.48.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 04:08 . 2006-12-02 04:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 04:26 . 2006-12-02 04:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 04:25 . 2006-12-02 04:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2010-04-25 16:07 . 2010-04-25 16:07 16384 c:\windows\temp\Perflib_Perfdata_6d4.dat
+ 2006-10-10 07:00 . 2010-03-31 06:05 88560 c:\windows\system32\VXBLOCK.dll
+ 2006-05-30 06:24 . 2010-03-31 06:05 65008 c:\windows\system32\pxinsa64.exe
+ 2006-05-30 06:24 . 2010-03-31 06:05 72176 c:\windows\system32\pxhpinst.exe
+ 2007-02-06 22:03 . 2010-03-31 06:05 379376 c:\windows\system32\PxWave.dll
+ 2007-02-06 22:03 . 2010-03-31 06:05 186864 c:\windows\system32\PxMas.dll
+ 2007-03-23 07:02 . 2010-03-31 06:05 539120 c:\windows\system32\pxdrv.dll
+ 2007-02-06 22:03 . 2010-03-31 06:05 584176 c:\windows\system32\Px.dll
+ 2010-04-25 18:17 . 2010-04-25 18:17 292878 c:\windows\Installer\{B0513493-04B9-4F21-B4AB-83E750D54256}\RunLightroom313212_C2C2101F05384548B5AF39E0D3B3CB50.exe
+ 2010-04-25 18:17 . 2010-04-25 18:17 292878 c:\windows\Installer\{B0513493-04B9-4F21-B4AB-83E750D54256}\NewShortcut4_C2C2101F05384548B5AF39E0D3B3CB50.exe
+ 2010-04-25 18:17 . 2010-04-25 18:17 292878 c:\windows\Installer\{B0513493-04B9-4F21-B4AB-83E750D54256}\ARPPRODUCTICON.exe
+ 2006-12-02 04:25 . 2006-12-02 04:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 04:25 . 2006-12-02 04:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2007-02-06 22:03 . 2010-03-31 06:05 1690096 c:\windows\system32\PxSFS.DLL
+ 2010-04-25 18:17 . 2010-04-25 18:17 4983296 c:\windows\Installer\77d89e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-31 03:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mjoovjcr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Alexander^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\documents and settings\Alexander\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless Networking Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk
backup=c:\windows\pss\Belkin Wireless Networking Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-02 04:39 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeMem Pro]
2000-04-05 13:03 388096 ----a-w- c:\program files\FreeMem Standard\freemem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 23:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salling Media Sync]
2010-01-20 18:27 332944 ----a-w- c:\program files\Salling Software AB\Salling Media Sync\Salling Media Sync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\WASTE\\WASTE.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Steam\\steamapps\\maxjones24\\half-life 2 deathmatch\\hl2.exe"=
"d:\\aoe\\empires2.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Land Of The Dead\\System\\LOTD.exe"=
"c:\\Program Files\\Steam\\steamapps\\maxjones24\\half-life 2\\hl2.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\ProxyWay\\proxyway.exe"=
"c:\\Program Files\\Steam\\steamapps\\maxjones24\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Tweak-XP Pro\\AdBlocker.exe"=
"c:\\Program Files\\Games\\Privateer\\bin\\soundserver.exe"=
"c:\\candc\\Command & Conquer Generals\\game.dat"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Documents and Settings\\max\\My Documents\\utorrent.exe"=
"c:\\Program Files\\TwonkyMedia\\TwonkyMedia.exe"=
"c:\\Program Files\\TwonkyMedia\\TwonkyMediaServer.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\steamapps\\maxjones24\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/15/2009 1:39 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/22/2009 6:23 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/22/2009 6:23 PM 242896]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [12/19/2001 1:45 PM 8576]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/30/2010 11:28 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/30/2010 11:28 PM 308064]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [1/24/2007 7:30 AM 2368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 6:43 AM 24652]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [5/30/2006 2:09 AM 26752]
S0 Ramdisk;Ramdisk Driver;c:\windows\system32\DRIVERS\ramdisk.sys --> c:\windows\system32\DRIVERS\ramdisk.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [10/30/2006 2:56 AM 7548]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [6/25/2006 8:48 PM 223128]
S3 w600bus;Sony Ericsson W600 driver (WDM);c:\windows\system32\drivers\w600bus.sys [7/18/2005 2:23 PM 60928]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;c:\windows\system32\drivers\w600mdfl.sys [7/18/2005 2:24 PM 8336]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;c:\windows\system32\drivers\w600mdm.sys [7/18/2005 2:24 PM 96672]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;c:\windows\system32\drivers\w600mgmt.sys [7/18/2005 2:25 PM 88080]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\w600obex.sys [7/18/2005 2:26 PM 85952]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 04:39]

2010-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-04-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-10 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/puccini/start
mStart Page = hxxp://www.comcast.net/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*https://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
LSP: PrxerDrv.dll
DPF: {A8C1E502-4FCF-4AF2-ADDB-ABF540CA5BA7} - hxxp://twcam.www.gov.tw/webcam/ocx/xVideoShow.cab
DPF: {C7DEAFF2-1DEB-4647-9631-43C09BB8CEC6} - hxxp://twcam.www.gov.tw/webcam/ocx/DVSTools.cab
FF - ProfilePath - c:\documents and settings\Alexander\Application Data\Mozilla\Firefox\Profiles\u02k6mmb.default\
FF - prefs.js: browser.search.selectedEngine - GoodSearch
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Alexander\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-04-26 17:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2212)
c:\windows\system32\PrxerDrv.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-26 17:05:21
ComboFix-quarantined-files.txt 2010-04-26 21:05
ComboFix2.txt 2010-04-24 17:24
ComboFix3.txt 2010-04-24 16:50

Pre-Run: 49,019,248,640 bytes free
Post-Run: 48,988,811,264 bytes free

- - End Of File - - D4B7BBCF32769BAC75F8788FB74FF3BC
Posted 4/27/2010 9:34 AM
#85365
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
no prob, norman deleted the rootkit
gmer:

Please download GMER from one of the following locations and save it to your desktop:
https://gmer.net/download.php
This version will download a randomly named file (Recommended)
https://gmer.net/gmer.zip
Disconnect from the Internet and close all running programs.
Temporarily turn off all antivirus programs

Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.
Posted 4/28/2010 2:29 PM
#85408
User avatar

xsnapplemanx Valued member

Date Joined Nov 2016
Total Posts: 14
GMER 1.0.15.15281 - https://www.gmer.net
Rootkit scan 2010-04-28 10:28:50
Windows 5.1.2600 Service Pack 2
Running: xf6mp961.exe; Driver: C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\uxryapod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

Code \??\C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB92B3360, 0x24BB1D, 0xE8000020]
? C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\WgaTray.exe[2888] WININET.dll!InternetErrorDlg 7722E3D1 5 Bytes JMP 0101211B C:\WINDOWS\system32\WgaTray.exe (Windows Genuine Advantage Notification/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x95 0xE5 0x16 0x82 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x95 0xE5 0x16 0x82 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{114E2C3D-CC33-DA46-A1A8-3A0364D0BF84}\InprocServer32@ C:\WINDOWS\system32\qedit.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{114E2C3D-CC33-DA46-A1A8-3A0364D0BF84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{114E2C3D-CC33-DA46-A1A8-3A0364D0BF84}\ProgID@ qedit.Xml2Dex.1
Reg HKLM\SOFTWARE\Classes\CLSID\{114E2C3D-CC33-DA46-A1A8-3A0364D0BF84}\VersionIndependentProgID@ qedit.Xml2Dex

---- EOF - GMER 1.0.15 ----
Posted 4/28/2010 2:41 PM
#85409
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
looks good.
download prevx:
https://info.prevx.com/downloadcsi.asp
install, you need an open internet connection. the programm start a "learning scan"
you can not remove something.
please klick now konfiguration, heuristik, all to maximum, start the scan.
after finish klick right the prevx symbol in the tray, tools, safe log.
Download it to
www.file-upload.net
klicke "durchsuchen" search the log.
after this klick "datei hochladen"
post the download link, uninstall prevx.
Posted 4/29/2010 1:54 AM
#85444
User avatar

xsnapplemanx Valued member

Date Joined Nov 2016
Total Posts: 14
GMER 1.0.15.15281 - https://www.gmer.net
Rootkit scan 2010-04-28 10:28:50
Windows 5.1.2600 Service Pack 2
Running: xf6mp961.exe; Driver: C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\uxryapod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

Code \??\C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB92B3360, 0x24BB1D, 0xE8000020]
? C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\WgaTray.exe[2888] WININET.dll!InternetErrorDlg 7722E3D1 5 Bytes JMP 0101211B C:\WINDOWS\system32\WgaTray.exe (Windows Genuine Advantage Notification/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x95 0xE5 0x16 0x82 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x95 0xE5 0x16 0x82 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{114E2C3D-CC33-DA46-A1A8-3A0364D0BF84}\InprocServer32@ C:\WINDOWS\system32\qedit.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{114E2C3D-CC33-DA46-A1A8-3A0364D0BF84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{114E2C3D-CC33-DA46-A1A8-3A0364D0BF84}\ProgID@ qedit.Xml2Dex.1
Reg HKLM\SOFTWARE\Classes\CLSID\{114E2C3D-CC33-DA46-A1A8-3A0364D0BF84}\VersionIndependentProgID@ qedit.Xml2Dex

---- EOF - GMER 1.0.15 ----
Posted 4/29/2010 7:12 AM
#85463
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
gmer again?
read my last post
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, July 4, 2022, 2:37 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,684 registered members. Please welcome our newest member, james44.
44 Guest(s), 0 Registered Member(s) are currently online.