Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Enginer Redirect Virus/Malware


  • This topic is locked This topic is locked
17 replies to this topic

#1 CA119LL

CA119LL

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 12 October 2010 - 10:13 PM

I could not check all of the options required for the GMER scan.

Log:
DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Tuna at 19:59:34.20 on Tue 10/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2271 [GMT -7:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
C:\Windows\system32\StikyNot.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\PROGRA~2\MICROS~2\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\SysWOW64\DllHost.exe
C:\PROGRA~2\MICROS~2\Office12\WINWORD.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Works\WksCal.exe
C:\Windows\system32\taskeng.exe
C:\Users\Tuna\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=27361209t1b6l0390z1i5a48n1u253
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=27361209t1b6l0390z1i5a48n1u253
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Global Registration] "C:\Program Files (x86)\Gateway\Registration\GREG.exe" BOOT
uRun: [Google Update] "C:\Users\Tuna\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
StartupFolder: C:\Users\Tuna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\wkcalrem.LNK - C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
mRun-x64: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Tuna\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Users\Tuna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Tuna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falseC:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-9-19 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-19 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-9-19 317520]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2010-9-10 249496]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2010-9-10 33208]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-10-26 203264]
R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-9-19 921952]
R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-9-19 308136]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-10-26 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 IS360service;IS360service;C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe [2010-3-24 311568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-20 62720]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-10-26 292864]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-20 317480]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-10-26 34872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca84f7b82e0165;Google Update Service (gupdate1ca84f7b82e0165);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 133104]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

=============== Created Last 30 ================

2010-10-06 00:42:51 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-10-06 00:42:51 423656 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-06 00:14:01 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2010-10-06 00:09:09 -------- d-----w- C:\Users\Tuna\AppData\Local\Apps
2010-10-05 21:37:30 -------- d-----w- C:\Users\Tuna\AppData\Roaming\SUPERAntiSpyware.com
2010-10-05 21:37:30 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-10-05 21:37:24 -------- d-----w- C:\PROGRA~3\!SASCORE
2010-10-05 21:37:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-10-01 18:58:17 -------- d-----w- C:\Users\Tuna\AppData\Roaming\ICAClient
2010-10-01 18:57:43 -------- d-----w- C:\Program Files (x86)\Citrix
2010-10-01 18:13:31 -------- d--h--w- C:\.BackupManager
2010-09-29 19:25:49 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-09-29 19:25:48 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-28 21:48:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-28 21:48:38 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-28 21:48:27 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-09-28 21:48:27 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-23 16:57:26 -------- d-----w- C:\Windows\SysWow64\drivers\avg
2010-09-21 17:09:43 171368 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10133.bin
2010-09-19 18:30:50 13048 ----a-w- C:\Windows\System32\avgrssta.dll
2010-09-19 18:30:48 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-09-19 18:30:42 269904 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-09-19 18:30:38 35536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2010-09-19 18:30:37 -------- d-----w- C:\Windows\System32\drivers\Avg
2010-09-19 18:27:07 -------- d-----w- C:\Program Files (x86)\AVG
2010-09-19 18:26:48 -------- d-----w- C:\PROGRA~3\avg9
2010-09-17 17:55:03 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{90B5B956-1B42-4F2D-8AEC-7740E29A820C}\mpengine.dll
2010-09-15 07:07:06 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-09-15 02:44:27 -------- d-----w- C:\Users\Tuna\AppData\Local\Cisco
2010-09-15 02:43:56 -------- d-----w- C:\Program Files (x86)\Cisco
2010-09-15 02:43:52 -------- d-----w- C:\PROGRA~3\Cisco
2010-09-15 00:18:44 -------- d-----w- C:\Program Files\COMODO
2010-09-15 00:16:46 -------- d-----w- C:\PROGRA~3\Comodo

==================== Find3M ====================

2010-09-11 06:41:40 362784 ----a-w- C:\Windows\System32\guard64.dll
2010-09-11 06:41:40 285480 ----a-w- C:\Windows\SysWow64\guard32.dll
2010-09-11 06:40:44 33208 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2010-09-11 06:40:44 249496 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2010-09-11 06:40:42 20864 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2010-08-10 12:15:58 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-08-10 12:15:58 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-07-28 01:55:50 95520 ----a-w- C:\Windows\System32\dnssd.dll
2010-07-28 01:55:50 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2010-07-28 01:55:50 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2010-07-28 01:44:10 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2010-07-28 01:44:10 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2010-07-28 01:44:10 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

============= FINISH: 20:01:47.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:53 AM

Posted 21 October 2010 - 01:14 PM

Hi CA119LL, and welcome to Bleeping Computer.

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 CA119LL

CA119LL
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 24 October 2010 - 09:50 PM

OTL logfile created on: 10/24/2010 7:41:32 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Tuna\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.27 Gb Total Space | 201.41 Gb Free Space | 70.36% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 3.74 Gb Total Space | 2.19 Gb Free Space | 58.66% Space Free | Partition Type: FAT32
Drive G: | 596.02 Gb Total Space | 582.22 Gb Free Space | 97.68% Space Free | Partition Type: FAT32

Computer Name: PROCOMP | User Name: Tuna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/24 19:40:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tuna\Desktop\OTL.exe
PRC - [2010/10/19 23:36:06 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/19 23:36:05 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/16 12:03:04 | 004,425,048 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/10 15:10:58 | 002,349,776 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/01/28 19:22:16 | 003,427,160 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
PRC - [2009/12/24 15:02:32 | 001,280,272 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
PRC - [2009/12/24 15:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
PRC - [2009/10/09 08:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/08/27 13:48:30 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/20 17:26:00 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/08/20 17:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/07/03 18:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 06:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/04/13 17:11:26 | 003,319,808 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
PRC - [2009/04/13 14:28:30 | 000,630,784 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2007/06/20 14:04:21 | 000,722,272 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WksCal.exe
PRC - [2007/06/20 14:04:20 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkCalRem.exe


========== Modules (SafeList) ==========

MOD - [2010/10/24 19:40:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tuna\Desktop\OTL.exe
MOD - [2010/09/10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/10 23:41:42 | 002,528,856 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010/06/29 10:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/08/05 21:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 18:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/02 11:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/24 15:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/10/09 08:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/08/20 17:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 06:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/05/22 11:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/04/29 12:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbccid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - File not found [Kernel | Disabled | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/11/04 03:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV:64bit: - [2009/10/09 07:50:48 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/08/11 13:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 18:49:16 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/02 11:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/20 04:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/19 19:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 03:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/24 20:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 22:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 12:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/02/12 23:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 23:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 23:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 07:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/09/02 10:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=27361209t1b6l0390z1i5a48n1u253
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=27361209t1b6l0390z1i5a48n1u253
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=27361209t1b6l0390z1i5a48n1u253
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=27361209t1b6l0390z1i5a48n1u253
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search Powered by Google"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim&ncid=snsusaimc00000001"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {0417E3BB-E5F1-449D-BFB2-AB42B9A975C4}:1.9.1
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/23 18:34:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/19 23:36:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/19 23:36:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/19 23:36:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/19 23:36:07 | 000,000,000 | ---D | M]

[2009/12/05 00:36:30 | 000,000,000 | ---D | M] -- C:\Users\Tuna\AppData\Roaming\Mozilla\Extensions
[2010/10/23 14:15:43 | 000,000,000 | ---D | M] -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions
[2009/12/08 00:54:37 | 000,000,000 | -H-D | M] -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\.BackupManager
[2010/06/14 10:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}
[2010/06/15 12:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}-trash
[2010/04/06 18:44:01 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2009/12/08 00:54:34 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/09/17 15:36:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/07 13:52:45 | 000,000,000 | ---D | M] -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\personas@christopher.beard
[2010/09/26 17:18:09 | 000,000,000 | ---D | M] -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\youtube2mp3@mondayx.de
[2009/12/05 17:02:17 | 000,004,554 | ---- | M] () -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\searchplugins\aim-search.xml
[2009/10/21 20:01:26 | 000,000,866 | ---- | M] () -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\searchplugins\conduit.xml
[2010/10/11 23:00:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/11 23:00:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/05 17:42:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/05 14:57:31 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MFARestart] C:\ProgramData\MFAData\pack\avgrunasx.exe ()
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Global Registration] C:\Program Files (x86)\Gateway\Registration\GREG.exe (Acer Incorporated)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Tuna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WkCalRem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.219.17.200 129.219.17.5 129.219.13.81
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/01 13:53:24 | 000,000,071 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/10/28 09:49:48 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/24 19:40:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Tuna\Desktop\OTL.exe
[2010/10/22 15:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/22 14:59:43 | 004,290,744 | ---- | C] (AVG Technologies) -- C:\Users\Tuna\Desktop\avg_free_stb_all_2011_1136_upgrade.exe
[2010/10/14 12:19:33 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 12:19:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 12:19:32 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 12:19:29 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/14 12:19:27 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 12:19:25 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 12:19:25 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 12:19:21 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 12:19:21 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 12:19:15 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 12:19:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 12:19:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 12:19:14 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 12:19:13 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 12:19:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 12:19:13 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 12:19:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 12:19:13 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 12:19:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 12:19:12 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 12:19:12 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 12:19:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 12:19:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 12:19:09 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 12:19:07 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 12:19:06 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 12:19:05 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 12:19:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/12 20:04:11 | 000,000,000 | ---D | C] -- C:\Users\Tuna\Desktop\gmer
[2010/10/06 15:03:56 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tuna\Desktop\tdsskiller.exe
[2010/10/05 17:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/05 17:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/05 17:42:51 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/05 17:42:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/05 17:42:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/05 17:42:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/05 17:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/05 17:14:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2010/10/05 17:09:09 | 000,000,000 | ---D | C] -- C:\Users\Tuna\AppData\Local\Apps
[2010/10/05 14:37:30 | 000,000,000 | ---D | C] -- C:\Users\Tuna\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/05 14:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/05 14:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/10/05 14:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/05 14:36:32 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Tuna\Desktop\SUPERAntiSpyware.exe
[2010/10/01 11:58:17 | 000,000,000 | ---D | C] -- C:\Users\Tuna\AppData\Roaming\ICAClient
[2010/10/01 11:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2010/10/01 11:53:11 | 012,199,368 | ---- | C] (Microsoft Corporation) -- C:\Users\Tuna\Desktop\windows-kb890830-v3.11.exe
[2010/10/01 11:13:31 | 000,000,000 | -H-D | C] -- C:\.BackupManager

========== Files - Modified Within 30 Days ==========

[2010/10/24 19:40:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tuna\Desktop\OTL.exe
[2010/10/24 19:07:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127231983-3359346533-1165609791-1000UA.job
[2010/10/24 19:07:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/24 18:07:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127231983-3359346533-1165609791-1000Core.job
[2010/10/24 17:43:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/24 17:38:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/23 01:45:41 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/10/22 15:05:26 | 000,000,000 | ---- | M] () -- C:\Users\Tuna\AppData\Local\prvlcl.dat
[2010/10/22 15:01:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2010/10/22 15:01:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2010/10/22 14:59:44 | 004,290,744 | ---- | M] (AVG Technologies) -- C:\Users\Tuna\Desktop\avg_free_stb_all_2011_1136_upgrade.exe
[2010/10/22 14:55:36 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/22 14:55:36 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/19 23:33:50 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/19 12:10:21 | 000,001,051 | ---- | M] () -- C:\Users\Tuna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WkCalRem.LNK
[2010/10/17 03:37:53 | 000,031,744 | ---- | M] () -- C:\Users\Tuna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/16 12:30:59 | 000,343,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/15 10:48:28 | 000,740,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/15 10:48:28 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/15 10:48:28 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/12 20:04:00 | 000,284,915 | ---- | M] () -- C:\Users\Tuna\Desktop\gmer.zip
[2010/10/12 19:57:54 | 000,544,768 | ---- | M] () -- C:\Users\Tuna\Desktop\dds.scr
[2010/10/06 15:03:57 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tuna\Desktop\tdsskiller.exe
[2010/10/05 17:36:49 | 000,001,974 | ---- | M] () -- C:\Users\Tuna\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/05 17:36:49 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/05 17:14:26 | 000,000,708 | -H-- | M] () -- C:\IPH.PH
[2010/10/05 17:14:21 | 000,001,948 | ---- | M] () -- C:\Users\Tuna\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/10/05 14:37:24 | 000,001,815 | ---- | M] () -- C:\Users\Tuna\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/05 14:36:51 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Tuna\Desktop\SUPERAntiSpyware.exe
[2010/10/05 14:11:35 | 000,031,232 | ---- | M] () -- C:\Users\Tuna\Desktop\114 Prelab Activity - Should We Mine this Ore_when color lab is not done-1.doc
[2010/10/01 11:53:57 | 012,199,368 | ---- | M] (Microsoft Corporation) -- C:\Users\Tuna\Desktop\windows-kb890830-v3.11.exe

========== Files Created - No Company Name ==========

[2010/10/19 12:10:21 | 000,001,051 | ---- | C] () -- C:\Users\Tuna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WkCalRem.LNK
[2010/10/12 20:03:59 | 000,284,915 | ---- | C] () -- C:\Users\Tuna\Desktop\gmer.zip
[2010/10/12 19:57:53 | 000,544,768 | ---- | C] () -- C:\Users\Tuna\Desktop\dds.scr
[2010/10/05 17:36:49 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/05 15:56:54 | 000,000,000 | ---- | C] () -- C:\Users\Tuna\AppData\Local\prvlcl.dat
[2010/10/05 14:37:24 | 000,001,815 | ---- | C] () -- C:\Users\Tuna\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/05 14:11:34 | 000,031,232 | ---- | C] () -- C:\Users\Tuna\Desktop\114 Prelab Activity - Should We Mine this Ore_when color lab is not done-1.doc
[2010/09/12 02:21:09 | 000,002,838 | ---- | C] () -- C:\Users\Tuna\AppData\Local\ovokequwam.dll
[2010/09/12 01:26:40 | 000,000,120 | ---- | C] () -- C:\Users\Tuna\AppData\Local\Ixuvagimogoy.dat
[2010/09/12 01:26:40 | 000,000,000 | ---- | C] () -- C:\Users\Tuna\AppData\Local\Yrakitogolop.bin
[2010/08/23 18:25:56 | 000,000,778 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/06/14 10:18:56 | 000,000,214 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/31 12:13:14 | 000,031,744 | ---- | C] () -- C:\Users\Tuna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/31 11:49:29 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/28 09:18:42 | 000,002,318 | ---- | C] () -- C:\Users\Tuna\AppData\Roaming\wklnhst.dat
[2009/12/05 00:56:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/26 18:57:12 | 000,001,561 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/10/26 18:42:04 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/08/15 00:35:10 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/08/15 00:35:10 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/08/15 00:35:08 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/08/15 00:35:08 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/08/15 00:35:08 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/27 13:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/10/19 23:33:50 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/05 17:14:26 | 000,000,708 | -H-- | M] () -- C:\IPH.PH
[2010/10/19 23:33:51 | 4024,811,520 | -HS- | M] () -- C:\pagefile.sys
[2009/09/25 06:53:28 | 000,005,212 | RHS- | M] () -- C:\Patch.rev
[2009/12/04 08:25:02 | 000,000,201 | RHS- | M] () -- C:\Preload.rev
[2010/09/12 02:39:13 | 000,000,375 | ---- | M] () -- C:\rkill.log
[2010/10/06 15:05:15 | 000,065,288 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_06.10.2010_15.04.10_log.txt

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >


OTL Extras logfile created on: 10/24/2010 7:41:32 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Tuna\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.27 Gb Total Space | 201.41 Gb Free Space | 70.36% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 3.74 Gb Total Space | 2.19 Gb Free Space | 58.66% Space Free | Partition Type: FAT32
Drive G: | 596.02 Gb Total Space | 582.22 Gb Free Space | 97.68% Space Free | Partition Type: FAT32

Computer Name: PROCOMP | User Name: Tuna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2091774A-7740-D46F-92CF-D724CAEDF36A}" = ATI Catalyst Install Manager
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{6DA2E7DC-BC1E-4595-83A9-99BAD907AA1C}" = AVG 2011
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{94CB2412-E3E2-0F43-7D0E-3657C1BC35C5}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{2B4F8863-523E-30C0-149A-3C9F80A9A757}" = CCC Help Greek
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F6FD75E-D396-892D-C594-707039B32532}" = Catalyst Control Center Core Implementation
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA61DDF-BFFA-D47B-E2B8-63A988BEBB67}" = CCC Help Japanese
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3DFBF1D3-E64E-FE84-79AD-2624F41035DB}" = CCC Help Chinese Traditional
"{408BEDC6-EB6B-C39B-BCB6-303B219A6429}" = CCC Help Polish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{451F16B6-8AB1-3AEB-9E34-02D5D64273DA}" = CCC Help Korean
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4ABA3BA4-8AD3-1AF1-6E39-8C87B82E8B59}" = CCC Help German
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{57F06773-003E-1FD1-769A-9F2CF3127610}" = CCC Help Swedish
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5DADC37C-01AC-8BAF-2F2A-429F105C5C5C}" = CCC Help Portuguese
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64A37FD3-E327-1A76-FA62-3E8942AE81B9}" = CCC Help Thai
"{6563E0BB-B825-29A0-99AB-8104DF707323}" = CCC Help Spanish
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C67DC15-51A8-0BC8-02BF-A583656FE137}" = CCC Help English
"{6DEEBB44-84B1-C707-57A4-258DC77728C3}" = CCC Help Czech
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AFA9202-A886-0BCF-EAD7-F8ED280E865E}" = CCC Help Danish
"{7CA066B5-55CE-D59B-03A0-A53DF9019AA3}" = CCC Help Chinese Standard
"{7D0601EA-EA6E-E57E-812E-805EE6D634E9}" = Catalyst Control Center Localization All
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84DF43A9-B19D-8D24-392B-5F7329B75320}" = CCC Help Hungarian
"{89AAE614-5DBC-2302-735E-A26FF2F6D8B7}" = CCC Help Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B999A44-8314-493B-877E-A1DA5B54D9B8}" = Catalyst Control Center - Branding
"{8D62AC98-5E6D-CCB5-228C-D02360BFD36A}" = Catalyst Control Center Graphics Full Existing
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91CD7500-E12F-B706-12FE-F76E3AAA1309}" = ccc-core-static
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96899F83-E250-84F8-C9A1-1DDC7ABB9F3E}" = CCC Help Norwegian
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A8E7B78-C845-F923-62FB-F4AA98C85E8D}" = CCC Help French
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6F3371F-325D-C9E0-7771-3916940EEAFC}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B0EBF8E0-EA06-3A45-2B51-D88F7D54D156}" = CCC Help Finnish
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C90D9ED6-E446-F493-D653-7A5B25924E3F}" = CCC Help Russian
"{CF960A15-6AAF-E893-087C-1C60BEAE7E78}" = Catalyst Control Center Graphics Light
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAADAEC7-F5FC-E4DC-35CB-945190A51C92}" = Catalyst Control Center Graphics Full New
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EF338EAD-E894-68BD-33F2-F346B89E752A}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3E6FD72-E693-4AAA-F770-461101773241}" = CCC Help Dutch
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Aleks 3.12" = Aleks 3.12
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.10 (Unicode)
"Debut" = Debut Video Capture Software
"DivX Setup.divx.com" = DivX Setup
"FlashLynx" = FlashLynx Video Download Software
"Game Booster_is1" = Game Booster
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"IObit Security 360_is1" = IObit Security 360
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Prism" = Prism Video Converter
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"Switch" = Switch Sound File Converter
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2010 5:16:08 PM | Computer Name = ProComp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21263

Error - 10/23/2010 5:16:08 PM | Computer Name = ProComp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21263

Error - 10/23/2010 5:16:09 PM | Computer Name = ProComp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/23/2010 5:16:09 PM | Computer Name = ProComp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 22262

Error - 10/23/2010 5:16:09 PM | Computer Name = ProComp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 22262

Error - 10/23/2010 5:16:10 PM | Computer Name = ProComp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/23/2010 5:16:10 PM | Computer Name = ProComp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 23276

Error - 10/23/2010 5:16:10 PM | Computer Name = ProComp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 23276

Error - 10/23/2010 5:16:11 PM | Computer Name = ProComp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/23/2010 5:16:11 PM | Computer Name = ProComp | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24274

[ Cisco AnyConnect VPN Client Events ]
Error - 10/12/2010 1:38:29 AM | Computer Name = ProComp | Source = vpnagent | ID = 67108866
Description = Function: CCvcConfig::setConfig File: .\vpnconfig.cpp Line: 1088 Invoked
Function: CCvCConfig::processSecondConfig Return Code: -33030109 (0xFE080023) Description:
CVCCONFIG_ERROR_HTTP_ERROR_RESPONSE

Error - 10/12/2010 1:38:29 AM | Computer Name = ProComp | Source = vpnagent | ID = 67108866
Description = Function: CCstpProtocol::continueHTTPNegotiation File: .\CstpProtocol.cpp
Line:
1023 Invoked Function: CCvcConfig::setConfig Return Code: -33030109 (0xFE080023) Description:
CVCCONFIG_ERROR_HTTP_ERROR_RESPONSE

Error - 10/12/2010 1:38:29 AM | Computer Name = ProComp | Source = vpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelInitiateComplete File: .\TunnelStateMgr.cpp
Line:
1038 Invoked Function: ITunnelProtocol::initiateTunnel Return Code: -33030109 (0xFE080023)
Description:
CVCCONFIG_ERROR_HTTP_ERROR_RESPONSE callback

Error - 10/12/2010 1:38:29 AM | Computer Name = ProComp | Source = vpnagent | ID = 67108866
Description = Function: CTlsTunnelMgr::OnTunnelStatusChange File: .\TunnelMgr.cpp
Line:
924 Invoked Function: CTunnelStateMgr::OnTunnelStatusChange Return Code: -33030109
(0xFE080023) Description: CVCCONFIG_ERROR_HTTP_ERROR_RESPONSE callback

Error - 10/12/2010 1:38:29 AM | Computer Name = ProComp | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::OnVpnTunnelStatusChange File: .\VpnMgr.cpp Line:
3980 Invoked Function: CVpnMgr::OnVpnTunnelStatusChange Return Code: -33030109 (0xFE080023)
Description:
CVCCONFIG_ERROR_HTTP_ERROR_RESPONSE

Error - 10/12/2010 1:38:29 AM | Computer Name = ProComp | Source = vpnagent | ID = 67110873
Description = Termination reason code 28: HTTP response contained an HTTP error code.

Error - 10/12/2010 1:38:29 AM | Computer Name = ProComp | Source = vpnagent | ID = 67108866
Description = Function: CTlsTunnelMgr::OnTunnelInitiateComplete File: .\TunnelMgr.cpp
Line:
599 Invoked Function: CTunnelStateMgr::initiateTunnel Return Code: -33030109 (0xFE080023)
Description:
CVCCONFIG_ERROR_HTTP_ERROR_RESPONSE callback

Error - 10/12/2010 1:38:29 AM | Computer Name = ProComp | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::OnVpnTunnelInitiateComplete File: .\VpnMgr.cpp Line:
3921 Invoked Function: CTlsTunnelMgr::initiateTunnel Return Code: -33030109 (0xFE080023)
Description:
CVCCONFIG_ERROR_HTTP_ERROR_RESPONSE

Error - 10/12/2010 1:38:55 AM | Computer Name = ProComp | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
823 Invoked Function: CSocketTransport::readSocket Return Code: -31522800 (0xFE1F0010)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN

Error - 10/12/2010 1:38:55 AM | Computer Name = ProComp | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
811 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522800
(0xFE1F0010) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN

[ Media Center Events ]
Error - 2/2/2010 6:30:44 PM | Computer Name = ProComp | Source = MCUpdate | ID = 0
Description = 4:30:38 PM - Error connecting to the internet. 4:30:38 PM - Unable
to contact server..

Error - 2/2/2010 7:32:18 PM | Computer Name = ProComp | Source = MCUpdate | ID = 0
Description = 5:32:18 PM - Error connecting to the internet. 5:32:18 PM - Unable
to contact server..

Error - 2/2/2010 7:35:02 PM | Computer Name = ProComp | Source = MCUpdate | ID = 0
Description = 5:35:01 PM - Error connecting to the internet. 5:35:01 PM - Unable
to contact server..

Error - 2/9/2010 9:51:48 PM | Computer Name = ProComp | Source = MCUpdate | ID = 0
Description = 7:51:48 PM - Error connecting to the internet. 7:51:48 PM - Unable
to contact server..

Error - 2/9/2010 9:51:56 PM | Computer Name = ProComp | Source = MCUpdate | ID = 0
Description = 7:51:54 PM - Error connecting to the internet. 7:51:54 PM - Unable
to contact server..

Error - 2/10/2010 12:17:24 AM | Computer Name = ProComp | Source = MCUpdate | ID = 0
Description = 10:17:24 PM - Error connecting to the internet. 10:17:24 PM - Unable
to contact server..

Error - 2/10/2010 12:17:32 AM | Computer Name = ProComp | Source = MCUpdate | ID = 0
Description = 10:17:29 PM - Error connecting to the internet. 10:17:29 PM - Unable
to contact server..

Error - 2/14/2010 12:18:07 PM | Computer Name = ProComp | Source = MCUpdate | ID = 0
Description = 10:18:07 AM - Error connecting to the internet. 10:18:07 AM - Unable
to contact server..

Error - 2/14/2010 12:18:23 PM | Computer Name = ProComp | Source = MCUpdate | ID = 0
Description = 10:18:12 AM - Error connecting to the internet. 10:18:12 AM - Unable
to contact server..

Error - 2/20/2010 10:44:04 AM | Computer Name = ProComp | Source = MCUpdate | ID = 0
Description = 8:43:58 AM - Error connecting to the internet. 8:43:58 AM - Unable
to contact server..

[ OSession Events ]
Error - 12/23/2009 1:16:59 PM | Computer Name = ProComp | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 441
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/4/2010 8:53:51 PM | Computer Name = ProComp | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 8/4/2010 8:53:59 PM | Computer Name = ProComp | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 8/5/2010 9:36:07 AM | Computer Name = ProComp | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 8/5/2010 9:36:14 AM | Computer Name = ProComp | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 8/5/2010 9:35:15 PM | Computer Name = ProComp | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 8/5/2010 9:35:22 PM | Computer Name = ProComp | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 8/8/2010 1:22:59 AM | Computer Name = ProComp | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 8/8/2010 1:23:07 AM | Computer Name = ProComp | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 8/9/2010 10:57:39 PM | Computer Name = ProComp | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 8/9/2010 10:57:48 PM | Computer Name = ProComp | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!


< End of report >

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:53 AM

Posted 25 October 2010 - 04:22 PM

Hi again CA119LL!!.. :)

Two questions first:
- I see you're using COMODO Internet Security - this is a version with firewall + antivirus, right??..
- I see you were trying to install AVG, and an install failed... Is that true?.. Would you like to keep Comodo product or install AVG??..

I see you're using IObit's Advanced SystemCare 3... I suggest you uninstall this product, this company stole Malwarebytes’ Intellectual Property ...

Please do the following:

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
    FF - prefs.js..extensions.enabledItems: {0417E3BB-E5F1-449D-BFB2-AB42B9A975C4}:1.9.1
    [2009/10/21 20:01:26 | 000,000,866 | ---- | M] () -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\searchplugins\conduit.xml
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
    [2010/09/12 02:21:09 | 000,002,838 | ---- | C] () -- C:\Users\Tuna\AppData\Local\ovokequwam.dll
    [2010/09/12 01:26:40 | 000,000,120 | ---- | C] () -- C:\Users\Tuna\AppData\Local\Ixuvagimogoy.dat
    [2010/09/12 01:26:40 | 000,000,000 | ---- | C] () -- C:\Users\Tuna\AppData\Local\Yrakitogolop.bin
    :Files
    C:\Users\Tuna\AppData\Local\{0417E3BB-E5F1-449D-BFB2-AB42B9A975C4}
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 CA119LL

CA119LL
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 28 October 2010 - 03:14 PM

OTL logfile created on: 10/27/2010 12:41:51 AM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Tuna\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.27 Gb Total Space | 201.37 Gb Free Space | 70.34% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 3.74 Gb Total Space | 2.19 Gb Free Space | 58.65% Space Free | Partition Type: FAT32
Drive G: | 596.02 Gb Total Space | 582.22 Gb Free Space | 97.68% Space Free | Partition Type: FAT32

Computer Name: PROCOMP | User Name: Tuna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/24 19:40:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tuna\Desktop\OTL.exe
PRC - [2010/10/19 23:36:06 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/19 23:36:05 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/09/16 12:03:04 | 004,425,048 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/01 08:31:54 | 009,777,448 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe
PRC - [2010/08/13 13:08:46 | 000,033,056 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/10 15:10:58 | 002,349,776 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/08/10 00:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/28 19:22:16 | 003,427,160 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
PRC - [2009/12/24 15:02:32 | 001,280,272 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
PRC - [2009/12/24 15:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
PRC - [2009/10/09 08:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/08/27 13:48:30 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/20 17:26:00 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/08/20 17:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/07/03 18:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 06:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/04/13 17:11:26 | 003,319,808 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
PRC - [2009/04/13 14:28:30 | 000,630,784 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2007/06/20 14:04:20 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkCalRem.exe


========== Modules (SafeList) ==========

MOD - [2010/10/24 19:40:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tuna\Desktop\OTL.exe
MOD - [2010/09/10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/10 23:41:42 | 002,528,856 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010/06/29 10:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/08/05 21:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 18:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/02 11:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/24 15:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/10/09 08:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/08/20 17:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 06:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/05/22 11:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/04/29 12:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbccid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 03:48:58 | 000,381,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 03:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/19 21:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/19 21:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/11/04 03:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV:64bit: - [2009/10/09 07:50:48 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/08/11 13:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 18:49:16 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/02 11:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/20 04:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/19 19:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 03:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/24 20:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 22:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 12:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/02/12 23:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 23:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 23:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 07:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/09/02 10:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=27361209t1b6l0390z1i5a48n1u253
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=27361209t1b6l0390z1i5a48n1u253
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=27361209t1b6l0390z1i5a48n1u253
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=27361209t1b6l0390z1i5a48n1u253
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search Powered by Google"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim&ncid=snsusaimc00000001"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {0417E3BB-E5F1-449D-BFB2-AB42B9A975C4}:1.9.1
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/23 18:34:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/10/26 12:32:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/19 23:36:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/19 23:36:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/19 23:36:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/19 23:36:07 | 000,000,000 | ---D | M]

[2009/12/05 00:36:30 | 000,000,000 | ---D | M] -- C:\Users\Tuna\AppData\Roaming\Mozilla\Extensions
[2010/10/26 19:12:30 | 000,000,000 | ---D | M] -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions
[2009/12/08 00:54:37 | 000,000,000 | -H-D | M] -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\.BackupManager
[2010/06/14 10:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}
[2010/06/15 12:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}-trash
[2010/04/06 18:44:01 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2009/12/08 00:54:34 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/09/17 15:36:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/07 13:52:45 | 000,000,000 | ---D | M] -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\personas@christopher.beard
[2010/09/26 17:18:09 | 000,000,000 | ---D | M] -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\youtube2mp3@mondayx.de
[2009/12/05 17:02:17 | 000,004,554 | ---- | M] () -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\searchplugins\aim-search.xml
[2009/10/21 20:01:26 | 000,000,866 | ---- | M] () -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\searchplugins\conduit.xml
[2010/10/11 23:00:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/11 23:00:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/05 17:42:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/05 14:57:31 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Global Registration] C:\Program Files (x86)\Gateway\Registration\GREG.exe (Acer Incorporated)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.219.17.200 129.219.17.5 129.219.13.81
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/01 13:53:24 | 000,000,071 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/10/28 09:49:48 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/27 00:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/10/25 17:48:57 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/10/25 08:41:19 | 000,000,000 | ---D | C] -- C:\Users\Tuna\AppData\Roaming\AVG10
[2010/10/25 08:24:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/25 08:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/25 08:22:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2010/10/24 19:40:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Tuna\Desktop\OTL.exe
[2010/10/22 15:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/22 14:59:43 | 004,290,744 | ---- | C] (AVG Technologies) -- C:\Users\Tuna\Desktop\avg_free_stb_all_2011_1136_upgrade.exe
[2010/10/14 12:19:33 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 12:19:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 12:19:32 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 12:19:29 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/14 12:19:27 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 12:19:25 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 12:19:25 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 12:19:21 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 12:19:21 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 12:19:15 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 12:19:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 12:19:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 12:19:14 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 12:19:13 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 12:19:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 12:19:13 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 12:19:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 12:19:13 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 12:19:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 12:19:12 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 12:19:12 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 12:19:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 12:19:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 12:19:09 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 12:19:07 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 12:19:06 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 12:19:05 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 12:19:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/12 20:04:11 | 000,000,000 | ---D | C] -- C:\Users\Tuna\Desktop\gmer
[2010/10/06 15:03:56 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tuna\Desktop\tdsskiller.exe
[2010/10/05 17:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/05 17:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/05 17:42:51 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/05 17:42:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/05 17:42:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/05 17:42:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/05 17:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/05 17:14:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2010/10/05 17:09:09 | 000,000,000 | ---D | C] -- C:\Users\Tuna\AppData\Local\Apps
[2010/10/05 14:37:30 | 000,000,000 | ---D | C] -- C:\Users\Tuna\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/05 14:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/05 14:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/10/05 14:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/05 14:36:32 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Tuna\Desktop\SUPERAntiSpyware.exe
[2010/10/01 11:58:17 | 000,000,000 | ---D | C] -- C:\Users\Tuna\AppData\Roaming\ICAClient
[2010/10/01 11:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2010/10/01 11:53:11 | 012,199,368 | ---- | C] (Microsoft Corporation) -- C:\Users\Tuna\Desktop\windows-kb890830-v3.11.exe
[2010/10/01 11:13:31 | 000,000,000 | -H-D | C] -- C:\.BackupManager

========== Files - Modified Within 30 Days ==========

[2010/10/27 00:45:44 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/27 00:43:13 | 002,672,312 | ---- | M] () -- C:\Users\Tuna\Desktop\esetsmartinstaller_enu.exe
[2010/10/27 00:33:29 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127231983-3359346533-1165609791-1000UA.job
[2010/10/27 00:33:29 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/27 00:33:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/26 19:26:14 | 000,000,000 | ---- | M] () -- C:\Users\Tuna\AppData\Local\prvlcl.dat
[2010/10/26 19:16:19 | 097,787,600 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/26 19:12:43 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127231983-3359346533-1165609791-1000Core.job
[2010/10/26 12:32:11 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/25 08:28:22 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/25 08:28:22 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/25 08:24:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2010/10/25 08:24:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2010/10/25 08:19:31 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/10/25 08:19:09 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/24 19:40:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tuna\Desktop\OTL.exe
[2010/10/22 14:59:44 | 004,290,744 | ---- | M] (AVG Technologies) -- C:\Users\Tuna\Desktop\avg_free_stb_all_2011_1136_upgrade.exe
[2010/10/17 03:37:53 | 000,031,744 | ---- | M] () -- C:\Users\Tuna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/16 12:30:59 | 000,343,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/15 10:48:28 | 000,740,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/15 10:48:28 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/15 10:48:28 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/12 20:04:00 | 000,284,915 | ---- | M] () -- C:\Users\Tuna\Desktop\gmer.zip
[2010/10/12 19:57:54 | 000,544,768 | ---- | M] () -- C:\Users\Tuna\Desktop\dds.scr
[2010/10/06 15:03:57 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tuna\Desktop\tdsskiller.exe
[2010/10/05 17:36:49 | 000,001,974 | ---- | M] () -- C:\Users\Tuna\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/05 17:36:49 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/05 17:14:26 | 000,000,708 | -H-- | M] () -- C:\IPH.PH
[2010/10/05 17:14:21 | 000,001,948 | ---- | M] () -- C:\Users\Tuna\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/10/05 14:37:24 | 000,001,815 | ---- | M] () -- C:\Users\Tuna\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/05 14:36:51 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Tuna\Desktop\SUPERAntiSpyware.exe
[2010/10/05 14:11:35 | 000,031,232 | ---- | M] () -- C:\Users\Tuna\Desktop\114 Prelab Activity - Should We Mine this Ore_when color lab is not done-1.doc
[2010/10/01 11:53:57 | 012,199,368 | ---- | M] (Microsoft Corporation) -- C:\Users\Tuna\Desktop\windows-kb890830-v3.11.exe

========== Files Created - No Company Name ==========

[2010/10/27 00:43:10 | 002,672,312 | ---- | C] () -- C:\Users\Tuna\Desktop\esetsmartinstaller_enu.exe
[2010/10/26 19:16:19 | 097,787,600 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/25 08:24:23 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/12 20:03:59 | 000,284,915 | ---- | C] () -- C:\Users\Tuna\Desktop\gmer.zip
[2010/10/12 19:57:53 | 000,544,768 | ---- | C] () -- C:\Users\Tuna\Desktop\dds.scr
[2010/10/05 17:36:49 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/05 15:56:54 | 000,000,000 | ---- | C] () -- C:\Users\Tuna\AppData\Local\prvlcl.dat
[2010/10/05 14:37:24 | 000,001,815 | ---- | C] () -- C:\Users\Tuna\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/05 14:11:34 | 000,031,232 | ---- | C] () -- C:\Users\Tuna\Desktop\114 Prelab Activity - Should We Mine this Ore_when color lab is not done-1.doc
[2010/09/12 02:21:09 | 000,002,838 | ---- | C] () -- C:\Users\Tuna\AppData\Local\ovokequwam.dll
[2010/09/12 01:26:40 | 000,000,120 | ---- | C] () -- C:\Users\Tuna\AppData\Local\Ixuvagimogoy.dat
[2010/09/12 01:26:40 | 000,000,000 | ---- | C] () -- C:\Users\Tuna\AppData\Local\Yrakitogolop.bin
[2010/08/23 18:25:56 | 000,000,778 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/06/14 10:18:56 | 000,000,214 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/31 12:13:14 | 000,031,744 | ---- | C] () -- C:\Users\Tuna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/31 11:49:29 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/28 09:18:42 | 000,002,318 | ---- | C] () -- C:\Users\Tuna\AppData\Roaming\wklnhst.dat
[2009/12/05 00:56:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/26 18:57:12 | 000,001,561 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/10/26 18:42:04 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/08/15 00:35:10 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/08/15 00:35:10 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/08/15 00:35:08 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/08/15 00:35:08 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/08/15 00:35:08 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< :OTL >

< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> >

< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092 >

< FF - prefs.js..extensions.enabledItems: {0417E3BB-E5F1-449D-BFB2-AB42B9A975C4}:1.9.1 >

< [2009/10/21 20:01:26 | 000,000,866 | ---- | M] () -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\searchplugins\conduit.xml >
Invalid Switch: 21 20:01:26 | 000,000,866 | ---- | M] () -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\searchplugins\conduit.xml


< O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. >

< O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. >

< O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. >

< O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found >

< [2010/09/12 02:21:09 | 000,002,838 | ---- | C] () -- C:\Users\Tuna\AppData\Local\ovokequwam.dll >
Invalid Switch: 12 02:21:09 | 000,002,838 | ---- | C] () -- C:\Users\Tuna\AppData\Local\ovokequwam.dll


< [2010/09/12 01:26:40 | 000,000,120 | ---- | C] () -- C:\Users\Tuna\AppData\Local\Ixuvagimogoy.dat >
Invalid Switch: 12 01:26:40 | 000,000,120 | ---- | C] () -- C:\Users\Tuna\AppData\Local\Ixuvagimogoy.dat


< [2010/09/12 01:26:40 | 000,000,000 | ---- | C] () -- C:\Users\Tuna\AppData\Local\Yrakitogolop.bin >
Invalid Switch: 12 01:26:40 | 000,000,000 | ---- | C] () -- C:\Users\Tuna\AppData\Local\Yrakitogolop.bin


< :Files >

< C:\Users\Tuna\AppData\Local\{0417E3BB-E5F1-449D-BFB2-AB42B9A975C4} >

< :Commands >

< [EmptyTemp] >

< [EMPTYFLASH] >

< End of report >

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=19420122fb39b44a9394cc9ad9cd0f1f
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-27 08:15:39
# local_time=2010-10-27 01:15:39 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1024 16777215 100 0 293739 293739 0 0
# compatibility_mode=3073 16777213 80 92 1761668 5051208 0 0
# compatibility_mode=5893 16776574 100 94 0 39709046 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=53157
# found=0
# cleaned=0
# scan_time=1749
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=19420122fb39b44a9394cc9ad9cd0f1f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-28 07:33:10
# local_time=2010-10-28 12:33:10 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1024 16777215 100 0 374966 374966 0 0
# compatibility_mode=3073 16777213 80 92 1842895 5132435 0 0
# compatibility_mode=5893 16776574 100 94 0 39790273 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=148502
# found=1
# cleaned=1
# scan_time=4369
C:\Users\Tuna\AppData\Local\ovokequwam.dll Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#6 CA119LL

CA119LL
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 28 October 2010 - 03:15 PM

Add I do use COMODO, but I was able to successfully install AVG

#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:53 AM

Posted 29 October 2010 - 09:51 AM

Hi again CA119LL!!.. :)

Looks like you hit the Run Scan button... Please go back to my last post and perform the first step once again (a fix with OTL) - this time, after pasting the commands under the "Custom Scans/Fixes" window, click the red Run Fix button... :)

Add I do use COMODO, but I was able to successfully install AVG

Hmmm... Are both protection programs running their resident protection??.. As far as I can see, you have Comodo Internet Security installed - that's antivirus, anti-spyware and firewall... AVG includes an antivirus and antispyware... Two components of the same type should not run together in resident mode - that can cause conflicts and a system slowdown... I suggest you uninstall one of the protection programs (either AVG or Comodo) to avoid conflicts... Let me know if you need more information...

Use Start -> Control Panel -> Programs and Features...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 CA119LL

CA119LL
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 29 October 2010 - 01:00 PM

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: {0417E3BB-E5F1-449D-BFB2-AB42B9A975C4}:1.9.1 removed from extensions.enabledItems
C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.
File C:\Users\Tuna\AppData\Local\ovokequwam.dll not found.
C:\Users\Tuna\AppData\Local\Ixuvagimogoy.dat moved successfully.
C:\Users\Tuna\AppData\Local\Yrakitogolop.bin moved successfully.
========== FILES ==========
C:\Users\Tuna\AppData\Local\{0417E3BB-E5F1-449D-BFB2-AB42B9A975C4}\chrome\content folder moved successfully.
C:\Users\Tuna\AppData\Local\{0417E3BB-E5F1-449D-BFB2-AB42B9A975C4}\chrome folder moved successfully.
C:\Users\Tuna\AppData\Local\{0417E3BB-E5F1-449D-BFB2-AB42B9A975C4} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Tuna
->Temp folder emptied: 250222461 bytes
->Temporary Internet Files folder emptied: 69254603 bytes
->Java cache emptied: 98617202 bytes
->FireFox cache emptied: 50384316 bytes
->Google Chrome cache emptied: 7030911 bytes
->Flash cache emptied: 30699 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10890006 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 759469449 bytes

Total Files Cleaned = 1,188.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tuna
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.1 log created on 10292010_104617

Files\Folders moved on Reboot...
C:\Users\Tuna\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Tuna\AppData\Local\Mozilla\Firefox\Profiles\q10m4dwh.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Tuna\AppData\Local\Mozilla\Firefox\Profiles\q10m4dwh.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Tuna\AppData\Local\Mozilla\Firefox\Profiles\q10m4dwh.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Tuna\AppData\Local\Mozilla\Firefox\Profiles\q10m4dwh.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Tuna\AppData\Local\Mozilla\Firefox\Profiles\q10m4dwh.default\urlclassifier3.sqlite moved successfully.
C:\Users\Tuna\AppData\Local\Mozilla\Firefox\Profiles\q10m4dwh.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

Alright I'll do that asap

#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:53 AM

Posted 29 October 2010 - 01:19 PM

Hi again CA119LL!!.. :)

That looks good - a malicious Add-on for Firefox has been removed... Does any problem persist??..

Alright I'll do that asap

Ok, afterwards:

Please run a fresh scan with OTL.exe - open the program and click Run Scan - only OTL.txt logfile will be generated, post the contents of that log in your reply...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#10 CA119LL

CA119LL
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 29 October 2010 - 02:19 PM

AVG will not uninstall through he control panel, i havent had any redirection yet though after about 10 links. Please keep this thread open for a few days in case it does reoccur though.

#11 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:53 AM

Posted 29 October 2010 - 04:55 PM

Hi again CA119LL!!.. :)

AVG will not uninstall through he control panel,



Please download and run this tool: AVG Remover(64bit) 2011 - it should remove the whole program completely... It will reboot your machine...

i havent had any redirection yet though after about 10 links. Please keep this thread open for a few days in case it does reoccur though.

No problem... When I get a fresh OTL log, I'll ask you to update outdated programs on your machine...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#12 CA119LL

CA119LL
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 31 October 2010 - 07:57 PM

OTL logfile created on: 10/31/2010 5:39:50 PM - Run 3
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Tuna\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.27 Gb Total Space | 200.72 Gb Free Space | 70.12% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 596.02 Gb Total Space | 582.34 Gb Free Space | 97.70% Space Free | Partition Type: FAT32

Computer Name: PROCOMP | User Name: Tuna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/29 12:56:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/29 12:56:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/24 19:40:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tuna\Desktop\OTL.exe
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/09/16 12:03:04 | 004,425,048 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/01 08:31:54 | 009,777,448 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe
PRC - [2010/08/13 13:08:46 | 000,033,056 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/10 15:10:58 | 002,349,776 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/08/10 00:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010/01/28 19:22:16 | 003,427,160 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
PRC - [2009/12/24 15:02:32 | 001,280,272 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
PRC - [2009/12/24 15:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
PRC - [2009/10/09 08:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/08/27 13:48:30 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/20 17:26:00 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/08/20 17:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/07/03 18:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 06:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/04/13 17:11:26 | 003,319,808 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
PRC - [2009/04/13 14:28:30 | 000,630,784 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2007/06/20 14:04:21 | 000,722,272 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WksCal.exe
PRC - [2007/06/20 14:04:20 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- c:\Program Files (x86)\Microsoft Works\WkCalRem.exe


========== Modules (SafeList) ==========

MOD - [2010/10/24 19:40:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tuna\Desktop\OTL.exe
MOD - [2010/09/10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/10 23:41:42 | 002,528,856 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010/06/29 10:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/08/05 21:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 18:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/02 11:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/24 15:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/10/09 08:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/08/20 17:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 06:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/05/22 11:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/04/29 12:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbccid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 03:48:58 | 000,381,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 03:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/19 21:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/19 21:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/11/04 03:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV:64bit: - [2009/10/09 07:50:48 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/08/11 13:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 18:49:16 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/02 11:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/20 04:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/19 19:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 03:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/24 20:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 22:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 12:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/02/12 23:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 23:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 23:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 07:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/09/02 10:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=27361209t1b6l0390z1i5a48n1u253
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=27361209t1b6l0390z1i5a48n1u253
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=27361209t1b6l0390z1i5a48n1u253
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv52_series&r=27361209t1b6l0390z1i5a48n1u253
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search Powered by Google"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim&ncid=snsusaimc00000001"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/23 18:34:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/10/26 12:32:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/29 12:56:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/29 12:56:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/29 12:56:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/29 12:56:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/29 12:56:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/29 12:56:11 | 000,000,000 | ---D | M]

[2009/12/05 00:36:30 | 000,000,000 | ---D | M] -- C:\Users\Tuna\AppData\Roaming\Mozilla\Extensions
[2010/10/31 16:17:35 | 000,000,000 | ---D | M] -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions
[2009/12/08 00:54:37 | 000,000,000 | -H-D | M] -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\.BackupManager
[2010/06/14 10:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}
[2010/06/15 12:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}-trash
[2010/04/06 18:44:01 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2009/12/08 00:54:34 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/09/17 15:36:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/07 13:52:45 | 000,000,000 | ---D | M] -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\personas@christopher.beard
[2010/09/26 17:18:09 | 000,000,000 | ---D | M] -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\extensions\youtube2mp3@mondayx.de
[2009/12/05 17:02:17 | 000,004,554 | ---- | M] () -- C:\Users\Tuna\AppData\Roaming\Mozilla\Firefox\Profiles\q10m4dwh.default\searchplugins\aim-search.xml
[2010/10/11 23:00:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/11 23:00:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/05 17:42:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/05 14:57:31 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Global Registration] C:\Program Files (x86)\Gateway\Registration\GREG.exe (Acer Incorporated)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.219.17.200 129.219.17.5 129.219.13.81
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/01 13:53:24 | 000,000,071 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/10/28 09:49:48 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/29 10:46:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/27 00:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/10/26 12:36:00 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/10/26 12:36:00 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/10/26 12:36:00 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/10/26 12:36:00 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/10/26 12:36:00 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/26 12:36:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/10/26 12:36:00 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/10/26 12:35:50 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/10/25 17:48:57 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/10/25 08:41:19 | 000,000,000 | ---D | C] -- C:\Users\Tuna\AppData\Roaming\AVG10
[2010/10/25 08:24:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/25 08:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/25 08:22:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2010/10/24 19:40:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Tuna\Desktop\OTL.exe
[2010/10/22 15:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/14 12:19:33 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 12:19:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 12:19:32 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 12:19:29 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/14 12:19:27 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 12:19:25 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 12:19:25 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 12:19:21 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 12:19:21 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 12:19:15 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 12:19:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 12:19:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 12:19:14 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 12:19:13 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 12:19:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 12:19:13 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 12:19:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 12:19:13 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 12:19:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 12:19:12 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 12:19:12 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 12:19:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 12:19:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 12:19:09 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 12:19:07 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 12:19:06 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 12:19:05 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 12:19:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/12 20:04:11 | 000,000,000 | ---D | C] -- C:\Users\Tuna\Desktop\gmer
[2010/10/06 15:03:56 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tuna\Desktop\tdsskiller.exe
[2010/10/05 17:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/05 17:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/05 17:42:51 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/05 17:42:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/05 17:42:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/05 17:42:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/05 17:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/05 17:14:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2010/10/05 17:09:09 | 000,000,000 | ---D | C] -- C:\Users\Tuna\AppData\Local\Apps
[2010/10/05 14:37:30 | 000,000,000 | ---D | C] -- C:\Users\Tuna\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/05 14:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/05 14:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/10/05 14:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/05 14:36:32 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Tuna\Desktop\SUPERAntiSpyware.exe

========== Files - Modified Within 30 Days ==========

[2010/10/31 17:07:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127231983-3359346533-1165609791-1000UA.job
[2010/10/31 17:07:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/31 16:57:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/30 20:24:04 | 000,000,046 | ---- | M] () -- C:\Users\Tuna\jagex_runescape_preferences.dat
[2010/10/30 20:23:06 | 000,000,099 | ---- | M] () -- C:\Users\Tuna\jagex_runescape_preferences2.dat
[2010/10/30 19:20:19 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127231983-3359346533-1165609791-1000Core.job
[2010/10/30 12:51:37 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 12:51:37 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 12:45:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/29 12:55:12 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/10/29 12:54:49 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/28 18:24:58 | 097,961,613 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/28 16:26:30 | 000,000,000 | ---- | M] () -- C:\Users\Tuna\AppData\Local\prvlcl.dat
[2010/10/27 00:43:13 | 002,672,312 | ---- | M] () -- C:\Users\Tuna\Desktop\esetsmartinstaller_enu.exe
[2010/10/25 08:24:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2010/10/25 08:24:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2010/10/24 19:40:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tuna\Desktop\OTL.exe
[2010/10/17 03:37:53 | 000,031,744 | ---- | M] () -- C:\Users\Tuna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/16 12:30:59 | 000,343,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/15 10:48:28 | 000,740,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/15 10:48:28 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/15 10:48:28 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/12 20:04:00 | 000,284,915 | ---- | M] () -- C:\Users\Tuna\Desktop\gmer.zip
[2010/10/12 19:57:54 | 000,544,768 | ---- | M] () -- C:\Users\Tuna\Desktop\dds.scr
[2010/10/06 15:03:57 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tuna\Desktop\tdsskiller.exe
[2010/10/05 17:36:49 | 000,001,974 | ---- | M] () -- C:\Users\Tuna\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/05 17:36:49 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/05 17:14:26 | 000,000,708 | -H-- | M] () -- C:\IPH.PH
[2010/10/05 17:14:21 | 000,001,948 | ---- | M] () -- C:\Users\Tuna\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/10/05 14:37:24 | 000,001,815 | ---- | M] () -- C:\Users\Tuna\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/05 14:36:51 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Tuna\Desktop\SUPERAntiSpyware.exe
[2010/10/05 14:11:35 | 000,031,232 | ---- | M] () -- C:\Users\Tuna\Desktop\114 Prelab Activity - Should We Mine this Ore_when color lab is not done-1.doc

========== Files Created - No Company Name ==========

[2010/10/28 18:24:58 | 097,961,613 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/27 00:43:10 | 002,672,312 | ---- | C] () -- C:\Users\Tuna\Desktop\esetsmartinstaller_enu.exe
[2010/10/12 20:03:59 | 000,284,915 | ---- | C] () -- C:\Users\Tuna\Desktop\gmer.zip
[2010/10/12 19:57:53 | 000,544,768 | ---- | C] () -- C:\Users\Tuna\Desktop\dds.scr
[2010/10/05 17:36:49 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/05 15:56:54 | 000,000,000 | ---- | C] () -- C:\Users\Tuna\AppData\Local\prvlcl.dat
[2010/10/05 14:37:24 | 000,001,815 | ---- | C] () -- C:\Users\Tuna\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/05 14:11:34 | 000,031,232 | ---- | C] () -- C:\Users\Tuna\Desktop\114 Prelab Activity - Should We Mine this Ore_when color lab is not done-1.doc
[2010/08/23 18:25:56 | 000,000,778 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/06/14 10:18:56 | 000,000,214 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/31 12:13:14 | 000,031,744 | ---- | C] () -- C:\Users\Tuna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/31 11:49:29 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/28 09:18:42 | 000,002,318 | ---- | C] () -- C:\Users\Tuna\AppData\Roaming\wklnhst.dat
[2009/12/05 00:56:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/26 18:57:12 | 000,001,561 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/10/26 18:42:04 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/08/15 00:35:10 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/08/15 00:35:10 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/08/15 00:35:08 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/08/15 00:35:08 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/08/15 00:35:08 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/27 13:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/10/29 12:54:49 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/05 17:14:26 | 000,000,708 | -H-- | M] () -- C:\IPH.PH
[2010/10/29 12:54:50 | 4024,811,520 | -HS- | M] () -- C:\pagefile.sys
[2009/09/25 06:53:28 | 000,005,212 | RHS- | M] () -- C:\Patch.rev
[2009/12/04 08:25:02 | 000,000,201 | RHS- | M] () -- C:\Preload.rev
[2010/09/12 02:39:13 | 000,000,375 | ---- | M] () -- C:\rkill.log
[2010/10/06 15:05:15 | 000,065,288 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_06.10.2010_15.04.10_log.txt

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

#13 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:53 AM

Posted 01 November 2010 - 02:49 PM

Hi again CA119LL!!.. :)

Your OTL logfile looks clean...

Looks like you were not able to remove AVG??.. Is that right??.
Please use instructions from this site to remove AVG: AVG 2011 + 9.0+8.x Uninstall / Re-Install Instructions - let me know if it worked for you...

We need to update outdated programs (with security vulnerabilities) on your machine:

- Adobe Acrobat Reader:

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities...
Run Adobe Reader --> Help --> Check for updates - let it update to the newest version - 9.4.0

- Java

Close any open browsers/windows/programs...
Double-click on the file in bold: C:\Program files (x86)\Java\jre6\bin\javacpl.exe --> Open tab: Update --> click Update now

Let me know if it updates Java for you (to the latest version: u22)...

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#14 CA119LL

CA119LL
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 01 November 2010 - 07:06 PM

I haven't had any recurrences of redirecting yet :) Hopefully it stays that way, I will run these updates as soon as possible, most likely tomorrow, thank you so much for all your help. I'll get back to you ASAP.

#15 CA119LL

CA119LL
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 05 November 2010 - 02:59 PM

I just successfully completed all of the fixes that you have listed here. However, I believe that I may have experienced a redirection. Is it possible for links on google searches to automatically redirect you to more than one website? (Not being due to spyware) If so, what else should I do?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users