Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Patched manual removal


  • This topic is locked This topic is locked
41 replies to this topic

#1 FishyUK

FishyUK

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 25 May 2011 - 09:17 AM

Hi folks,

So AVG's been telling me I'm infected with Win32/Patched for a while now, but I hadn't got round to doing anything about it... Then last week my laptop (Windows Vista) starting taking forever to start up, and freezing within a few minutes so I'd have to re-boot it. I managed to start it in Safe Mode and download MalwareBytes fine, but then every time I try and run a scan (even in safe mode), it gets about 3/4 mins in and freezes, having found up to 9 infected items. So I'm guessing I'm probably infected with some other nasties as well :(

Anyways, I've found it works more or less fine in safe mode otherwise, and can complete short manual scans of a handful of selected files at a time: I've actually managed to remove a couple of infected objects this way just by guesswork. But the thing is, it would take me forEVER to do the whole computer that way, especially as it does still freeze now and then and needs re-booting, so does anyone know which files I should be scanning to cover any infections?

Cheers guys!

xxx

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:29 PM

Posted 25 May 2011 - 09:40 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:29 PM

Posted 26 May 2011 - 12:42 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 FishyUK

FishyUK
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 27 May 2011 - 03:58 AM

Hi,

Thanks so much for taking the time to help me out! Been a bit busy and not anywhere near my laptop for a couple of days, but hopefully I'll get a chance to tackle it tonight or tomorrow morning...

Cheers! x

#5 FishyUK

FishyUK
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 28 May 2011 - 09:27 AM

Hello again,

Couldn't manage to run a DDS scan - managed to save it to my desktop ok, but the black instruction screen would come up for 2 secs max (sometimes just a flash), then nothing else would happen. Tried with both links, nothing works.

Managed to do a GMER scan though, log is attached.

Thanks again! x

Attached Files

  • Attached File  ark.txt   7.76KB   8 downloads


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:29 PM

Posted 28 May 2011 - 12:12 PM

Hello,

We can skip DDS now. Run these following scanners.

1.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    volsnap.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


2.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 FishyUK

FishyUK
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 30 May 2011 - 06:45 AM

Here are the results of the OTL scan:

OTL.txt:

OTL logfile created on: 30/05/2011 12:35:42 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Sophie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.78% Memory free
5.94 Gb Paging File | 5.34 Gb Available in Paging File | 89.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.29 Gb Total Space | 101.27 Gb Free Space | 45.35% Space Free | Partition Type: NTFS

Computer Name: MINDY | User Name: Sophie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/30 12:34:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/30 12:34:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/06 03:32:28 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/11/06 01:53:56 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/10/21 19:52:38 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/10/21 19:52:38 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/10/21 19:52:36 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/10/17 11:50:42 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Stopped] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/09/18 19:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/12 04:28:26 | 000,446,464 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/09/08 18:59:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/09/08 18:59:54 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/09/08 18:59:52 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/09/05 19:56:58 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/06/12 08:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/06/12 08:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/05/20 10:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 10:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 10:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/12 02:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/05/28 14:07:16 | 000,100,736 | ---- | M] (GMER) [Kernel | On_Demand | Running] -- C:\fxldypob.sys -- (fxldypob)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2008/10/07 02:47:20 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/10/03 01:00:56 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/08/23 00:22:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/08/22 01:06:22 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/06/28 01:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/10 01:04:47 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/07 01:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/05/26 16:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2008/04/24 23:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/25 03:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/21 03:23:26 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/01/21 03:23:20 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2007/04/18 05:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files\Search_USA\tbSear.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\Zango@Zango.com: C:\Program Files\Zango\bin\10.3.79.0\firefox\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\{FA11EAEF-3266-4202-A954-552AB30E1532}: C:\Users\Sophie\AppData\Local\{FA11EAEF-3266-4202-A954-552AB30E1532} [2010/10/19 07:21:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/05/16 18:34:09 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search USA Toolbar) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files\Search_USA\tbSear.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Search USA Toolbar) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files\Search_USA\tbSear.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Search USA Toolbar) - {48405D3D-2674-4CD8-B1EF-9A719443BD3F} - C:\Program Files\Search_USA\tbSear.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Users\Sophie\Desktop\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [58299336] File not found
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [terrapoint700x0main.exe] File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Sophie\AppData\Roaming\hotfix.exe) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Sophie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sophie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5a010f4a-3db8-11de-b849-001dbaaf52b0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe wa6.vbs
O33 - MountPoints2\{5a010f6f-3db8-11de-b849-001dbaaf52b0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe wa6.vbs
O33 - MountPoints2\F\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe wa6.vbs
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 12:34:52 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.exe
[2011/05/28 14:07:16 | 000,100,736 | ---- | C] (GMER) -- C:\fxldypob.sys
[2011/05/28 14:05:21 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Desktop\gmer
[2011/05/28 13:56:35 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Sophie\Desktop\dds.pif
[2011/05/28 13:56:02 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Sophie\Desktop\dds.scr
[2011/05/21 14:30:04 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/05/16 19:12:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Roaming\Malwarebytes
[2011/05/16 19:11:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/16 19:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/16 19:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/16 19:11:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/16 19:11:19 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Desktop\Malwarebytes' Anti-Malware
[2011/05/11 09:23:29 | 000,000,000 | -HSD | C] -- C:\found.000
[3 C:\Users\Sophie\Documents\*.tmp files -> C:\Users\Sophie\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/30 12:34:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.exe
[2011/05/28 17:23:01 | 000,002,708 | ---- | M] () -- C:\Users\Sophie\AppData\Local\d3d9caps.dat
[2011/05/28 14:07:16 | 000,100,736 | ---- | M] (GMER) -- C:\fxldypob.sys
[2011/05/28 14:04:49 | 000,293,775 | ---- | M] () -- C:\Users\Sophie\Desktop\gmer.zip
[2011/05/28 13:56:37 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Sophie\Desktop\dds.pif
[2011/05/28 13:51:31 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Sophie\Desktop\dds.scr
[2011/05/28 13:49:20 | 000,658,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/28 13:49:20 | 000,128,892 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/28 13:44:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/28 13:19:21 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/05/28 13:18:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/28 13:18:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/21 14:34:57 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/19 19:24:21 | 202,226,369 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/16 19:11:23 | 000,000,702 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 18:51:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 18:43:37 | 115,162,303 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[3 C:\Users\Sophie\Documents\*.tmp files -> C:\Users\Sophie\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/28 14:04:48 | 000,293,775 | ---- | C] () -- C:\Users\Sophie\Desktop\gmer.zip
[2011/05/16 19:11:23 | 000,000,702 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/23 11:54:29 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/10/19 07:24:53 | 000,000,010 | ---- | C] () -- C:\Users\Sophie\AppData\Roaming\install
[2010/10/19 07:21:38 | 000,000,120 | ---- | C] () -- C:\Users\Sophie\AppData\Local\Vganeturetozunes.dat
[2010/10/19 07:21:38 | 000,000,000 | ---- | C] () -- C:\Users\Sophie\AppData\Local\Fkehewisucejalaf.bin
[2010/10/19 03:02:47 | 000,000,181 | ---- | C] () -- C:\Users\Sophie\AppData\Roaming\33798.bat
[2010/10/19 03:02:47 | 000,000,181 | ---- | C] () -- C:\Users\Sophie\AppData\Roaming\17712.bat
[2009/09/17 10:27:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 10:27:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/20 14:54:25 | 000,030,208 | ---- | C] () -- C:\Users\Sophie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/10 20:48:33 | 000,002,708 | ---- | C] () -- C:\Users\Sophie\AppData\Local\d3d9caps.dat
[2008/11/27 23:09:34 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/10/22 19:39:23 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/10/22 19:39:23 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
[2008/10/22 19:39:22 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/10/22 19:39:22 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/10/22 19:38:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/10/22 19:38:30 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/10/22 19:38:29 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/10/22 19:38:29 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/10/22 19:38:28 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/10/22 19:31:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/10/22 19:02:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,395,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,658,392 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,128,892 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/10/23 12:55:59 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\301E9E8D40C6CA055E006E87E84D395E
[2010/10/23 11:59:46 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\AVG10
[2010/11/07 10:00:31 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Azureus
[2009/10/10 10:29:12 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/02/09 23:37:43 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\HTC
[2011/02/09 23:38:19 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2009/06/11 20:46:42 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\InterVideo
[2011/04/27 03:24:47 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Spotify
[2009/05/16 03:43:04 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\WeatherDPA
[2009/05/16 03:42:55 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Zango
[2011/05/21 16:29:19 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/04/22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys
[2008/04/22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008/04/22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
[2008/04/22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: VOLSNAP.SYS >
[2006/11/02 10:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/21 03:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/21 03:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< %systemroot%\*. /mp /s >

< End of report >




Extras.Txt:

OTL Extras logfile created on: 30/05/2011 12:35:42 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Sophie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.78% Memory free
5.94 Gb Paging File | 5.34 Gb Available in Paging File | 89.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.29 Gb Total Space | 101.27 Gb Free Space | 45.35% Space Free | Partition Type: NTFS

Computer Name: MINDY | User Name: Sophie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13EB5A44-7360-4546-BDA2-D1EC98B6AE69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AD7DF4B-BCE3-4E84-8766-679068FC3347}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{27BBD4F9-6301-45CC-AA68-3F895D003907}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2ED8E3BB-3832-465A-94C5-D89ADC65E32B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{41BF7D5E-1C41-4B00-B2B1-07C626C2052B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7B468452-AA1D-46CF-B4C9-7DB5AE86221E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A51C6C7D-CC62-48D1-ACC2-1AC353C3CD51}" = rport=2869 | protocol=6 | dir=out | app=system |
"{B4C9E55A-EB50-47D2-859A-5955CABE0493}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B9F0DDA8-D10B-4563-BADE-EB1FA13A632A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DB015AB3-6B26-4F64-BCFE-0F7636E04CBF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E4C7F307-A7AB-4883-A1E8-2E10A369A224}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FF8097-E73E-4C24-8E9C-6D9713579FF9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0500DDAE-4E8A-4E5F-94ED-02C2A4C841C8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{08A7E58A-8923-44E5-B0A4-A7A35CC4ED8B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{11464475-94F6-48DA-AE98-C33FBED1B205}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{152D8BEA-9BBD-4085-BC18-9D1055055EFF}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{157B1F52-55EA-44BC-8202-94C8BF0131EC}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{1BF98D5F-863A-4ADD-BE0A-18205D1496C4}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{2183D6E9-DAAF-49DF-B0D2-8712708592BE}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{39411367-5D3A-43AF-AF34-39F89AAFBE23}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4AE7F5AF-5382-45EA-A69C-B646F1CDC7E2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{4C839910-802D-40AF-991B-1196D72A1765}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{56808B82-51CC-47AF-A2DA-528C6ED8D4C9}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{64009A23-9DC4-459D-9333-80EBBCB90E5B}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{65CEA48A-A3DD-429E-BE2A-CC4A3E7281AB}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{8153045B-68CC-461B-9BA9-9C1574699277}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{861E52EC-A033-403F-8349-3232F88E299F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8B21E6A5-1583-44BC-8469-604D0E5D54A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96D3AE67-689A-42F2-873D-8580922FB2B1}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{98FC983D-6393-4F09-999A-5871B67A097D}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{A28FA253-FDF5-4AD1-A978-672D93006F88}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{A6B3F635-FF42-4579-B133-34596DC322BE}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{B05B8DB5-E418-40CF-8A29-C92279747927}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B25BE395-9C0B-432D-9910-D900228586D7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{B66E38CD-88E5-44F0-BB2A-63DF5BE9ABCC}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{D019A4ED-B708-4F33-934C-71EBFCB0A886}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{D8060FEA-52E9-40DD-B2FF-ECEA2213785B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DBC0C7E7-629D-4D82-BE98-5A4C45A97EB6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{E338BABF-14A7-4556-9C9A-D84648F86060}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{EBD32EF9-1E76-4904-B243-C084477AFAFA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FB78595D-A531-4F6F-A83E-4F11FD9CAE7D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{6FBA43B3-1F4D-4A8D-A797-57613212CB1A}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{A3A4FD36-E170-4A46-9FC4-992167D1AFC6}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{31E78734-3F30-433B-AA53-CE1B930DA08C}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{974C9E0D-F467-48E7-8241-0E2A9DDE292C}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{088C7311-A3BB-43C5-B046-C114D2F9728C}" = VAIO Media plus
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6D4673B7-A982-43E5-82E9-13E037681478}" = Click to Disc
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75F52FAC-16CE-4A2A-B89A-9742F39A1864}" = VAIO Movie Story
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F2D688-B8CB-4461-A92D-6B35279DAE8F}" = VAIO Content Folder Watcher
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{A2052C95-48CC-4AC9-A8D4-FCD89DDD8F2C}" = VAIO Content Folder Watcher
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BEA18030-8B42-1286-EF64-CDA6BD083888}" = BBC iPlayer Desktop
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5FBA9C1-21D3-4210-A604-CF9E38238F35}" = VAIO Entertainment Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DB249302-FB94-4578-84FE-7B856C315779}" = HTC Sync
"{E35AF511-B618-4D02-B559-0F2147341D3B}" = AVG 2011
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG" = AVG 2011
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BFG-Big Fish Games Game Suite" = Big Fish Games Game Suite
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dt icon module" =
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = VAIO Marketing Tools
"McAfee Security Scan" = McAfee Security Scan Plus
"MFU Module" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Picasa2" = Picasa 2
"PROHYBRIDR" = 2007 Microsoft Office system
"Search_USA Toolbar" = Search_USA Toolbar
"Soulseek" = SoulSeek Client 156c
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VAIO Help and Support" =
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/05/2011 11:34:09 | Computer Name = Mindy | Source = WinMgmt | ID = 10
Description =

Error - 28/05/2011 08:19:21 | Computer Name = Mindy | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 28/05/2011 08:20:01 | Computer Name = Mindy | Source = WinMgmt | ID = 10
Description =

Error - 28/05/2011 08:30:06 | Computer Name = Mindy | Source = EventSystem | ID = 4609
Description =

Error - 28/05/2011 08:30:37 | Computer Name = Mindy | Source = WinMgmt | ID = 10
Description =

Error - 28/05/2011 08:45:40 | Computer Name = Mindy | Source = EventSystem | ID = 4609
Description =

Error - 28/05/2011 08:46:02 | Computer Name = Mindy | Source = WinMgmt | ID = 10
Description =

Error - 28/05/2011 09:12:26 | Computer Name = Mindy | Source = Perflib | ID = 1008
Description =

Error - 28/05/2011 09:12:26 | Computer Name = Mindy | Source = Perflib | ID = 1010
Description =

Error - 30/05/2011 07:36:16 | Computer Name = Mindy | Source = System Restore | ID = 8193
Description =

[ OSession Events ]
Error - 14/03/2010 08:00:33 | Computer Name = Mindy | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 96071
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 28/05/2011 08:40:55 | Computer Name = Mindy | Source = Service Control Manager | ID = 7001
Description =

Error - 28/05/2011 08:41:39 | Computer Name = Mindy | Source = Service Control Manager | ID = 7001
Description =

Error - 28/05/2011 08:44:59 | Computer Name = Mindy | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:43:48 on 28/05/2011 was unexpected.

Error - 28/05/2011 08:45:23 | Computer Name = Mindy | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 28/05/2011 08:45:31 | Computer Name = Mindy | Source = DCOM | ID = 10005
Description =

Error - 28/05/2011 08:45:40 | Computer Name = Mindy | Source = DCOM | ID = 10005
Description =

Error - 28/05/2011 08:45:49 | Computer Name = Mindy | Source = DCOM | ID = 10005
Description =

Error - 28/05/2011 08:46:02 | Computer Name = Mindy | Source = Service Control Manager | ID = 7001
Description =

Error - 28/05/2011 08:46:02 | Computer Name = Mindy | Source = Service Control Manager | ID = 7026
Description =

Error - 29/05/2011 08:45:57 | Computer Name = Mindy | Source = DCOM | ID = 10005
Description =


< End of report >



I'll go do the aswMBR scan right away. Cheers again! x

#8 FishyUK

FishyUK
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 30 May 2011 - 06:51 AM

Here are the aswMBR scan results:

rsion 0.9.5.317 Copyright© 2011 AVAST Software
Run date: 2011-05-30 12:48:50
-----------------------------
12:48:50.255 OS Version: Windows 6.0.6002 Service Pack 2
12:48:50.255 Number of processors: 2 586 0xF0D
12:48:50.255 ComputerName: MINDY UserName:
12:48:51.051 Initialize success
12:48:54.483 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:48:54.483 Disk 0 Vendor: FUJITSU_ 0041 Size: 238475MB BusType: 3
12:48:54.498 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000069
12:48:54.498 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
12:48:54.514 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006a
12:48:54.514 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
12:48:54.561 Disk 0 MBR read successfully
12:48:54.576 Disk 0 MBR scan
12:48:54.576 Disk 0 unknown MBR code
12:48:54.608 Disk 0 scanning sectors +488395120
12:48:54.795 Disk 0 scanning C:\Windows\system32\drivers
12:49:01.222 Service scanning
12:49:02.470 Disk 0 trace - called modules:
12:49:02.501 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
12:49:02.501 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860be948]
12:49:02.517 3 CLASSPNP.SYS[8a5ac8b3] -> nt!IofCallDriver -> [0x8562f338]
12:49:02.517 5 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85648028]
12:49:14.498 Unsigned kernel modules:
12:49:14.498 0x8dc9b000 C:\Users\Sophie\AppData\Local\Temp\fxldypob.sys
12:49:14.732 Scan finished successfully
12:49:56.524 Disk 0 MBR has been saved successfully to "C:\Users\Sophie\Desktop\MBR.dat"
12:49:56.540 The log file has been saved successfully to "C:\Users\Sophie\Desktop\aswMBR.txt"

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:29 PM

Posted 30 May 2011 - 09:50 AM

Hello FishyUK,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TDSSKILLER log
Combofix.txt
Are you able to burn CD's and have access to a USb Flash Drive?

How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 FishyUK

FishyUK
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 30 May 2011 - 12:40 PM

Hi again,

The TDSS Rootkit Removing Tool scan came up clean.

I tried disabling AVG in normal mode, but it would only do it for 15 mins max, and when I tried to run ComboFix it still came up with an AVG warning message. Would it be best to just uninstall AVG and then re-install it afterwards? If so, is there a way I can do this in safe mode? Still keeps freezing most of the time in normal mode.

Thanks! x

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:29 PM

Posted 30 May 2011 - 03:01 PM

Hello,

We will run Combofix in safemode . Ignore any warnings about AVG.

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.


Run Combofix by doing the following::

We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

REGISTRY::
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart]
[-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray]
[-HKEY_CURRENT_USER\Software\Avg]
[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\.avgdx]
[-HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}]
[-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_CLASSES_ROOT\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}]
[-HKEY_CLASSES_ROOT\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95} ]
[-HKEY_CLASSES_ROOT\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}]
[-HKEY_CLASSES_ROOT\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}]
[-HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]
[-HKEY_CLASSES_ROOT\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}]
[-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\Installer\Features\36E852A15FD8BDA48923830A21D156BE]
[-HKEY_CLASSES_ROOT\Installer\Features\69BC3230A1222404483A39DE4E0799CF]
[-HKEY_CLASSES_ROOT\Installer\Features\CFD2C1F142D260E3CB8B271543DA9F98]
[-HKEY_CLASSES_ROOT\Installer\Products\36E852A15FD8BDA48923830A21D156BE]
[-HKEY_CLASSES_ROOT\Installer\Products\69BC3230A1222404483A39DE4E0799CF]
[-HKEY_CLASSES_ROOT\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes6DD9E4F7F3FF9C41BC2BD64A2CE18FE]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\38F747DBDC97B4E459142E21199F9D10]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011]
[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter]
[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter.1]
[-HKEY_CLASSES_ROOT\MicroScanner.MicroScanner]
[-HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0323CB96-221A-4042-84A3-93EDE47099FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABED-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEE-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEF-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}]
[-HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[-HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_CLASSES_ROOT\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}]
[-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\avgsecuritytoolbar]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_CURRENT_USER\Software\AppDataLow\Avg]
[-HKEY_CURRENT_USER\Software\AVG Security Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG Security Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayRSAlert]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinished]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanStarted]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayWSAlert]
[-HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgtray]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg]
[-HKEY_USERS\.DEFAULT\Software\Avg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"=-
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"=-
"avg@igeared"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList]
"AVG"=-

DRIVER::
Avg
AVGIDSAgent
AVGIDSDriver
AVGIDSEH
AVGIDSFilter
AVGIDSShim
Avgldx86
Avgmfx86
Avgrkx86
Avgtdix
avgwd
AVG Security Toolbar Service
avg9emc
avg9wd

FOLDER::
%SYSTEMDRIVE%\$AVG
%COMMONAPPDATA%\AVG10
%COMMONAPPDATA%\MFAData
%COMMONPROGRAMS%\AVG 2011
%APPDATA%\AVG10
%PROGRAMFILES%\AVG
%SYSTEM%\drivers\AVG
%COMMONAPPDATA%\AVG Security Toolbar
%COMMONAPPDATA%\avg9
%COMMONPrograms%\AVG Free 9.0

File::
%COMMONAPPDATA%\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat
%COMMONDESKTOP%\AVG 2011.lnk
%SYSTEM%\drivers\AVGIDSDriver.sys
%SYSTEM%\drivers\AVGIDSEH.sys
%SYSTEM%\drivers\AVGIDSFilter.sys
%SYSTEM%\drivers\AVGIDSShim.sys
%SYSTEM%\drivers\avgldx86.sys
%SYSTEM%\drivers\avgmfx86.sys
%SYSTEM%\drivers\avgrkx86.sys
%SYSTEM%\drivers\avgtdix.sys
%COMMONDesktop%\AVG Free 9.0.lnk
%PROGRAMFILES%\Mozilla Firefox\searchplugins\avg_igeared.xml
%SYSTEM%\avgrsstx.dll

SECCENTER::
AVG Anti-Virus Free


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 FishyUK

FishyUK
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 03 June 2011 - 04:41 PM

Hello again,

Sorry it took me so long to get back to you! Ran ComboFix last night - didn't really pay attention to what it was doing but it came up saying "logging off", and was still like that when I went to bed so I just left it on overnight. Still said that it the morning so just switched it off.

Turned it back on this evening and it automatically starting preparing the log, but it froze near the end so not sure if it's complete.

Anyways, think this is what you asked for:

ComboFix 11-05-29.04 - Sophie 02/06/2011 22:04:37.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2938.2368 [GMT 1:00]
Running from: C:\Users\Sophie\Desktop\ComboFix.exe
Command switches used :: C:\Users\Sophie\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"
"C:\ProgramData\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat"
"C:\Users\Public\Desktop\AVG 2011.lnk"
"C:\Users\Public\Desktop\AVG Free 9.0.lnk"
"C:\Windows\system32\avgrsstx.dll"
"C:\Windows\system32\drivers\AVGIDSDriver.sys"
"C:\Windows\system32\drivers\AVGIDSEH.sys"
"C:\Windows\system32\drivers\AVGIDSFilter.sys"
"C:\Windows\system32\drivers\AVGIDSShim.sys"
"C:\Windows\system32\drivers\avgldx86.sys"
"C:\Windows\system32\drivers\avgmfx86.sys"
"C:\Windows\system32\drivers\avgrkx86.sys"
"C:\Windows\system32\drivers\avgtdix.sys"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\$AVG
C:\$AVG\$CHJW\40988ab7-547f-4e00-9b84-4c5b2a3b3b95
C:\$AVG\$CHJW\a6866248-565b-40b8-bcc7-cdfbe633d05d
C:\$AVG\$VAULT\V_00000030.fil
C:\$AVG\$VAULT\vvfolder.idx
C:\Program Files\AVG
C:\Program Files\AVG\AVG10\avgfree_zh.mht
C:\Program Files\AVG\AVG10\avgfree_zt.mht
C:\Program Files\AVG\AVG10\Firefox4\Chrome\searchshield.jar
C:\Program Files\AVG\AVG10\Firefox4\Components\ISearchShield4.xpt
C:\Program Files\AVG\AVG10\Firefox4\install.rdf
C:\Program Files\AVG\AVG10\Notification\AVGTBUpgrade2.exe
C:\Program Files\AVG\AVG9\Chjw\96cef9bbcef993a9\avgcchfi.dat
C:\Program Files\AVG\AVG9\Chjw\96cef9bbcef993a9\avgcchmi.dat
C:\Program Files\AVG\AVG9\Chjw\e268cd2668ccfa75\avgcchfi.dat
C:\Program Files\AVG\AVG9\Chjw\e268cd2668ccfa75\avgcchmi.dat
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\ProgramData\AVG10
C:\ProgramData\AVG10\Cfg\admin.cfg
C:\ProgramData\AVG10\Cfg\changecfgreg.cfg
C:\ProgramData\AVG10\Cfg\csl.cfg
C:\ProgramData\AVG10\Cfg\dav.cfg
C:\ProgramData\AVG10\Cfg\emssrv.cfg
C:\ProgramData\AVG10\Cfg\erd.cfg
C:\ProgramData\AVG10\Cfg\idp.cfg
C:\ProgramData\AVG10\Cfg\krnl.cfg
C:\ProgramData\AVG10\Cfg\mail.cfg
C:\ProgramData\AVG10\Cfg\mailsrv.cfg
C:\ProgramData\AVG10\Cfg\mailsrvvsapi.cfg
C:\ProgramData\AVG10\Cfg\malrep.cfg
C:\ProgramData\AVG10\Cfg\scan.cfg
C:\ProgramData\AVG10\Cfg\sched.cfg
C:\ProgramData\AVG10\Cfg\setup.cfg
C:\ProgramData\AVG10\Cfg\spsrv.cfg
C:\ProgramData\AVG10\Cfg\update.cfg
C:\ProgramData\AVG10\Cfg\updatecomps.cfg
C:\ProgramData\AVG10\Cfg\user.cfg
C:\ProgramData\AVG10\cfgall\falsealarm.cfg
C:\ProgramData\AVG10\cfgall\krnlall.cfg
C:\ProgramData\AVG10\cfgall\srmall.cfg
C:\ProgramData\AVG10\cfgall\updateall.cfg
C:\ProgramData\AVG10\cfgall\userall.cfg
C:\ProgramData\AVG10\Chjw\96cef9bbcef993a9\avgcchff.dat
C:\ProgramData\AVG10\Chjw\96cef9bbcef993a9\avgcchfi.dat
C:\ProgramData\AVG10\Chjw\96cef9bbcef993a9\avgcchmf.dat
C:\ProgramData\AVG10\Chjw\96cef9bbcef993a9\avgcchmi.dat
C:\ProgramData\AVG10\Chjw\e268cd2668ccfa75\avgcchff.dat
C:\ProgramData\AVG10\Chjw\e268cd2668ccfa75\avgcchmf.dat
C:\ProgramData\AVG10\Dumps\avgscanx.exe_129495801131241242.exh
C:\ProgramData\AVG10\Dumps\avgscanx.exe_129495801131241242_F.dmp
C:\ProgramData\AVG10\Dumps\avgscanx.exe_129495801131241242_M.dmp
C:\ProgramData\AVG10\log\avgcfg.log
C:\ProgramData\AVG10\log\avgcfg.log.lock
C:\ProgramData\AVG10\log\avgcfgex.log
C:\ProgramData\AVG10\log\avgcfgex.log.lock
C:\ProgramData\AVG10\log\avgchjw.log
C:\ProgramData\AVG10\log\avgchjw.log.1
C:\ProgramData\AVG10\log\avgchjw.log.10
C:\ProgramData\AVG10\log\avgchjw.log.2
C:\ProgramData\AVG10\log\avgchjw.log.3
C:\ProgramData\AVG10\log\avgchjw.log.4
C:\ProgramData\AVG10\log\avgchjw.log.5
C:\ProgramData\AVG10\log\avgchjw.log.6
C:\ProgramData\AVG10\log\avgchjw.log.7
C:\ProgramData\AVG10\log\avgchjw.log.8
C:\ProgramData\AVG10\log\avgchjw.log.9
C:\ProgramData\AVG10\log\avgchjw.log.lock
C:\ProgramData\AVG10\log\avgchjwsrv.log
C:\ProgramData\AVG10\log\avgchjwsrv.log.1
C:\ProgramData\AVG10\log\avgchjwsrv.log.2
C:\ProgramData\AVG10\log\avgchjwsrv.log.3
C:\ProgramData\AVG10\log\avgchjwsrv.log.4
C:\ProgramData\AVG10\log\avgchjwsrv.log.5
C:\ProgramData\AVG10\log\avgchjwsrv.log.6
C:\ProgramData\AVG10\log\avgchjwsrv.log.lock
C:\ProgramData\AVG10\log\avgcore.log
C:\ProgramData\AVG10\log\avgcore.log.1
C:\ProgramData\AVG10\log\avgcore.log.10
C:\ProgramData\AVG10\log\avgcore.log.2
C:\ProgramData\AVG10\log\avgcore.log.3
C:\ProgramData\AVG10\log\avgcore.log.4
C:\ProgramData\AVG10\log\avgcore.log.5
C:\ProgramData\AVG10\log\avgcore.log.6
C:\ProgramData\AVG10\log\avgcore.log.7
C:\ProgramData\AVG10\log\avgcore.log.8
C:\ProgramData\AVG10\log\avgcore.log.9
C:\ProgramData\AVG10\log\avgcore.log.lock
C:\ProgramData\AVG10\log\avgcsl.log
C:\ProgramData\AVG10\log\avgcsl.log.1
C:\ProgramData\AVG10\log\avgcsl.log.2
C:\ProgramData\AVG10\log\avgcsl.log.lock
C:\ProgramData\AVG10\log\avgdiagex.log
C:\ProgramData\AVG10\log\avgdiagex.log.lock
C:\ProgramData\AVG10\log\avgemc.log
C:\ProgramData\AVG10\log\avgemc.log.lock
C:\ProgramData\AVG10\log\avgexc.log
C:\ProgramData\AVG10\log\avgexc.log.lock
C:\ProgramData\AVG10\log\avgldr.log
C:\ProgramData\AVG10\log\avgldr.log.lock
C:\ProgramData\AVG10\log\avglng.log
C:\ProgramData\AVG10\log\avglng.log.lock
C:\ProgramData\AVG10\log\avgns.log
C:\ProgramData\AVG10\log\avgns.log.1
C:\ProgramData\AVG10\log\avgns.log.2
C:\ProgramData\AVG10\log\avgns.log.lock
C:\ProgramData\AVG10\log\avgpostinst.log
C:\ProgramData\AVG10\log\avgpostinst.log.lock
C:\ProgramData\AVG10\log\avgrs.log
C:\ProgramData\AVG10\log\avgrs.log.1
C:\ProgramData\AVG10\log\avgrs.log.10
C:\ProgramData\AVG10\log\avgrs.log.2
C:\ProgramData\AVG10\log\avgrs.log.3
C:\ProgramData\AVG10\log\avgrs.log.4
C:\ProgramData\AVG10\log\avgrs.log.5
C:\ProgramData\AVG10\log\avgrs.log.6
C:\ProgramData\AVG10\log\avgrs.log.7
C:\ProgramData\AVG10\log\avgrs.log.8
C:\ProgramData\AVG10\log\avgrs.log.9
C:\ProgramData\AVG10\log\avgrs.log.lock
C:\ProgramData\AVG10\log\avgscan.log
C:\ProgramData\AVG10\log\avgscan.log.1
C:\ProgramData\AVG10\log\avgscan.log.2
C:\ProgramData\AVG10\log\avgscan.log.lock
C:\ProgramData\AVG10\log\avgsched.log
C:\ProgramData\AVG10\log\avgsched.log.1
C:\ProgramData\AVG10\log\avgsched.log.10
C:\ProgramData\AVG10\log\avgsched.log.2
C:\ProgramData\AVG10\log\avgsched.log.3
C:\ProgramData\AVG10\log\avgsched.log.4
C:\ProgramData\AVG10\log\avgsched.log.5
C:\ProgramData\AVG10\log\avgsched.log.6
C:\ProgramData\AVG10\log\avgsched.log.7
C:\ProgramData\AVG10\log\avgsched.log.8
C:\ProgramData\AVG10\log\avgsched.log.9
C:\ProgramData\AVG10\log\avgsched.log.lock
C:\ProgramData\AVG10\log\avgsrm.log
C:\ProgramData\AVG10\log\avgsrm.log.lock
C:\ProgramData\AVG10\log\avgtbapi.log.lock
C:\ProgramData\AVG10\log\avgtdi.log
C:\ProgramData\AVG10\log\avgtdi.log.lock
C:\ProgramData\AVG10\log\avgual.log
C:\ProgramData\AVG10\log\avgual.log.lock
C:\ProgramData\AVG10\log\avgui.log
C:\ProgramData\AVG10\log\avgui.log.1
C:\ProgramData\AVG10\log\avgui.log.10
C:\ProgramData\AVG10\log\avgui.log.2
C:\ProgramData\AVG10\log\avgui.log.3
C:\ProgramData\AVG10\log\avgui.log.4
C:\ProgramData\AVG10\log\avgui.log.5
C:\ProgramData\AVG10\log\avgui.log.6
C:\ProgramData\AVG10\log\avgui.log.7
C:\ProgramData\AVG10\log\avgui.log.8
C:\ProgramData\AVG10\log\avgui.log.9
C:\ProgramData\AVG10\log\avgui.log.lock
C:\ProgramData\AVG10\log\avgupd.log
C:\ProgramData\AVG10\log\avgupd.log.1
C:\ProgramData\AVG10\log\avgupd.log.2
C:\ProgramData\AVG10\log\avgupd.log.lock
C:\ProgramData\AVG10\log\avgupdm.log
C:\ProgramData\AVG10\log\avgwd.log
C:\ProgramData\AVG10\log\avgwd.log.1
C:\ProgramData\AVG10\log\avgwd.log.10
C:\ProgramData\AVG10\log\avgwd.log.2
C:\ProgramData\AVG10\log\avgwd.log.3
C:\ProgramData\AVG10\log\avgwd.log.4
C:\ProgramData\AVG10\log\avgwd.log.5
C:\ProgramData\AVG10\log\avgwd.log.6
C:\ProgramData\AVG10\log\avgwd.log.8
C:\ProgramData\AVG10\log\avgwd.log.9
C:\ProgramData\AVG10\log\avgwd.log.lock
C:\ProgramData\AVG10\log\avgwdsvc.log
C:\ProgramData\AVG10\log\avgwdsvc.log.1
C:\ProgramData\AVG10\log\avgwdsvc.log.lock
C:\ProgramData\AVG10\log\commonpriv.log
C:\ProgramData\AVG10\log\commonpriv.log.1
C:\ProgramData\AVG10\log\commonpriv.log.lock
C:\ProgramData\AVG10\log\fixcfg.log
C:\ProgramData\AVG10\log\fixcfg.log.lock
C:\ProgramData\AVG10\log\history.xml
C:\ProgramData\AVG10\log\IDP\log\avgtray_idp_Sophie.log
C:\ProgramData\AVG10\log\IDP\log\avgui_idp_Sophie.log
C:\ProgramData\AVG10\log\IDP\log\avgwdsvc_idp_MINDY$.log
C:\ProgramData\AVG10\log\vault.log
C:\ProgramData\AVG10\log\vault.log.1
C:\ProgramData\AVG10\log\vault.log.2
C:\ProgramData\AVG10\log\vault.log.3
C:\ProgramData\AVG10\log\vault.log.lock
C:\ProgramData\AVG10\scanlogs\I_00000001.log
C:\ProgramData\AVG10\scanlogs\I_00000003.log
C:\ProgramData\AVG10\scanlogs\I_00000004.log
C:\ProgramData\AVG10\scanlogs\I_00000008.log
C:\ProgramData\AVG10\scanlogs\I_00000009.log
C:\ProgramData\AVG10\scanlogs\I_00000010.log
C:\ProgramData\AVG10\scanlogs\I_00000011.log
C:\ProgramData\AVG10\scanlogs\I_00000012.log
C:\ProgramData\AVG10\scanlogs\I_00000013.log
C:\ProgramData\AVG10\scanlogs\I_00000014.log
C:\ProgramData\AVG10\scanlogs\I_00000015.log
C:\ProgramData\AVG10\scanlogs\I_00000016.log
C:\ProgramData\AVG10\scanlogs\I_00000017.log
C:\ProgramData\AVG10\scanlogs\I_00000018.log
C:\ProgramData\AVG10\scanlogs\I_00000019.log
C:\ProgramData\AVG10\scanlogs\I_00000020.log
C:\ProgramData\AVG10\scanlogs\I_00000021.log
C:\ProgramData\AVG10\scanlogs\I_00000022.log
C:\ProgramData\AVG10\scanlogs\I_00000023.log
C:\ProgramData\AVG10\scanlogs\I_00000024.log
C:\ProgramData\AVG10\scanlogs\I_00000025.log
C:\ProgramData\AVG10\scanlogs\I_00000026.log
C:\ProgramData\AVG10\scanlogs\I_00000027.log
C:\ProgramData\AVG10\scanlogs\I_00000028.log
C:\ProgramData\AVG10\scanlogs\I_00000029.log
C:\ProgramData\AVG10\scanlogs\I_00000030.log
C:\ProgramData\AVG10\scanlogs\I_00000031.log
C:\ProgramData\AVG10\scanlogs\I_00000032.log
C:\ProgramData\AVG10\scanlogs\I_00000033.log
C:\ProgramData\AVG10\scanlogs\I_00000034.log
C:\ProgramData\AVG10\scanlogs\I_00000035.log
C:\ProgramData\AVG10\scanlogs\I_00000036.log
C:\ProgramData\AVG10\scanlogs\I_00000037.log
C:\ProgramData\AVG10\scanlogs\I_00000038.log
C:\ProgramData\AVG10\scanlogs\I_00000039.log
C:\ProgramData\AVG10\scanlogs\I_00000040.log
C:\ProgramData\AVG10\scanlogs\I_00000041.log
C:\ProgramData\AVG10\scanlogs\I_00000042.log
C:\ProgramData\AVG10\scanlogs\I_00000043.log
C:\ProgramData\AVG10\scanlogs\I_00000044.log
C:\ProgramData\AVG10\scanlogs\srm.idx
C:\ProgramData\avg9
C:\ProgramData\avg9\Cfg\changecfgreg.cfg
C:\ProgramData\avg9\Cfg\krnl.cfg
C:\ProgramData\avg9\Cfg\mail.cfg
C:\ProgramData\avg9\Cfg\malrep.cfg
C:\ProgramData\avg9\Cfg\scan.cfg
C:\ProgramData\avg9\Cfg\sched.cfg
C:\ProgramData\avg9\Cfg\update.cfg
C:\ProgramData\avg9\Cfg\user.cfg
C:\ProgramData\avg9\CfgAll\falsealarm.cfg
C:\ProgramData\avg9\CfgAll\krnlall.cfg
C:\ProgramData\avg9\CfgAll\updateall.cfg
C:\ProgramData\avg9\Chjw\96cef9bbcef993a9\avgcchff.dat
C:\ProgramData\avg9\Chjw\96cef9bbcef993a9\avgcchfi.dat
C:\ProgramData\avg9\Chjw\96cef9bbcef993a9\avgcchmf.dat
C:\ProgramData\avg9\Chjw\96cef9bbcef993a9\avgcchmi.dat
C:\ProgramData\avg9\Chjw\cm-0-p.dat
C:\ProgramData\avg9\Chjw\cm-1-p.dat
C:\ProgramData\avg9\Chjw\cm-2-i.dat
C:\ProgramData\avg9\Chjw\cm-2-p.dat
C:\ProgramData\avg9\Chjw\cm-3-p.dat
C:\ProgramData\avg9\Chjw\cm-4-p.dat
C:\ProgramData\avg9\Chjw\e268cd2668ccfa75\avgcchff.dat
C:\ProgramData\avg9\Chjw\e268cd2668ccfa75\avgcchfi.dat
C:\ProgramData\avg9\Chjw\e268cd2668ccfa75\avgcchmf.dat
C:\ProgramData\avg9\Chjw\e268cd2668ccfa75\avgcchmi.dat
C:\ProgramData\avg9\Log\avgcfg.log
C:\ProgramData\avg9\Log\avgcfg.log.lock
C:\ProgramData\avg9\Log\avgchjw.log
C:\ProgramData\avg9\Log\avgchjw.log.1
C:\ProgramData\avg9\Log\avgchjw.log.10
C:\ProgramData\avg9\Log\avgchjw.log.2
C:\ProgramData\avg9\Log\avgchjw.log.3
C:\ProgramData\avg9\Log\avgchjw.log.4
C:\ProgramData\avg9\Log\avgchjw.log.5
C:\ProgramData\avg9\Log\avgchjw.log.6
C:\ProgramData\avg9\Log\avgchjw.log.7
C:\ProgramData\avg9\Log\avgchjw.log.8
C:\ProgramData\avg9\Log\avgchjw.log.9
C:\ProgramData\avg9\Log\avgchjw.log.lock
C:\ProgramData\avg9\Log\avgchjwsrv.log
C:\ProgramData\avg9\Log\avgchjwsrv.log.1
C:\ProgramData\avg9\Log\avgchjwsrv.log.lock
C:\ProgramData\avg9\Log\avgcore.log
C:\ProgramData\avg9\Log\avgcore.log.1
C:\ProgramData\avg9\Log\avgcore.log.10
C:\ProgramData\avg9\Log\avgcore.log.2
C:\ProgramData\avg9\Log\avgcore.log.3
C:\ProgramData\avg9\Log\avgcore.log.4
C:\ProgramData\avg9\Log\avgcore.log.5
C:\ProgramData\avg9\Log\avgcore.log.6
C:\ProgramData\avg9\Log\avgcore.log.7
C:\ProgramData\avg9\Log\avgcore.log.8
C:\ProgramData\avg9\Log\avgcore.log.9
C:\ProgramData\avg9\Log\avgcore.log.lock
C:\ProgramData\avg9\Log\avgfrw.log
C:\ProgramData\avg9\Log\avgfrw.log.lock
C:\ProgramData\avg9\Log\avgldr.log
C:\ProgramData\avg9\Log\avgldr.log.lock
C:\ProgramData\avg9\Log\avglng.log
C:\ProgramData\avg9\Log\avglng.log.lock
C:\ProgramData\avg9\Log\avgns.log
C:\ProgramData\avg9\Log\avgns.log.1
C:\ProgramData\avg9\Log\avgns.log.lock
C:\ProgramData\avg9\Log\avgrs.log
C:\ProgramData\avg9\Log\avgrs.log.1
C:\ProgramData\avg9\Log\avgrs.log.10
C:\ProgramData\avg9\Log\avgrs.log.2
C:\ProgramData\avg9\Log\avgrs.log.3
C:\ProgramData\avg9\Log\avgrs.log.4
C:\ProgramData\avg9\Log\avgrs.log.5
C:\ProgramData\avg9\Log\avgrs.log.6
C:\ProgramData\avg9\Log\avgrs.log.7
C:\ProgramData\avg9\Log\avgrs.log.8
C:\ProgramData\avg9\Log\avgrs.log.9
C:\ProgramData\avg9\Log\avgrs.log.lock
C:\ProgramData\avg9\Log\avgscan.log
C:\ProgramData\avg9\Log\avgscan.log.1
C:\ProgramData\avg9\Log\avgscan.log.lock
C:\ProgramData\avg9\Log\avgsched.log
C:\ProgramData\avg9\Log\avgsched.log.1
C:\ProgramData\avg9\Log\avgsched.log.10
C:\ProgramData\avg9\Log\avgsched.log.2
C:\ProgramData\avg9\Log\avgsched.log.3
C:\ProgramData\avg9\Log\avgsched.log.4
C:\ProgramData\avg9\Log\avgsched.log.5
C:\ProgramData\avg9\Log\avgsched.log.6
C:\ProgramData\avg9\Log\avgsched.log.7
C:\ProgramData\avg9\Log\avgsched.log.8
C:\ProgramData\avg9\Log\avgsched.log.9
C:\ProgramData\avg9\Log\avgsched.log.lock
C:\ProgramData\avg9\Log\avgsrm.log
C:\ProgramData\avg9\Log\avgsrm.log.lock
C:\ProgramData\avg9\Log\avgsrmacstat.log
C:\ProgramData\avg9\Log\avgsrmacstat.log.lock
C:\ProgramData\avg9\Log\avgtdi.log
C:\ProgramData\avg9\Log\avgtdi.log.lock
C:\ProgramData\avg9\Log\avgui.log
C:\ProgramData\avg9\Log\avgui.log.1
C:\ProgramData\avg9\Log\avgui.log.2
C:\ProgramData\avg9\Log\avgui.log.3
C:\ProgramData\avg9\Log\avgui.log.4
C:\ProgramData\avg9\Log\avgui.log.5
C:\ProgramData\avg9\Log\avgui.log.6
C:\ProgramData\avg9\Log\avgui.log.lock
C:\ProgramData\avg9\Log\avgupd.log
C:\ProgramData\avg9\Log\avgupd.log.1
C:\ProgramData\avg9\Log\avgupd.log.2
C:\ProgramData\avg9\Log\avgupd.log.lock
C:\ProgramData\avg9\Log\avgwd.log
C:\ProgramData\avg9\Log\avgwd.log.1
C:\ProgramData\avg9\Log\avgwd.log.10
C:\ProgramData\avg9\Log\avgwd.log.2
C:\ProgramData\avg9\Log\avgwd.log.3
C:\ProgramData\avg9\Log\avgwd.log.4
C:\ProgramData\avg9\Log\avgwd.log.5
C:\ProgramData\avg9\Log\avgwd.log.6
C:\ProgramData\avg9\Log\avgwd.log.7
C:\ProgramData\avg9\Log\avgwd.log.8
C:\ProgramData\avg9\Log\avgwd.log.9
C:\ProgramData\avg9\Log\avgwd.log.lock
C:\ProgramData\avg9\Log\avgwdsvc.log
C:\ProgramData\avg9\Log\avgwdsvc.log.1
C:\ProgramData\avg9\Log\avgwdsvc.log.lock
C:\ProgramData\avg9\Log\commonpriv.log.lock
C:\ProgramData\avg9\Log\fixcfg.log
C:\ProgramData\avg9\Log\fixcfg.log.lock
C:\ProgramData\avg9\Log\history.xml
C:\ProgramData\avg9\Log\vault.log
C:\ProgramData\avg9\Log\vault.log.lock
C:\ProgramData\avg9\scanlogs\I_00000001.log
C:\ProgramData\avg9\scanlogs\I_00000003.log
C:\ProgramData\avg9\scanlogs\I_00000005.log
C:\ProgramData\avg9\scanlogs\I_00000006.log
C:\ProgramData\avg9\scanlogs\I_00000007.log
C:\ProgramData\avg9\scanlogs\I_00000008.log
C:\ProgramData\avg9\scanlogs\I_00000009.log
C:\ProgramData\avg9\scanlogs\I_00000010.log
C:\ProgramData\avg9\scanlogs\I_00000011.log
C:\ProgramData\avg9\scanlogs\I_00000012.log
C:\ProgramData\avg9\scanlogs\I_00000013.log
C:\ProgramData\avg9\scanlogs\I_00000014.log
C:\ProgramData\avg9\scanlogs\I_00000015.log
C:\ProgramData\avg9\scanlogs\I_00000016.log
C:\ProgramData\avg9\scanlogs\I_00000017.log
C:\ProgramData\avg9\scanlogs\I_00000018.log
C:\ProgramData\avg9\scanlogs\I_00000019.log
C:\ProgramData\avg9\scanlogs\I_00000020.log
C:\ProgramData\avg9\scanlogs\I_00000021.log
C:\ProgramData\avg9\scanlogs\I_00000022.log
C:\ProgramData\avg9\scanlogs\I_00000023.log
C:\ProgramData\avg9\scanlogs\I_00000024.log
C:\ProgramData\avg9\scanlogs\I_00000025.log
C:\ProgramData\avg9\scanlogs\I_00000026.log
C:\ProgramData\avg9\scanlogs\I_00000027.log
C:\ProgramData\avg9\scanlogs\I_00000028.log
C:\ProgramData\avg9\scanlogs\I_00000029.log
C:\ProgramData\avg9\scanlogs\srm.idx
C:\ProgramData\avg9\Temp\07577172-3296-4f09-be45-e9c58d0c3a24-2bc-oopp.tmp
C:\ProgramData\avg9\Temp\0e7ca6f8-fdae-4e82-9f4c-a72471f22692-2bc-oopp.tmp
C:\ProgramData\avg9\Temp\201fbc03-04f1-4918-98fd-4c5a72d36676-2b4-oopp.tmp
C:\ProgramData\avg9\Temp\306ab2e7-4d7a-4695-815e-186a1f6ee838-1b2c-oopp.tmp
C:\ProgramData\avg9\Temp\35009b49-743f-4708-8eb1-17a2797e0325-2f0-oopp.tmp
C:\ProgramData\avg9\Temp\362cf838-7ec9-41c0-82b1-f1354c9291d2-2bc-oopp.tmp
C:\ProgramData\avg9\Temp\375375a0-99b3-4233-b69d-061f024181ba-2b0-oopp.tmp
C:\ProgramData\avg9\Temp\68332b69-ad94-47f6-b5b1-02726863ccad-1564-oopp.tmp
C:\ProgramData\avg9\Temp\6c248092-dbad-413b-8120-dfff73ca1fc4-2c0-oopp.tmp
C:\ProgramData\avg9\Temp\6c58bd04-fa2a-43d8-bb69-8a1bbe3f31ed-2b8-oopp.tmp
C:\ProgramData\avg9\Temp\6f1b4374-5503-4945-883a-6512f0570d56-b44-oopp.tmp
C:\ProgramData\avg9\Temp\7a231bc7-b40c-4869-8e89-89252b7a9890-2b0-oopp.tmp
C:\ProgramData\avg9\Temp\85f59fdf-d771-411e-9ed6-f574d8b6ec0d-2b0-oopp.tmp
C:\ProgramData\avg9\Temp\8c966a05-207e-447e-a178-5fd32889fadb-2bc-oopp.tmp
C:\ProgramData\avg9\Temp\905db4e6-5dc1-4969-b172-14733349364f-2bc-oopp.tmp
C:\ProgramData\avg9\Temp\92320564-efca-42bf-bb0d-7499465c7609-2b8-oopp.tmp
C:\ProgramData\avg9\Temp\9250f4dc-5a2e-483e-ab14-7e429e84140f-2bc-oopp.tmp
C:\ProgramData\avg9\Temp\a0d20058-1834-4cbe-956c-854b3867ea61-2bc-oopp.tmp
C:\ProgramData\avg9\Temp\a5635b4b-9f24-4544-9181-9a470763ac2b-294-oopp.tmp
C:\ProgramData\avg9\Temp\a63fcd04-e912-4a46-8ab4-c3a50348080e-2bc-oopp.tmp
C:\ProgramData\avg9\Temp\b2bcbd0e-0d6c-4f76-a209-41bfc36db7b3-2c0-oopp.tmp
C:\ProgramData\avg9\Temp\b68f09b7-cbe1-49b1-9b7a-785e7b67ca5f-2b0-oopp.tmp
C:\ProgramData\avg9\Temp\b790c4df-9ca5-4c12-a9ca-e7830cc644b9-2dc-oopp.tmp
C:\ProgramData\avg9\Temp\b8818a6b-46ee-4dad-b835-cffafe145d15-274-oopp.tmp
C:\ProgramData\avg9\Temp\d61baec1-51b7-45dc-b336-0833ff20df2d-2bc-oopp.tmp
C:\ProgramData\avg9\Temp\d62a220d-c371-472f-8859-02a5d725fde0-2c0-oopp.tmp
C:\ProgramData\avg9\Temp\de9d914f-b650-4396-8b91-7db0a0e9b493-2bc-oopp.tmp
C:\ProgramData\avg9\Temp\ed161908-0795-4c80-bbe5-49243120417e-2220-oopp.tmp
C:\ProgramData\avg9\Temp\f30c251b-2534-41ae-8cdf-d02d34b8933b-2bc-oopp.tmp
C:\ProgramData\avg9\Temp\f841cc28-8ab5-4a1a-8ddf-1a469db40a6d-2b8-oopp.tmp
C:\ProgramData\avg9\Temp\fae5d368-3909-4e62-9f1b-bd87c912392f-2b0-oopp.tmp
C:\ProgramData\avg9\Temp\file9514.tmp
C:\ProgramData\avg9\update\backup\avg9us.lng
C:\ProgramData\avg9\update\backup\avgcfgx.dll
C:\ProgramData\avg9\update\backup\avgchclx.dll
C:\ProgramData\avg9\update\backup\avgcorex.dll
C:\ProgramData\avg9\update\backup\avgfree_us.mht
C:\ProgramData\avg9\update\backup\avgnsx.exe
C:\ProgramData\avg9\update\backup\avgsrmx.dll
C:\ProgramData\avg9\update\backup\avgssie.dll
C:\ProgramData\avg9\update\backup\avgtray.exe
C:\ProgramData\avg9\update\backup\avgui.exe
C:\ProgramData\avg9\update\backup\avgupd.dll
C:\ProgramData\avg9\update\backup\cf.dat
C:\ProgramData\avg9\update\backup\cty.cty
C:\ProgramData\avg9\update\backup\incavi.avm
C:\ProgramData\avg9\update\backup\sb.dat
C:\ProgramData\avg9\update\backup\sb.dat.xcd
C:\ProgramData\avg9\update\backup\sc.dat
C:\ProgramData\avg9\update\backup\sc.dat.xcd
C:\ProgramData\avg9\update\backup\setup.dat
C:\ProgramData\avg9\update\backup\setup.exe
C:\ProgramData\avg9\update\prepare\temp\cty.cty
C:\ProgramData\MFAData
C:\ProgramData\MFAData\logs\mfa-20101023-103618.log
C:\ProgramData\MFAData\logs\mfa-20101023-103657.log
C:\ProgramData\MFAData\logs\mfa-20101023-105304.log
C:\ProgramData\MFAData\logs\mfa-20110502-153214.log
C:\ProgramData\MFAData\logs\mfa-20110602-205637.log
C:\ProgramData\MFAData\logs\msi-20101023-103657.log
C:\ProgramData\MFAData\logs\msi-20110502-153214.log
C:\ProgramData\MFAData\logs\msi-20110602-205637.log
C:\ProgramData\MFAData\mfaurlconf.ini
C:\ProgramData\MFAData\mkt\hi\dm_marketing_message-hi.html
C:\ProgramData\MFAData\mkt\hi\Installation-Page_LinkScanner.html
C:\ProgramData\MFAData\mkt\hi\Installation-Page_Smart-Scanning.html
C:\ProgramData\MFAData\mkt\hi\Installation-Page_Social-Networking.html
C:\ProgramData\MFAData\mkt\res\LinkScanner-style.css
C:\ProgramData\MFAData\mkt\res\LinkScanner.jpg
C:\ProgramData\MFAData\mkt\res\OK.png
C:\ProgramData\MFAData\mkt\res\Smart-Scanning.jpg
C:\ProgramData\MFAData\mkt\res\SmartScanning-style.css
C:\ProgramData\MFAData\mkt\res\Social-Networking.jpg
C:\ProgramData\MFAData\mkt\res\SocialNetworking-style.css
C:\ProgramData\MFAData\mkt\us\dm_marketing_message-en-us.html
C:\ProgramData\MFAData\mkt\us\Installation-Page_LinkScanner.html
C:\ProgramData\MFAData\mkt\us\Installation-Page_Smart-Scanning.html
C:\ProgramData\MFAData\mkt\us\Installation-Page_Social-Networking.html
C:\ProgramData\MFAData\pack\bins\f10antirkx1144gw.bin
C:\ProgramData\MFAData\pack\bins\f10antivirx1144nv.bin
C:\ProgramData\MFAData\pack\bins\f10avgx1144kq.bin
C:\ProgramData\MFAData\pack\bins\f10avisx1144hd.bin
C:\ProgramData\MFAData\pack\bins\f10basex1144zs.bin
C:\ProgramData\MFAData\pack\bins\f10emailsx1144nx.bin
C:\ProgramData\MFAData\pack\bins\f10guix1144gk.bin
C:\ProgramData\MFAData\pack\bins\f10idatx1144br.bin
C:\ProgramData\MFAData\pack\bins\f10idpx1144ol.bin
C:\ProgramData\MFAData\pack\bins\f10lng_usx1144el.bin
C:\ProgramData\MFAData\pack\bins\f10onlnscx1144ji.bin
C:\ProgramData\MFAData\pack\bins\f10rdstx1144wq.bin
C:\ProgramData\MFAData\pack\bins\f10resshldx1144yk.bin
C:\ProgramData\MFAData\pack\bins\f10srchsrfx1144ub.bin
C:\ProgramData\MFAData\pack\bins\f10sshttpbx1144oo.bin
C:\ProgramData\MFAData\pack\bins\f10tdidrvx1144ck.bin
C:\ProgramData\MFAData\pack\bins\f10toolbarx1144rq.bin
C:\ProgramData\MFAData\pack\bins\f10tuneupx1144ud.bin
C:\ProgramData\MFAData\pack\bins\f10update2x1144bu.bin
C:\ProgramData\MFAData\pack\bins\f10updatex1144ed.bin
C:\ProgramData\MFAData\pack\bins\f10xplx1144qk.bin
C:\ProgramData\MFAData\pack\bins\foi10upgrade_lic8ry.bin
C:\ProgramData\MFAData\pack\bins\foi10upgrade_mis7re.bin
C:\ProgramData\MFAData\pack\bins\w10corex422af.bin
C:\ProgramData\MFAData\SelfUpd\avgatend.stp
C:\ProgramData\MFAData\SelfUpd\avgatupd.stp
C:\ProgramData\MFAData\SelfUpd\avgmfapx.exe
C:\ProgramData\MFAData\SelfUpd\avgmfarx.dll
C:\ProgramData\MFAData\SelfUpd\avgntdumpx.exe
C:\ProgramData\MFAData\SelfUpd\avgrunasx.exe
C:\ProgramData\MFAData\SelfUpd\avgupd.sig
C:\ProgramData\MFAData\SelfUpd\avgupdx.dll
C:\ProgramData\MFAData\SelfUpd\bins\f10mfa1144sv.bin
C:\ProgramData\MFAData\SelfUpd\bins\f10upd1144sf.bin
C:\ProgramData\MFAData\SelfUpd\htmlayout.dll
C:\ProgramData\MFAData\SelfUpd\license_cz.htm
C:\ProgramData\MFAData\SelfUpd\license_da.htm
C:\ProgramData\MFAData\SelfUpd\license_es.htm
C:\ProgramData\MFAData\SelfUpd\license_fr.htm
C:\ProgramData\MFAData\SelfUpd\license_ge.htm
C:\ProgramData\MFAData\SelfUpd\license_hu.htm
C:\ProgramData\MFAData\SelfUpd\license_id.htm
C:\ProgramData\MFAData\SelfUpd\license_in.htm
C:\ProgramData\MFAData\SelfUpd\license_it.htm
C:\ProgramData\MFAData\SelfUpd\license_jp.htm
C:\ProgramData\MFAData\SelfUpd\license_ko.htm
C:\ProgramData\MFAData\SelfUpd\license_ms.htm
C:\ProgramData\MFAData\SelfUpd\license_nl.htm
C:\ProgramData\MFAData\SelfUpd\license_pb.htm
C:\ProgramData\MFAData\SelfUpd\license_pl.htm
C:\ProgramData\MFAData\SelfUpd\license_pt.htm
C:\ProgramData\MFAData\SelfUpd\license_ru.htm
C:\ProgramData\MFAData\SelfUpd\license_sc.htm
C:\ProgramData\MFAData\SelfUpd\license_sk.htm
C:\ProgramData\MFAData\SelfUpd\license_sp.htm
C:\ProgramData\MFAData\SelfUpd\license_tr.htm
C:\ProgramData\MFAData\SelfUpd\license_us.htm
C:\ProgramData\MFAData\SelfUpd\license_zh.htm
C:\ProgramData\MFAData\SelfUpd\license_zt.htm
C:\ProgramData\MFAData\SelfUpd\mfaconf.txt
C:\ProgramData\MFAData\SelfUpd\mfacz.lns
C:\ProgramData\MFAData\SelfUpd\mfada.lns
C:\ProgramData\MFAData\SelfUpd\mfaes.lns
C:\ProgramData\MFAData\SelfUpd\mfafr.lns
C:\ProgramData\MFAData\SelfUpd\mfage.lns
C:\ProgramData\MFAData\SelfUpd\mfahu.lns
C:\ProgramData\MFAData\SelfUpd\mfaid.lns
C:\ProgramData\MFAData\SelfUpd\mfain.lns
C:\ProgramData\MFAData\SelfUpd\mfait.lns
C:\ProgramData\MFAData\SelfUpd\mfajp.lns
C:\ProgramData\MFAData\SelfUpd\mfako.lns
C:\ProgramData\MFAData\SelfUpd\mfams.lns
C:\ProgramData\MFAData\SelfUpd\mfanl.lns
C:\ProgramData\MFAData\SelfUpd\mfapb.lns
C:\ProgramData\MFAData\SelfUpd\mfapl.lns
C:\ProgramData\MFAData\SelfUpd\mfapt.lns
C:\ProgramData\MFAData\SelfUpd\mfaru.lns
C:\ProgramData\MFAData\SelfUpd\mfasc.lns
C:\ProgramData\MFAData\SelfUpd\mfask.lns
C:\ProgramData\MFAData\SelfUpd\mfasp.lns
C:\ProgramData\MFAData\SelfUpd\mfatr.lns
C:\ProgramData\MFAData\SelfUpd\mfaus.lns
C:\ProgramData\MFAData\SelfUpd\mfavera.txt
C:\ProgramData\MFAData\SelfUpd\mfaverx.txt
C:\ProgramData\MFAData\SelfUpd\mfazh.lns
C:\ProgramData\MFAData\SelfUpd\mfazt.lns
C:\ProgramData\MFAData\state.dat
C:\ProgramData\MFAData\sucamp.html
C:\ProgramData\ZangoSA
C:\ProgramData\ZangoSA\ZangoSA.dat
C:\ProgramData\ZangoSA\ZangoSA_kyf.dat
C:\ProgramData\ZangoSA\ZangoSAAbout.mht
C:\ProgramData\ZangoSA\ZangoSAau.dat
C:\ProgramData\ZangoSA\ZangoSAEULA.mht
C:\Users\Sophie\AppData\Local\{FA11EAEF-3266-4202-A954-552AB30E1532}
C:\Users\Sophie\AppData\Local\{FA11EAEF-3266-4202-A954-552AB30E1532}\chrome.manifest
C:\Users\Sophie\AppData\Local\{FA11EAEF-3266-4202-A954-552AB30E1532}\chrome\content\_cfg.js
C:\Users\Sophie\AppData\Local\{FA11EAEF-3266-4202-A954-552AB30E1532}\chrome\content\overlay.xul
C:\Users\Sophie\AppData\Local\{FA11EAEF-3266-4202-A954-552AB30E1532}\install.rdf
C:\Users\Sophie\AppData\Roaming\AVG10
C:\Users\Sophie\AppData\Roaming\AVG10\cfgall\usergui.cfg
C:\Users\Sophie\AppData\Roaming\install
C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.lnk
C:\Users\Sophie\AppData\Roaming\WeatherDPA
C:\Users\Sophie\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml
C:\Users\Sophie\AppData\Roaming\Zango

Infected copy of C:\Windows\explorer.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

Infected copy of C:\Windows\System32\wininit.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

Infected copy of C:\Windows\explorer.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
Infected copy of C:\Windows\System32\wininit.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVGIDSDRIVER
-------\Legacy_AVGIDSEH
-------\Legacy_AVGIDSFILTER
-------\Legacy_AVGIDSSHIM
-------\Legacy_AVGLDX86
-------\Legacy_AVGRKX86
-------\Legacy_AVGTDIX
-------\Service_Avg


((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))


2011-06-02 21:00:24 . 2011-06-02 21:00:51 -------- d-----w- C:\32788R22FWJFW
2011-05-28 13:07:16 . 2011-05-28 13:07:16 100736 ----a-w- C:\fxldypob.sys
2011-05-21 13:30:04 . 2011-05-21 13:30:04 -------- d-----w- C:\found.001
2011-05-16 18:12:00 . 2011-05-16 18:12:00 -------- d-----w- C:\Users\Sophie\AppData\Roaming\Malwarebytes
2011-05-16 18:11:23 . 2010-12-20 17:09:00 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-05-16 18:11:22 . 2011-05-16 18:11:22 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-16 18:11:19 . 2010-12-20 17:08:40 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-05-11 08:23:29 . 2011-05-11 08:23:29 -------- d-----w- C:\found.000
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "C:\Program Files\Search_USA\tbSear.dll" [2009-05-20 21:05:00 2085400]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "C:\Program Files\Vuze_Remote\tbVuze.dll" [2010-05-20 14:35:42 2675296]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
2009-05-20 21:05:00 2085400 ----a-w- C:\Program Files\Search_USA\tbSear.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-05-20 14:35:42 2675296 ----a-w- C:\Program Files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "C:\Program Files\Search_USA\tbSear.dll" [2009-05-20 21:05:00 2085400]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "C:\Program Files\Vuze_Remote\tbVuze.dll" [2010-05-20 14:35:42 2675296]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{48405D3D-2674-4CD8-B1EF-9A719443BD3F}"= "C:\Program Files\Search_USA\tbSear.dll" [2009-05-20 21:05:00 2085400]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "C:\Program Files\Vuze_Remote\tbVuze.dll" [2010-05-20 14:35:42 2675296]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 06:28:23 2153472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-27 21:38:55 39408]
"NSUFloatingUI"="C:\Program Files\Sony\Network Utility\LANUtil.exe" [2008-11-06 00:53:56 270336]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 16:44:34 3883856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2009-07-16 16:20:16 25604904]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 10:50:40 6295552]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 02:43:03 835584]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-08-22 00:08:15 150040]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-08-22 00:07:45 170520]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-08-22 00:08:02 145944]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-26 17:23:58 30192]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-04-02 15:54:21 148888]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 04:32:48 317280]
"MarketingTools"="C:\Program Files\Sony\Marketing Tools\MarketingTools.exe" [2008-11-27 22:00:49 24576]
"Wireless Manager"="C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 15:20:50 585728]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 04:08:38 35696]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 12:08:30 935288]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-03-17 20:53:36 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-06-15 15:33:44 141624]
"HTC Sync Loader"="C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-08-18 10:53:26 249856]
"Malwarebytes' Anti-Malware (reboot)"="C:\Users\Sophie\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 17:08:46 963976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-11-06 02:32:32 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R2 gupdate1c9b705a11e5950;Google Update Service (gupdate1c9b705a11e5950);C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-06 22:17:27 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-26 17:23:58 30192]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-06 22:17:27 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2010-12-20 17:09:00 38224]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 12:49:20 227232]
R3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [2008-10-21 18:52:36 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [2008-10-21 18:52:38 353568]
R3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [2008-10-21 18:52:38 62752]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 07:13:24 337184]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 07:10:48 83232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 12:16:28 753504]
S2 NSUService;NSUService;C:\Program Files\sony\Network Utility\NSUService.exe [2008-11-06 00:53:56 303104]
S2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-18 04:09:28 11032]
S2 RtkAudioService;Realtek Audio Service;C:\Windows\RtkAudioService.exe [2008-10-17 10:50:42 104992]
S2 uCamMonitor;CamMonitor;C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 18:59:10 104960]
S2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2008-09-05 18:56:58 411488]
S2 VCFw;VAIO Content Folder Watcher;C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-09-12 03:28:26 446464]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 22:06:40 17920]
S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2008-08-22 00:06:22 9344]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

Contents of the 'Scheduled Tasks' folder

2011-06-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-06 22:18:26 . 2009-04-06 22:17:27]

2011-05-16 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-06 22:18:26 . 2009-04-06 22:17:27]


------- Supplementary Scan -------

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-terrapoint700x0main.exe - C:\Users\Sophie\AppData\Roaming\301E9E8D40C6CA055E006E87E84D395E\terrapoint700x0main.exe



**************************************************************************
scanning hidden processes ...

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:29 PM

Posted 03 June 2011 - 06:39 PM

How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 FishyUK

FishyUK
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 04 June 2011 - 03:56 AM

Started it up in normal mode and ran an AVG scan - froze again a couple of minutes in :(

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:29 PM

Posted 04 June 2011 - 09:06 PM

Hello,

We have removed AVG so that is why it froze! Besides the Avg problem, how is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users