Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

At startup AVG finds threats - something is creating EXE files


  • This topic is locked This topic is locked
15 replies to this topic

#1 pcSOslow

pcSOslow

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 19 July 2011 - 03:45 AM

I have Windows 7 64bit

When I start my pc AVG finds threats everytime, something is creating EXE files in the c:\users\jason\appdata\local\temp\ folder

8C6D2DE0.EXE (seems to be the same file name everytime)

I allow AVG to do its thing and remove/move to vault. but when I restart the pc next time I get the same thing again.

I have attached the files dds.txt and attach.txt

Can anyone help remove this problem I am having ?

I understand that this reply will cause my post to return to the bottom of the pile for checking.

I have more information about the issue I am having.

Attached are screen shots of the AVG reporting the issue.

It mostly happens as I come out of the screen saver and log back in. Still happening when I turn the pc on as well.

EDIT: Posts merged ~Budapest

Attached Files


Edited by Budapest, 27 July 2011 - 08:38 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:56 AM

Posted 01 August 2011 - 06:41 AM

Hi pcSOslow,

Welcome to this form and apologies for the delay.

Please let me know if the issue is resolved. Otherwise do the following.

  • Please give me feedback about the current condition of your computer and the issue you are facing now.
  • Please download MBRCheck by clicking here and save it to your desktop.
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
    • A window will open on your desktop.
    • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter.
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
    • Please post the contents of that file in your next reply.
  • Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Click Run Scan button.
    • Two reports will open, copy and paste OTL.txt and attacht Extra.txt to your reply:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


#3 pcSOslow

pcSOslow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 01 August 2011 - 11:19 AM

Hello,

I have finally found the source of the virus and prevented it from starting up itself when the pc starts, once I figured out how to turn it off, someone suggested I use msconfig. But now I am curious how it got there so will investigate this a little more and see if there are any logs to show me the possible source of the file.

It was some how being run via the rundll32.exe file like so...

startup item
{DEC20AEC-CDAB-4e61-A50E-D6E3BC0 1BB30}

Manufacturer
Unknown

Command
C:\Windows\system32\rundll32.exe "C:\Users\Public\{DEC20AEC-CDAB-4e61-A50E-D6E3BC0 1BB30}.dll",AppStartup UserRun

----

I only found this out after stopping one by one the statrups that I thought it might have been. And after stopping the one above I did not get any more notifications about the virus from AVG so it must be this one?

So far I have turned off my pc a handfull of times and no sign on the virus alerts so seems to be the one.

Hopefully this will be the end of the problems I was having for some many weeks.

Thanks for your help on this.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:56 AM

Posted 01 August 2011 - 03:07 PM

Well done. :thumbup2:

Yes, I saw it on the log and was not sure if it was still there, that is why I wanted to run OTL.

Have you just stopped it or removed all the related entries?

Do want the topic to be closed?

#5 pcSOslow

pcSOslow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 02 August 2011 - 12:41 AM

Hey,

At present I have only stopped the startup from starting !

I have just run both the files you suggested and nothing found with MBRCheck. Attached are the MBRCheck... and Extras.txt files, with the OTL.txt file shown below as requested.

Cheers




OTL.txt


OTL logfile created on: 02/08/2011 06:09:49 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Jason\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 36.04% Memory free
4.70 Gb Paging File | 2.47 Gb Available in Paging File | 52.59% Paging File free
Paging file location(s): c:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.95 Gb Total Space | 33.67 Gb Free Space | 14.97% Space Free | Partition Type: NTFS
Drive D: | 225.71 Gb Total Space | 71.81 Gb Free Space | 31.81% Space Free | Partition Type: NTFS
Drive P: | 1862.36 Gb Total Space | 809.08 Gb Free Space | 43.44% Space Free | Partition Type: NTFS

Computer Name: RH | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/02 06:08:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Downloads\OTL.exe
PRC - [2011/06/21 20:16:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/08/12 10:40:00 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2010/06/07 13:51:24 | 000,141,312 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/02/28 12:57:54 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe
PRC - [2008/02/28 12:57:36 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmon.exe
PRC - [2006/09/28 09:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/10/24 05:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/08/02 06:08:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Downloads\OTL.exe
MOD - [2011/06/10 17:50:13 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcr80.dll
MOD - [2011/06/10 17:50:13 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcp80.dll
MOD - [2011/02/15 16:25:56 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
MOD - [2010/11/20 13:21:36 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2010/11/20 13:19:48 | 002,341,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/14 02:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/14 02:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/14 02:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/15 16:26:18 | 000,822,264 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2010/01/21 16:24:56 | 000,130,048 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/08/11 00:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009/08/11 00:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/02/19 10:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbkcoms.exe -- (lxbk_device)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/05/18 15:33:38 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/07/28 22:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/09 20:43:07 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/19 10:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxbkcoms.exe -- (lxbk_device)
SRV - [2007/04/21 15:54:10 | 000,052,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)
SRV - [2006/09/28 09:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2000/06/29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Stopped] -- C:\Windows\SysWow64\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/15 16:25:38 | 000,033,528 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/02/08 01:06:42 | 000,056,968 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\networx.sys -- (networx)
DRV:64bit: - [2011/01/20 02:07:01 | 000,503,352 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/01/03 09:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/01/03 09:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/01/03 09:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010/12/21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/07/30 15:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/07/30 15:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/07/30 15:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/07/30 15:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/07/26 13:24:58 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010/07/26 13:24:54 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2010/07/12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/05/20 15:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/10/07 12:01:00 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/09/26 12:31:02 | 000,804,864 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/11/15 20:33:58 | 000,528,256 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkTMini.sys -- (StkTMini)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/03/05 06:49:38 | 000,047,888 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2007/03/05 06:48:12 | 000,037,648 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV:64bit: - [2007/03/05 06:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BtNetDrv.sys -- (BT)
DRV:64bit: - [2007/03/05 06:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VcommMgr.sys -- (VcommMgr)
DRV:64bit: - [2007/03/05 06:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm)
DRV:64bit: - [2007/03/05 06:35:40 | 000,037,648 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/03/05 06:49:38 | 000,047,888 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007/03/05 06:48:12 | 000,037,648 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/03/05 06:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/05 06:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/05 06:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007/03/05 06:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007/03/05 06:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm)
DRV - [2007/03/05 06:35:40 | 000,037,648 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2000/02/03 20:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s1300&r=173608104216p0435v105y4541226n
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s1300&r=173608104216p0435v105y4541226n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s1300&r=173608104216p0435v105y4541226n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s1300&r=173608104216p0435v105y4541226n
IE - HKLM\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s1300&r=173608104216p0435v105y4541226n
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {AB7308B2-C13C-4eba-AC78-2AD55B96EE09}:3.0.0
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: video.downloader.plugin@ffpimp.com:3.3.5
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbb62f3&v=7.005.030.004&i=23&tp=ab&iy=b&ychte=uk&lng=en-GB&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/08/23 13:38:02 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/08/23 13:38:02 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Jason\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011/05/21 10:03:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/06/11 08:16:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/02/02 17:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\AdobeCS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/03/15 20:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/07/12 09:54:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/11 08:39:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/11 08:39:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/04/12 13:17:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/05/21 09:39:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/27 16:37:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/21 20:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/17 20:25:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/02/02 17:47:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files (x86)\DAP\DAPFireFox [2011/02/22 10:19:23 | 000,000,000 | ---D | M]

[2010/08/22 09:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2011/07/30 11:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions
[2011/06/21 20:17:07 | 000,000,000 | ---D | M] (FreeSoundRecorder Community Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
[2011/06/22 06:17:49 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2011/06/22 20:06:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/21 20:17:00 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2010/08/31 13:11:29 | 000,000,000 | ---D | M] (CSS Validator) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
[2010/08/30 00:31:22 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/06/28 09:01:06 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/05/04 22:25:23 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/06/21 20:17:12 | 000,000,000 | ---D | M] (FreeOnlineRadioPlayerRecorder Community Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
[2011/05/28 07:02:55 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\engine@conduit.com
[2011/06/10 15:11:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/04 20:14:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 07:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/08 03:30:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/12 09:54:43 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/06/11 08:16:41 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YG353QMB.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YG353QMB.DEFAULT\EXTENSIONS\{F8E09DAD-AF77-4AD4-A443-8A72451A7039}.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YG353QMB.DEFAULT\EXTENSIONS\CHECK4CHANGE-OWNER@MOZDEV.ORG.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YG353QMB.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YG353QMB.DEFAULT\EXTENSIONS\LINKY@GEMAL.DK.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YG353QMB.DEFAULT\EXTENSIONS\VALIDATOR@TOTALVALIDATOR.COM.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YG353QMB.DEFAULT\EXTENSIONS\VIDEO.DOWNLOADER.PLUGIN@FFPIMP.COM.XPI
[2011/06/21 20:16:22 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/14 19:30:31 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/14 19:30:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/05/14 19:30:31 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/14 19:30:31 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/14 19:30:31 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\AdobeCS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\AdobeCS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ada20e84-702e-11e0-95b6-001060f14ffb}\Shell - "" = AutoRun
O33 - MountPoints2\{ada20e84-702e-11e0-95b6-001060f14ffb}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{ada20e95-702e-11e0-95b6-001060f14ffb}\Shell - "" = AutoRun
O33 - MountPoints2\{ada20e95-702e-11e0-95b6-001060f14ffb}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{ca026886-aeab-11df-84ae-b1f39da00352}\Shell - "" = AutoRun
O33 - MountPoints2\{ca026886-aeab-11df-84ae-b1f39da00352}\Shell\AutoRun\command - "" = "O:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/02 05:53:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{E5820B81-D86D-4626-9633-5E4FA6B978CA}
[2011/08/01 16:16:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BBAEE11A-D9F2-4DC3-B94A-1F5A36733FAC}
[2011/07/31 03:07:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{32730FF2-B77B-4EF6-9518-13A02CE66BD0}
[2011/07/30 11:44:37 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{3361976D-01D5-4288-A5EC-D5859062E087}
[2011/07/28 20:27:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{C11A5B64-57CE-4108-8E62-CB30EDA31060}
[2011/07/28 08:27:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{A767FB69-A5B2-459D-9A3A-1B29C052E265}
[2011/07/27 20:27:19 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{DBC6EABA-5301-4152-8457-CAEADC8BE73F}
[2011/07/27 08:26:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{3CB9D8FF-B11D-4458-A23F-8120283614CF}
[2011/07/27 07:48:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\screen saver virus details
[2011/07/26 20:26:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{B6EC6617-CE37-41C7-9BDE-A0E3376567E0}
[2011/07/26 20:26:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BDC1DC76-DA92-4921-90E3-0BC88D9E89F0}
[2011/07/26 08:25:29 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7655681C-37C4-420F-8797-2906533B9314}
[2011/07/25 09:58:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{C5CC5058-FC88-4F47-B684-750DE41C919B}
[2011/07/24 21:57:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{628B9DD3-C240-48D0-B405-6A1C9002BF6F}
[2011/07/24 07:39:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{E98695B3-051D-4ADD-9D3E-4E74F2162B46}
[2011/07/24 07:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web Coder
[2011/07/24 07:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Coder
[2011/07/24 07:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Graphic Maker-7
[2011/07/24 07:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Style-7
[2011/07/23 18:49:02 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Banner Creator (Free Edition) 1.0
[2011/07/23 18:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Banner Creator (Free Edition) 1.0
[2011/07/23 18:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Banner Creator (Free Edition) 1.0
[2011/07/23 16:19:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{C3DEAE8A-7598-410E-8BF3-FC29A2C28282}
[2011/07/23 04:19:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{71FD49BD-972F-49B8-938C-8C15B5DE255A}
[2011/07/22 15:22:39 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{9456A8D2-0C5B-41A6-95F0-5B4B42E1FECF}
[2011/07/22 01:40:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{3C09E274-FF2D-4CB3-8F58-DB50B5C574D7}
[2011/07/21 08:33:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{62896218-9159-4EC4-8751-8EA240B09261}
[2011/07/20 19:34:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{DE7CE0DB-2250-4A31-8693-DC36E5281B20}
[2011/07/20 07:34:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{130D3592-3E4F-4E07-B4A6-C8118C3C377D}
[2011/07/19 17:59:37 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{69D087CB-9CDF-4206-8860-612FF9CF1E37}
[2011/07/19 09:18:18 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\hj stuff
[2011/07/19 08:34:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\All Users
[2011/07/19 08:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/07/19 08:20:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/19 08:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Vbox
[2011/07/19 05:59:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BDF09590-4ED8-4C52-9496-E1F525536219}
[2011/07/18 11:27:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{3B352DAD-1968-4655-8D7E-8164BD558AD7}
[2011/07/17 23:26:32 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{FAEA79C5-D038-4038-BB54-439ECE107B34}
[2011/07/16 11:24:32 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{4C54A70C-8E56-4E0E-A506-3DF4630C8B52}
[2011/07/13 23:21:16 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{0E399BEE-A4C3-4F2E-A420-F6A7C38E758C}
[2011/07/13 13:16:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\from my floppy
[2011/07/12 23:19:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{04B0563F-0FF0-4F99-B12A-0483AF66B5AE}
[2011/07/12 11:19:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{35FC8377-0ADC-4686-9453-156800FD9DEF}
[2011/07/12 11:18:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{D4A8F0D0-2B72-4059-8B1B-C15D3BF317FB}
[2011/07/11 23:18:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{EA2480AD-1601-48F4-8E78-163B793E8D7F}
[2011/07/11 18:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/11 11:17:27 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{51FAF32E-E02E-4BAD-83AB-5A0AC0239C51}
[2011/07/10 23:16:54 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{099488AA-0F74-4761-AAAF-F23DA3169164}
[2011/07/10 11:16:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{061958CC-C4A1-482A-9109-E6FF4E90B7D8}
[2011/07/10 00:47:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\bandb history sites
[2011/07/09 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{FDEBB1A3-7433-446B-B335-0964BDEEAD48}
[2011/07/09 14:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\+Extract
[2011/07/09 14:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\+Extract
[2011/07/09 14:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/07/08 23:14:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BE5A2C36-9C73-4E9F-A4B6-F001AD717076}
[2011/07/08 23:14:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{8ABB9370-4EE7-4D2D-BDB7-0453BE6FFD57}
[2011/07/08 11:13:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{9206D544-E5F4-48B5-A3B3-79CF671090C4}
[2011/07/07 23:13:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{03DBCA58-907A-4A4D-8FE0-68E74FD62393}
[2011/07/07 12:39:23 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\2011-07-07
[2011/07/07 11:12:17 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{2E0E5D2D-95DB-475E-89FA-C6E9B279126E}
[2011/07/07 11:11:56 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{4C13877F-0067-44F1-9A3F-95743CD89CE0}
[2011/07/06 23:11:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7BA9E4C3-8E18-45EC-89F9-66F322678D06}
[2011/07/06 11:10:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{1CADE3EB-34F6-449D-80B5-23C0CB3FB709}
[2011/07/05 23:10:16 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{8C73D8E3-1AF8-43DA-9D27-BCB21B96C650}
[2011/07/05 23:09:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{A59657F8-FBAD-4DD6-85CF-174F4440DC0E}
[2011/07/05 11:09:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{523CE90E-C3B0-45D2-93D9-4C1AFDAE7BFD}
[2011/07/05 11:09:02 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{799E70E0-933D-45BB-8F20-516C87506E86}
[2011/07/05 06:30:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Hulubulu
[2011/07/05 06:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Renamer
[2011/07/05 06:30:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Renamer
[2011/07/05 06:22:36 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\PandaBatchFileRenamer
[2011/07/05 06:22:27 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Animal Software
[2011/07/04 23:07:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{ED936093-C80F-4BA0-8094-6B3C8BDC0F72}
[2011/07/04 21:31:25 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\FastStone
[2011/07/04 21:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
[2011/07/04 21:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Image Viewer
[2011/07/03 23:06:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7A15C09A-6AF9-41AA-8FD1-123DF960EEA7}
[2011/07/03 11:05:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{66F1213F-8907-4E3F-8C6B-AEE69FCAC74D}
[2011/07/03 11:04:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{0F8ECE05-D37E-4748-816D-07EEA1BD28D3}
[2011/07/03 10:58:02 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\videos to convert
[2011/07/03 10:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/07/03 10:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2011/01/26 19:44:25 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2011/01/26 19:44:25 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2011/01/26 19:44:25 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2011/01/26 19:44:25 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2011/01/26 19:44:25 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2011/01/26 19:44:25 | 000,537,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe
[2011/01/26 19:44:25 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2011/01/26 19:44:25 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2011/01/26 19:44:25 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2011/01/26 19:44:25 | 000,385,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe
[2011/01/26 19:44:25 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe
[2011/01/26 19:44:25 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2011/01/26 19:44:25 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[2011/01/26 19:44:24 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2011/01/26 19:44:24 | 000,381,608 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Jason\AppData\Local\*.tmp files -> C:\Users\Jason\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/02 05:55:15 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/02 05:54:37 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/02 05:54:37 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/02 05:46:27 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/02 05:46:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/02 05:45:53 | 2214,092,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/01 20:40:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3200502815-488898420-1765329400-1000UA.job
[2011/08/01 19:40:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3200502815-488898420-1765329400-1000Core.job
[2011/08/01 15:45:46 | 126,488,478 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/07/26 10:16:09 | 000,085,415 | ---- | M] () -- C:\Users\Jason\Desktop\results views.jpg
[2011/07/26 10:15:19 | 000,001,867 | ---- | M] () -- C:\Users\Jason\Desktop\RECOVERY SOFTWARE - Shortcut.lnk
[2011/07/26 10:15:19 | 000,001,576 | ---- | M] () -- C:\Users\Jason\Desktop\nokia contacts as of dec 2010 - Shortcut.lnk
[2011/07/24 18:22:53 | 000,279,263 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/07/21 18:47:18 | 000,001,011 | ---- | M] () -- C:\Users\Jason\Desktop\ipn.php
[2011/07/20 20:21:55 | 000,019,968 | ---- | M] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/20 07:33:12 | 000,002,351 | ---- | M] () -- C:\Users\Jason\Desktop\from course - Shortcut.lnk
[2011/07/20 07:33:11 | 000,001,839 | ---- | M] () -- C:\Users\Jason\Desktop\ranking tools - Shortcut.lnk
[2011/07/20 07:33:10 | 000,001,749 | ---- | M] () -- C:\Users\Jason\Desktop\UK INFO DISK 2003 - Shortcut.lnk
[2011/07/19 08:47:44 | 000,000,214 | ---- | M] () -- C:\Users\Jason\defogger_reenable
[2011/07/19 08:20:25 | 000,007,598 | ---- | M] () -- C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
[2011/07/14 08:26:10 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/14 08:26:10 | 000,628,468 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/14 08:26:10 | 000,110,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/04 11:28:00 | 034,987,400 | ---- | M] () -- C:\Users\Jason\Desktop\decco 6 7.pdf
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Jason\AppData\Local\*.tmp files -> C:\Users\Jason\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/26 10:15:08 | 000,085,415 | ---- | C] () -- C:\Users\Jason\Desktop\results views.jpg
[2011/07/21 18:47:18 | 000,001,011 | ---- | C] () -- C:\Users\Jason\Desktop\ipn.php
[2011/07/19 08:47:43 | 000,000,214 | ---- | C] () -- C:\Users\Jason\defogger_reenable
[2011/07/11 20:07:50 | 000,002,351 | ---- | C] () -- C:\Users\Jason\Desktop\from course - Shortcut.lnk
[2011/07/04 11:26:08 | 034,987,400 | ---- | C] () -- C:\Users\Jason\Desktop\decco 6 7.pdf
[2011/07/03 10:31:24 | 000,001,130 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
[2011/05/14 15:05:14 | 000,000,000 | ---- | C] () -- C:\Users\Jason\AppData\Local\{535ECD78-F03B-4C54-8BE7-AE4EBE38F637}
[2011/04/27 09:48:35 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2011/03/16 20:50:44 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/03/08 14:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/03/08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/03/08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/03/08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/03/08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/01/26 19:44:25 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2011/01/26 19:44:25 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2011/01/21 20:51:52 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/01/21 20:51:52 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/11/17 23:19:03 | 000,000,279 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010/10/18 15:04:43 | 000,000,044 | ---- | C] () -- C:\Users\Jason\AppData\Local\RAContactHistory.xml
[2010/10/07 09:36:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/09/28 15:39:20 | 000,007,598 | ---- | C] () -- C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
[2010/09/26 17:15:26 | 000,019,968 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/24 18:07:03 | 000,000,126 | ---- | C] () -- C:\Windows\wininit.ini
[2010/09/24 17:50:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/02 08:20:50 | 000,000,027 | ---- | C] () -- C:\Windows\UKid.INI
[2010/08/30 12:57:29 | 000,002,518 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\wklnhst.dat
[2010/08/27 10:52:43 | 000,000,147 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010/08/27 10:52:40 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2010/08/27 10:52:40 | 000,024,608 | ---- | C] () -- C:\Windows\SysWow64\Ckldrv.sys
[2010/08/27 10:52:40 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010/08/27 10:52:40 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010/08/23 23:21:40 | 000,001,675 | ---- | C] () -- C:\Windows\AZPR3.INI
[2010/08/22 13:38:56 | 000,038,998 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/08/22 12:15:23 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/22 09:57:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/22 09:31:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/10/09 01:29:22 | 000,032,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\BTNetFilter.sys
[2004/07/01 18:38:56 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\zip.exe
[2004/07/01 18:38:44 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\lttls13n.dll
[2004/07/01 18:38:38 | 000,708,608 | ---- | C] () -- C:\Windows\SysWow64\ltcry13n.dll
[2004/07/01 18:38:28 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2004/07/01 18:38:28 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:91E29860
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2B11E0DF

< End of report >

Attached Files


Edited by pcSOslow, 02 August 2011 - 12:42 AM.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:56 AM

Posted 02 August 2011 - 03:00 AM

It is not showing up on the log because you stopped it from running. We need to remove it and a couple of other entries.

First delete the following file:

C:\Users\Public\{DEC20AEC-CDAB-4e61-A50E-D6E3BC0 1BB30}.dll

Then let the startup run again, then run OTL again and post the OTL.txt file, it will not make the Extra.txt this time.

#7 pcSOslow

pcSOslow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 02 August 2011 - 05:29 AM

ok I have removed the offending file and then restarted the pc using 'normal startup' and run the OTL, here is the log...

OTL logfile created on: 02/08/2011 11:10:46 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Jason\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 33.58% Memory free
4.70 Gb Paging File | 2.59 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): c:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.95 Gb Total Space | 33.74 Gb Free Space | 15.00% Space Free | Partition Type: NTFS
Drive D: | 225.71 Gb Total Space | 71.81 Gb Free Space | 31.81% Space Free | Partition Type: NTFS
Drive P: | 1862.36 Gb Total Space | 809.08 Gb Free Space | 43.44% Space Free | Partition Type: NTFS

Computer Name: RH | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/02 06:08:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2011/05/27 16:36:54 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/05/14 12:47:31 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/05/11 17:41:10 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/08/12 10:40:00 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2010/06/07 13:51:24 | 000,141,312 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
PRC - [2010/05/20 15:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:26:26 | 000,119,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/10 08:50:32 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/02/28 12:57:54 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe
PRC - [2008/02/28 12:57:36 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmon.exe
PRC - [2006/09/28 09:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/10/24 05:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/08/02 06:08:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
MOD - [2011/06/10 17:50:13 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcr80.dll
MOD - [2011/06/10 17:50:13 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcp80.dll
MOD - [2011/02/15 16:25:56 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
MOD - [2010/11/20 13:21:36 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2010/11/20 13:19:48 | 002,341,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/14 02:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/14 02:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/14 02:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/15 16:26:18 | 000,822,264 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2010/01/21 16:24:56 | 000,130,048 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/08/11 00:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009/08/11 00:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/02/19 10:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbkcoms.exe -- (lxbk_device)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/05/18 15:33:38 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/07/28 22:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/09 20:43:07 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/19 10:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxbkcoms.exe -- (lxbk_device)
SRV - [2007/04/21 15:54:10 | 000,052,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)
SRV - [2006/09/28 09:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2000/06/29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Stopped] -- C:\Windows\SysWow64\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/15 16:25:38 | 000,033,528 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/02/08 01:06:42 | 000,056,968 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\networx.sys -- (networx)
DRV:64bit: - [2011/01/20 02:07:01 | 000,503,352 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/01/03 09:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/01/03 09:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/01/03 09:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010/12/21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/07/30 15:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/07/30 15:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/07/30 15:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/07/30 15:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/07/26 13:24:58 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010/07/26 13:24:54 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2010/07/12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/05/20 15:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/10/07 12:01:00 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/09/26 12:31:02 | 000,804,864 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/11/15 20:33:58 | 000,528,256 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkTMini.sys -- (StkTMini)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/03/05 06:49:38 | 000,047,888 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2007/03/05 06:48:12 | 000,037,648 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV:64bit: - [2007/03/05 06:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BtNetDrv.sys -- (BT)
DRV:64bit: - [2007/03/05 06:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VcommMgr.sys -- (VcommMgr)
DRV:64bit: - [2007/03/05 06:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm)
DRV:64bit: - [2007/03/05 06:35:40 | 000,037,648 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/03/05 06:49:38 | 000,047,888 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007/03/05 06:48:12 | 000,037,648 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/03/05 06:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/05 06:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/05 06:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007/03/05 06:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007/03/05 06:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm)
DRV - [2007/03/05 06:35:40 | 000,037,648 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2000/02/03 20:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s1300&r=173608104216p0435v105y4541226n
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s1300&r=173608104216p0435v105y4541226n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s1300&r=173608104216p0435v105y4541226n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s1300&r=173608104216p0435v105y4541226n
IE - HKLM\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s1300&r=173608104216p0435v105y4541226n
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {AB7308B2-C13C-4eba-AC78-2AD55B96EE09}:3.0.0
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: video.downloader.plugin@ffpimp.com:3.3.5
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbb62f3&v=7.005.030.004&i=23&tp=ab&iy=b&ychte=uk&lng=en-GB&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/08/23 13:38:02 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/08/23 13:38:02 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Jason\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011/05/21 10:03:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/06/11 08:16:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/02/02 17:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\AdobeCS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/03/15 20:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/07/12 09:54:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/11 08:39:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/11 08:39:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/04/12 13:17:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/05/21 09:39:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/27 16:37:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/21 20:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/17 20:25:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/02/02 17:47:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files (x86)\DAP\DAPFireFox [2011/02/22 10:19:23 | 000,000,000 | ---D | M]

[2010/08/22 09:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2011/07/30 11:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions
[2011/06/21 20:17:07 | 000,000,000 | ---D | M] (FreeSoundRecorder Community Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
[2011/06/22 06:17:49 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2011/06/22 20:06:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/21 20:17:00 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2010/08/31 13:11:29 | 000,000,000 | ---D | M] (CSS Validator) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
[2010/08/30 00:31:22 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/06/28 09:01:06 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/05/04 22:25:23 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/06/21 20:17:12 | 000,000,000 | ---D | M] (FreeOnlineRadioPlayerRecorder Community Toolbar) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
[2011/05/28 07:02:55 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\yg353qmb.default\extensions\engine@conduit.com
[2011/06/10 15:11:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/04 20:14:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 07:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/08 03:30:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/12 09:54:43 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/06/11 08:16:41 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YG353QMB.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YG353QMB.DEFAULT\EXTENSIONS\{F8E09DAD-AF77-4AD4-A443-8A72451A7039}.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YG353QMB.DEFAULT\EXTENSIONS\CHECK4CHANGE-OWNER@MOZDEV.ORG.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YG353QMB.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YG353QMB.DEFAULT\EXTENSIONS\LINKY@GEMAL.DK.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YG353QMB.DEFAULT\EXTENSIONS\VALIDATOR@TOTALVALIDATOR.COM.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YG353QMB.DEFAULT\EXTENSIONS\VIDEO.DOWNLOADER.PLUGIN@FFPIMP.COM.XPI
[2011/06/21 20:16:22 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/14 19:30:31 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/14 19:30:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/05/14 19:30:31 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/14 19:30:31 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/14 19:30:31 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\AdobeCS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\AdobeCS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files (x86)\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000..\Run: [{DEC20AEC-CDAB-4e61-A50E-D6E3BC01BB30}] File not found
O4 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ada20e84-702e-11e0-95b6-001060f14ffb}\Shell - "" = AutoRun
O33 - MountPoints2\{ada20e84-702e-11e0-95b6-001060f14ffb}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{ada20e95-702e-11e0-95b6-001060f14ffb}\Shell - "" = AutoRun
O33 - MountPoints2\{ada20e95-702e-11e0-95b6-001060f14ffb}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{ca026886-aeab-11df-84ae-b1f39da00352}\Shell - "" = AutoRun
O33 - MountPoints2\{ca026886-aeab-11df-84ae-b1f39da00352}\Shell\AutoRun\command - "" = "O:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/02 06:08:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2011/08/02 05:53:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{E5820B81-D86D-4626-9633-5E4FA6B978CA}
[2011/08/01 16:16:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BBAEE11A-D9F2-4DC3-B94A-1F5A36733FAC}
[2011/07/31 03:07:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{32730FF2-B77B-4EF6-9518-13A02CE66BD0}
[2011/07/30 11:44:37 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{3361976D-01D5-4288-A5EC-D5859062E087}
[2011/07/28 20:27:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{C11A5B64-57CE-4108-8E62-CB30EDA31060}
[2011/07/28 08:27:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{A767FB69-A5B2-459D-9A3A-1B29C052E265}
[2011/07/27 20:27:19 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{DBC6EABA-5301-4152-8457-CAEADC8BE73F}
[2011/07/27 08:26:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{3CB9D8FF-B11D-4458-A23F-8120283614CF}
[2011/07/27 07:48:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\screen saver virus details
[2011/07/26 20:26:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{B6EC6617-CE37-41C7-9BDE-A0E3376567E0}
[2011/07/26 20:26:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BDC1DC76-DA92-4921-90E3-0BC88D9E89F0}
[2011/07/26 08:25:29 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7655681C-37C4-420F-8797-2906533B9314}
[2011/07/25 09:58:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{C5CC5058-FC88-4F47-B684-750DE41C919B}
[2011/07/24 21:57:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{628B9DD3-C240-48D0-B405-6A1C9002BF6F}
[2011/07/24 07:39:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{E98695B3-051D-4ADD-9D3E-4E74F2162B46}
[2011/07/24 07:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web Coder
[2011/07/24 07:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Coder
[2011/07/24 07:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Graphic Maker-7
[2011/07/24 07:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Style-7
[2011/07/23 18:49:02 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Banner Creator (Free Edition) 1.0
[2011/07/23 18:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Banner Creator (Free Edition) 1.0
[2011/07/23 18:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Banner Creator (Free Edition) 1.0
[2011/07/23 16:19:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{C3DEAE8A-7598-410E-8BF3-FC29A2C28282}
[2011/07/23 04:19:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{71FD49BD-972F-49B8-938C-8C15B5DE255A}
[2011/07/22 15:22:39 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{9456A8D2-0C5B-41A6-95F0-5B4B42E1FECF}
[2011/07/22 01:40:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{3C09E274-FF2D-4CB3-8F58-DB50B5C574D7}
[2011/07/21 08:33:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{62896218-9159-4EC4-8751-8EA240B09261}
[2011/07/20 19:34:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{DE7CE0DB-2250-4A31-8693-DC36E5281B20}
[2011/07/20 07:34:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{130D3592-3E4F-4E07-B4A6-C8118C3C377D}
[2011/07/19 17:59:37 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{69D087CB-9CDF-4206-8860-612FF9CF1E37}
[2011/07/19 09:18:18 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\hj stuff
[2011/07/19 08:34:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\All Users
[2011/07/19 08:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/07/19 08:20:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/19 08:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Vbox
[2011/07/19 05:59:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BDF09590-4ED8-4C52-9496-E1F525536219}
[2011/07/18 11:27:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{3B352DAD-1968-4655-8D7E-8164BD558AD7}
[2011/07/17 23:26:32 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{FAEA79C5-D038-4038-BB54-439ECE107B34}
[2011/07/16 11:24:32 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{4C54A70C-8E56-4E0E-A506-3DF4630C8B52}
[2011/07/13 23:21:16 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{0E399BEE-A4C3-4F2E-A420-F6A7C38E758C}
[2011/07/13 13:16:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\from my floppy
[2011/07/12 23:19:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{04B0563F-0FF0-4F99-B12A-0483AF66B5AE}
[2011/07/12 11:19:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{35FC8377-0ADC-4686-9453-156800FD9DEF}
[2011/07/12 11:18:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{D4A8F0D0-2B72-4059-8B1B-C15D3BF317FB}
[2011/07/11 23:18:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{EA2480AD-1601-48F4-8E78-163B793E8D7F}
[2011/07/11 18:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/11 11:17:27 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{51FAF32E-E02E-4BAD-83AB-5A0AC0239C51}
[2011/07/10 23:16:54 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{099488AA-0F74-4761-AAAF-F23DA3169164}
[2011/07/10 11:16:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{061958CC-C4A1-482A-9109-E6FF4E90B7D8}
[2011/07/10 00:47:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\bandb history sites
[2011/07/09 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{FDEBB1A3-7433-446B-B335-0964BDEEAD48}
[2011/07/09 14:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\+Extract
[2011/07/09 14:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\+Extract
[2011/07/09 14:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/07/08 23:14:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BE5A2C36-9C73-4E9F-A4B6-F001AD717076}
[2011/07/08 23:14:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{8ABB9370-4EE7-4D2D-BDB7-0453BE6FFD57}
[2011/07/08 11:13:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{9206D544-E5F4-48B5-A3B3-79CF671090C4}
[2011/07/07 23:13:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{03DBCA58-907A-4A4D-8FE0-68E74FD62393}
[2011/07/07 12:39:23 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\2011-07-07
[2011/07/07 11:12:17 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{2E0E5D2D-95DB-475E-89FA-C6E9B279126E}
[2011/07/07 11:11:56 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{4C13877F-0067-44F1-9A3F-95743CD89CE0}
[2011/07/06 23:11:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7BA9E4C3-8E18-45EC-89F9-66F322678D06}
[2011/07/06 11:10:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{1CADE3EB-34F6-449D-80B5-23C0CB3FB709}
[2011/07/05 23:10:16 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{8C73D8E3-1AF8-43DA-9D27-BCB21B96C650}
[2011/07/05 23:09:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{A59657F8-FBAD-4DD6-85CF-174F4440DC0E}
[2011/07/05 11:09:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{523CE90E-C3B0-45D2-93D9-4C1AFDAE7BFD}
[2011/07/05 11:09:02 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{799E70E0-933D-45BB-8F20-516C87506E86}
[2011/07/05 06:30:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Hulubulu
[2011/07/05 06:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Renamer
[2011/07/05 06:30:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Renamer
[2011/07/05 06:22:36 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\PandaBatchFileRenamer
[2011/07/05 06:22:27 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Animal Software
[2011/07/04 23:07:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{ED936093-C80F-4BA0-8094-6B3C8BDC0F72}
[2011/07/04 21:31:25 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\FastStone
[2011/07/04 21:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
[2011/07/04 21:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Image Viewer
[2011/07/03 23:06:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7A15C09A-6AF9-41AA-8FD1-123DF960EEA7}
[2011/01/26 19:44:25 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2011/01/26 19:44:25 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2011/01/26 19:44:25 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2011/01/26 19:44:25 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2011/01/26 19:44:25 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2011/01/26 19:44:25 | 000,537,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe
[2011/01/26 19:44:25 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2011/01/26 19:44:25 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2011/01/26 19:44:25 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2011/01/26 19:44:25 | 000,385,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe
[2011/01/26 19:44:25 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe
[2011/01/26 19:44:25 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2011/01/26 19:44:25 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[2011/01/26 19:44:24 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2011/01/26 19:44:24 | 000,381,608 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Jason\AppData\Local\*.tmp files -> C:\Users\Jason\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/02 11:15:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/02 11:15:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/02 11:05:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/02 11:05:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/02 11:05:12 | 2214,092,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/02 10:40:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3200502815-488898420-1765329400-1000UA.job
[2011/08/02 09:55:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/02 09:26:11 | 126,508,289 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/08/02 06:08:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2011/08/01 19:40:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3200502815-488898420-1765329400-1000Core.job
[2011/07/26 10:16:09 | 000,085,415 | ---- | M] () -- C:\Users\Jason\Desktop\results views.jpg
[2011/07/26 10:15:19 | 000,001,867 | ---- | M] () -- C:\Users\Jason\Desktop\RECOVERY SOFTWARE - Shortcut.lnk
[2011/07/26 10:15:19 | 000,001,576 | ---- | M] () -- C:\Users\Jason\Desktop\nokia contacts as of dec 2010 - Shortcut.lnk
[2011/07/24 18:22:53 | 000,279,263 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/07/21 18:47:18 | 000,001,011 | ---- | M] () -- C:\Users\Jason\Desktop\ipn.php
[2011/07/20 20:21:55 | 000,019,968 | ---- | M] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/20 07:33:12 | 000,002,351 | ---- | M] () -- C:\Users\Jason\Desktop\from course - Shortcut.lnk
[2011/07/20 07:33:11 | 000,001,839 | ---- | M] () -- C:\Users\Jason\Desktop\ranking tools - Shortcut.lnk
[2011/07/20 07:33:10 | 000,001,749 | ---- | M] () -- C:\Users\Jason\Desktop\UK INFO DISK 2003 - Shortcut.lnk
[2011/07/19 08:47:44 | 000,000,214 | ---- | M] () -- C:\Users\Jason\defogger_reenable
[2011/07/19 08:20:25 | 000,007,598 | ---- | M] () -- C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
[2011/07/14 08:26:10 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/14 08:26:10 | 000,628,468 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/14 08:26:10 | 000,110,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/04 11:28:00 | 034,987,400 | ---- | M] () -- C:\Users\Jason\Desktop\decco 6 7.pdf
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Jason\AppData\Local\*.tmp files -> C:\Users\Jason\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/26 10:15:08 | 000,085,415 | ---- | C] () -- C:\Users\Jason\Desktop\results views.jpg
[2011/07/21 18:47:18 | 000,001,011 | ---- | C] () -- C:\Users\Jason\Desktop\ipn.php
[2011/07/19 08:47:43 | 000,000,214 | ---- | C] () -- C:\Users\Jason\defogger_reenable
[2011/07/11 20:07:50 | 000,002,351 | ---- | C] () -- C:\Users\Jason\Desktop\from course - Shortcut.lnk
[2011/07/04 11:26:08 | 034,987,400 | ---- | C] () -- C:\Users\Jason\Desktop\decco 6 7.pdf
[2011/05/14 15:05:14 | 000,000,000 | ---- | C] () -- C:\Users\Jason\AppData\Local\{535ECD78-F03B-4C54-8BE7-AE4EBE38F637}
[2011/04/27 09:48:35 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2011/03/16 20:50:44 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/03/08 14:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/03/08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/03/08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/03/08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/03/08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/01/26 19:44:25 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2011/01/26 19:44:25 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2011/01/21 20:51:52 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/01/21 20:51:52 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/11/17 23:19:03 | 000,000,279 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010/10/18 15:04:43 | 000,000,044 | ---- | C] () -- C:\Users\Jason\AppData\Local\RAContactHistory.xml
[2010/10/07 09:36:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/09/28 15:39:20 | 000,007,598 | ---- | C] () -- C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
[2010/09/26 17:15:26 | 000,019,968 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/24 18:07:03 | 000,000,126 | ---- | C] () -- C:\Windows\wininit.ini
[2010/09/24 17:50:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/02 08:20:50 | 000,000,027 | ---- | C] () -- C:\Windows\UKid.INI
[2010/08/30 12:57:29 | 000,002,518 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\wklnhst.dat
[2010/08/27 10:52:43 | 000,000,147 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010/08/27 10:52:40 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2010/08/27 10:52:40 | 000,024,608 | ---- | C] () -- C:\Windows\SysWow64\Ckldrv.sys
[2010/08/27 10:52:40 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010/08/27 10:52:40 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010/08/23 23:21:40 | 000,001,675 | ---- | C] () -- C:\Windows\AZPR3.INI
[2010/08/22 13:38:56 | 000,038,998 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/08/22 12:15:23 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/22 09:57:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/22 09:31:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/10/09 01:29:22 | 000,032,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\BTNetFilter.sys
[2004/07/01 18:38:56 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\zip.exe
[2004/07/01 18:38:44 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\lttls13n.dll
[2004/07/01 18:38:38 | 000,708,608 | ---- | C] () -- C:\Windows\SysWow64\ltcry13n.dll
[2004/07/01 18:38:28 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2004/07/01 18:38:28 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:91E29860
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2B11E0DF

< End of report >

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:56 AM

Posted 02 August 2011 - 06:53 AM

Hi,

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions

  • You have the latest version of Java (Java 6 Update 26) and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please uninstall the following from Programs and Features in the Control Panel:

    Java™ SE Runtime Environment 6 Update 1
  • We remove some entries and a lot of empty MS folders. Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :otl
      O33 - MountPoints2\{ada20e84-702e-11e0-95b6-001060f14ffb}\Shell - "" = AutoRun
      O33 - MountPoints2\{ada20e84-702e-11e0-95b6-001060f14ffb}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
      O33 - MountPoints2\{ada20e95-702e-11e0-95b6-001060f14ffb}\Shell - "" = AutoRun
      O33 - MountPoints2\{ada20e95-702e-11e0-95b6-001060f14ffb}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
      O4 - HKU\S-1-5-21-3200502815-488898420-1765329400-1000..\Run: [{DEC20AEC-CDAB-4e61-A50E-D6E3BC01BB30}] File not found
      [2011/08/02 05:53:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{E5820B81-D86D-4626-9633-5E4FA6B978CA}
      [2011/08/01 16:16:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BBAEE11A-D9F2-4DC3-B94A-1F5A36733FAC}
      [2011/07/31 03:07:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{32730FF2-B77B-4EF6-9518-13A02CE66BD0}
      [2011/07/30 11:44:37 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{3361976D-01D5-4288-A5EC-D5859062E087}
      [2011/07/28 20:27:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{C11A5B64-57CE-4108-8E62-CB30EDA31060}
      [2011/07/28 08:27:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{A767FB69-A5B2-459D-9A3A-1B29C052E265}
      [2011/07/27 20:27:19 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{DBC6EABA-5301-4152-8457-CAEADC8BE73F}
      [2011/07/27 08:26:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{3CB9D8FF-B11D-4458-A23F-8120283614CF}
      [2011/07/26 20:26:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{B6EC6617-CE37-41C7-9BDE-A0E3376567E0}
      [2011/07/26 20:26:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BDC1DC76-DA92-4921-90E3-0BC88D9E89F0}
      [2011/07/26 08:25:29 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7655681C-37C4-420F-8797-2906533B9314}
      [2011/07/25 09:58:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{C5CC5058-FC88-4F47-B684-750DE41C919B}
      [2011/07/24 21:57:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{628B9DD3-C240-48D0-B405-6A1C9002BF6F}
      [2011/07/24 07:39:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{E98695B3-051D-4ADD-9D3E-4E74F2162B46}
      [2011/07/23 16:19:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{C3DEAE8A-7598-410E-8BF3-FC29A2C28282}
      [2011/07/23 04:19:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{71FD49BD-972F-49B8-938C-8C15B5DE255A}
      [2011/07/22 15:22:39 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{9456A8D2-0C5B-41A6-95F0-5B4B42E1FECF}
      [2011/07/22 01:40:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{3C09E274-FF2D-4CB3-8F58-DB50B5C574D7}
      [2011/07/21 08:33:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{62896218-9159-4EC4-8751-8EA240B09261}
      [2011/07/20 19:34:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{DE7CE0DB-2250-4A31-8693-DC36E5281B20}
      [2011/07/20 07:34:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{130D3592-3E4F-4E07-B4A6-C8118C3C377D}
      [2011/07/19 17:59:37 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{69D087CB-9CDF-4206-8860-612FF9CF1E37}
      [2011/07/19 05:59:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BDF09590-4ED8-4C52-9496-E1F525536219}
      [2011/07/18 11:27:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{3B352DAD-1968-4655-8D7E-8164BD558AD7}
      [2011/07/17 23:26:32 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{FAEA79C5-D038-4038-BB54-439ECE107B34}
      [2011/07/16 11:24:32 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{4C54A70C-8E56-4E0E-A506-3DF4630C8B52}
      [2011/07/13 23:21:16 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{0E399BEE-A4C3-4F2E-A420-F6A7C38E758C}
      [2011/07/12 23:19:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{04B0563F-0FF0-4F99-B12A-0483AF66B5AE}
      [2011/07/12 11:19:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{35FC8377-0ADC-4686-9453-156800FD9DEF}
      [2011/07/12 11:18:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{D4A8F0D0-2B72-4059-8B1B-C15D3BF317FB}
      [2011/07/11 23:18:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{EA2480AD-1601-48F4-8E78-163B793E8D7F}
      [2011/07/11 11:17:27 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{51FAF32E-E02E-4BAD-83AB-5A0AC0239C51}
      [2011/07/10 23:16:54 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{099488AA-0F74-4761-AAAF-F23DA3169164}
      [2011/07/10 11:16:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{061958CC-C4A1-482A-9109-E6FF4E90B7D8}
      [2011/07/09 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{FDEBB1A3-7433-446B-B335-0964BDEEAD48}
      [2011/07/08 23:14:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BE5A2C36-9C73-4E9F-A4B6-F001AD717076}
      [2011/07/08 23:14:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{8ABB9370-4EE7-4D2D-BDB7-0453BE6FFD57}
      [2011/07/08 11:13:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{9206D544-E5F4-48B5-A3B3-79CF671090C4}
      [2011/07/07 23:13:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{03DBCA58-907A-4A4D-8FE0-68E74FD62393}
      [2011/07/07 11:12:17 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{2E0E5D2D-95DB-475E-89FA-C6E9B279126E}
      [2011/07/07 11:11:56 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{4C13877F-0067-44F1-9A3F-95743CD89CE0}
      [2011/07/06 23:11:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7BA9E4C3-8E18-45EC-89F9-66F322678D06}
      [2011/07/06 11:10:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{1CADE3EB-34F6-449D-80B5-23C0CB3FB709}
      [2011/07/05 23:10:16 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{8C73D8E3-1AF8-43DA-9D27-BCB21B96C650}
      [2011/07/05 23:09:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{A59657F8-FBAD-4DD6-85CF-174F4440DC0E}
      [2011/07/05 11:09:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{523CE90E-C3B0-45D2-93D9-4C1AFDAE7BFD}
      [2011/07/05 11:09:02 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{799E70E0-933D-45BB-8F20-516C87506E86}
      [2011/07/04 23:07:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{ED936093-C80F-4BA0-8094-6B3C8BDC0F72}
      [2011/07/03 23:06:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7A15C09A-6AF9-41AA-8FD1-123DF960EEA7}
      
      :commands
      [emptytemp]
      
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#9 pcSOslow

pcSOslow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 02 August 2011 - 08:17 AM

Hey,

I just started the pc up again in normal mode and started OTL then inserted the text above, but when i click run fix the pc seems to hang for ages, almost 30 minutes went by and nothing seemed to happen. Is this normal ?

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:56 AM

Posted 02 August 2011 - 08:57 AM

No it has probably hanged when attempting to empty temporary files. Please Use whatever method to end the process. If you could not do it you may have to restart the PC manually.

Then run the fix, this time don't include the following part:

:commands
[emptytemp]

The entries should have already been removed but we want a confirmation.

#11 pcSOslow

pcSOslow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 02 August 2011 - 09:24 AM

Great, that time it worked.. here us the log that was shown after the removal

I also done Malwarebytes and this came back as nothing found.

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ada20e84-702e-11e0-95b6-001060f14ffb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ada20e84-702e-11e0-95b6-001060f14ffb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ada20e84-702e-11e0-95b6-001060f14ffb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ada20e84-702e-11e0-95b6-001060f14ffb}\ not found.
File G:\AUTORUN.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ada20e95-702e-11e0-95b6-001060f14ffb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ada20e95-702e-11e0-95b6-001060f14ffb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ada20e95-702e-11e0-95b6-001060f14ffb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ada20e95-702e-11e0-95b6-001060f14ffb}\ not found.
File G:\AUTORUN.EXE not found.
Registry value HKEY_USERS\S-1-5-21-3200502815-488898420-1765329400-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{DEC20AEC-CDAB-4e61-A50E-D6E3BC01BB30} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEC20AEC-CDAB-4e61-A50E-D6E3BC01BB30}\ not found.
C:\Users\Jason\AppData\Local\{E5820B81-D86D-4626-9633-5E4FA6B978CA} folder moved successfully.
C:\Users\Jason\AppData\Local\{BBAEE11A-D9F2-4DC3-B94A-1F5A36733FAC} folder moved successfully.
C:\Users\Jason\AppData\Local\{32730FF2-B77B-4EF6-9518-13A02CE66BD0} folder moved successfully.
C:\Users\Jason\AppData\Local\{3361976D-01D5-4288-A5EC-D5859062E087} folder moved successfully.
C:\Users\Jason\AppData\Local\{C11A5B64-57CE-4108-8E62-CB30EDA31060} folder moved successfully.
C:\Users\Jason\AppData\Local\{A767FB69-A5B2-459D-9A3A-1B29C052E265} folder moved successfully.
C:\Users\Jason\AppData\Local\{DBC6EABA-5301-4152-8457-CAEADC8BE73F} folder moved successfully.
C:\Users\Jason\AppData\Local\{3CB9D8FF-B11D-4458-A23F-8120283614CF} folder moved successfully.
C:\Users\Jason\AppData\Local\{B6EC6617-CE37-41C7-9BDE-A0E3376567E0} folder moved successfully.
C:\Users\Jason\AppData\Local\{BDC1DC76-DA92-4921-90E3-0BC88D9E89F0} folder moved successfully.
C:\Users\Jason\AppData\Local\{7655681C-37C4-420F-8797-2906533B9314} folder moved successfully.
C:\Users\Jason\AppData\Local\{C5CC5058-FC88-4F47-B684-750DE41C919B} folder moved successfully.
C:\Users\Jason\AppData\Local\{628B9DD3-C240-48D0-B405-6A1C9002BF6F} folder moved successfully.
C:\Users\Jason\AppData\Local\{E98695B3-051D-4ADD-9D3E-4E74F2162B46} folder moved successfully.
C:\Users\Jason\AppData\Local\{C3DEAE8A-7598-410E-8BF3-FC29A2C28282} folder moved successfully.
C:\Users\Jason\AppData\Local\{71FD49BD-972F-49B8-938C-8C15B5DE255A} folder moved successfully.
C:\Users\Jason\AppData\Local\{9456A8D2-0C5B-41A6-95F0-5B4B42E1FECF} folder moved successfully.
C:\Users\Jason\AppData\Local\{3C09E274-FF2D-4CB3-8F58-DB50B5C574D7} folder moved successfully.
C:\Users\Jason\AppData\Local\{62896218-9159-4EC4-8751-8EA240B09261} folder moved successfully.
C:\Users\Jason\AppData\Local\{DE7CE0DB-2250-4A31-8693-DC36E5281B20} folder moved successfully.
C:\Users\Jason\AppData\Local\{130D3592-3E4F-4E07-B4A6-C8118C3C377D} folder moved successfully.
C:\Users\Jason\AppData\Local\{69D087CB-9CDF-4206-8860-612FF9CF1E37} folder moved successfully.
C:\Users\Jason\AppData\Local\{BDF09590-4ED8-4C52-9496-E1F525536219} folder moved successfully.
C:\Users\Jason\AppData\Local\{3B352DAD-1968-4655-8D7E-8164BD558AD7} folder moved successfully.
C:\Users\Jason\AppData\Local\{FAEA79C5-D038-4038-BB54-439ECE107B34} folder moved successfully.
C:\Users\Jason\AppData\Local\{4C54A70C-8E56-4E0E-A506-3DF4630C8B52} folder moved successfully.
C:\Users\Jason\AppData\Local\{0E399BEE-A4C3-4F2E-A420-F6A7C38E758C} folder moved successfully.
C:\Users\Jason\AppData\Local\{04B0563F-0FF0-4F99-B12A-0483AF66B5AE} folder moved successfully.
C:\Users\Jason\AppData\Local\{35FC8377-0ADC-4686-9453-156800FD9DEF} folder moved successfully.
C:\Users\Jason\AppData\Local\{D4A8F0D0-2B72-4059-8B1B-C15D3BF317FB} folder moved successfully.
C:\Users\Jason\AppData\Local\{EA2480AD-1601-48F4-8E78-163B793E8D7F} folder moved successfully.
C:\Users\Jason\AppData\Local\{51FAF32E-E02E-4BAD-83AB-5A0AC0239C51} folder moved successfully.
C:\Users\Jason\AppData\Local\{099488AA-0F74-4761-AAAF-F23DA3169164} folder moved successfully.
C:\Users\Jason\AppData\Local\{061958CC-C4A1-482A-9109-E6FF4E90B7D8} folder moved successfully.
C:\Users\Jason\AppData\Local\{FDEBB1A3-7433-446B-B335-0964BDEEAD48} folder moved successfully.
C:\Users\Jason\AppData\Local\{BE5A2C36-9C73-4E9F-A4B6-F001AD717076} folder moved successfully.
C:\Users\Jason\AppData\Local\{8ABB9370-4EE7-4D2D-BDB7-0453BE6FFD57} folder moved successfully.
C:\Users\Jason\AppData\Local\{9206D544-E5F4-48B5-A3B3-79CF671090C4} folder moved successfully.
C:\Users\Jason\AppData\Local\{03DBCA58-907A-4A4D-8FE0-68E74FD62393} folder moved successfully.
C:\Users\Jason\AppData\Local\{2E0E5D2D-95DB-475E-89FA-C6E9B279126E} folder moved successfully.
C:\Users\Jason\AppData\Local\{4C13877F-0067-44F1-9A3F-95743CD89CE0} folder moved successfully.
C:\Users\Jason\AppData\Local\{7BA9E4C3-8E18-45EC-89F9-66F322678D06} folder moved successfully.
C:\Users\Jason\AppData\Local\{1CADE3EB-34F6-449D-80B5-23C0CB3FB709} folder moved successfully.
C:\Users\Jason\AppData\Local\{8C73D8E3-1AF8-43DA-9D27-BCB21B96C650} folder moved successfully.
C:\Users\Jason\AppData\Local\{A59657F8-FBAD-4DD6-85CF-174F4440DC0E} folder moved successfully.
C:\Users\Jason\AppData\Local\{523CE90E-C3B0-45D2-93D9-4C1AFDAE7BFD} folder moved successfully.
C:\Users\Jason\AppData\Local\{799E70E0-933D-45BB-8F20-516C87506E86} folder moved successfully.
C:\Users\Jason\AppData\Local\{ED936093-C80F-4BA0-8094-6B3C8BDC0F72} folder moved successfully.
C:\Users\Jason\AppData\Local\{7A15C09A-6AF9-41AA-8FD1-123DF960EEA7} folder moved successfully.

OTL by OldTimer - Version 3.2.26.1 log created on 08022011_152309

Edited by pcSOslow, 02 August 2011 - 09:25 AM.


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:56 AM

Posted 02 August 2011 - 10:03 AM

It looks good. :thumbup2:

To make sure please check if the entry is gone from the Startup of System Configuration Utility.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:56 AM

Posted 06 August 2011 - 05:54 AM

Do you still need assistance or we can close the topic?

#14 pcSOslow

pcSOslow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 06 August 2011 - 12:22 PM

Hello,

Sorry for the late reply, have had a lot on my plate over the last few days.

It all seems to be working ok now and the entry in the startup in msconfig is not there anymore.

No more suprise popups about viruses or anything, and pc it starting up and ready to use within 30 seconds unlike before that took over 2 minutes.

Is there anything else that I need to do ? if not then this thread can be closed.

Thank you to all that helped with this fix.

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:56 AM

Posted 06 August 2011 - 05:32 PM

Hi,

It looks good. :thumbup2:

  • Please run OTL.
    • Click Clean Up button.
    • Accept any prompts.
    • This will remove OTL, and will require a reboot.
  • Remove the old restore points and create a new restore point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Setting a new restore point AFTER cleaning your system will enable your computer to "roll-back" to a clean working state if needed. :
    • Go to Start => Right-click "Computer" and select "Properties".
    • In the left pane select "System Protection".
    • Press "Configure".
    • Select "Delete". Then press "Continue" close and "OK".
    • Select your drive (drive C) and press "Create".
      Fill in a name for the restore point and press "Create".
      After finished press "Close".
Happy surfing. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users