Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't unhide my files


  • This topic is locked This topic is locked
18 replies to this topic

#1 tomm3289

tomm3289

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 07 December 2011 - 01:01 AM

I've tried everything I can and would very much appreciate some help getting my computer up and running. I've run rkill, malwarebytes, unhider, and just about every tool I can and still the same thing happens. I just finished running OTL and will post it for someone to review. Any help would be much appreciated. Also, for some reason I can not disable my Prevx 3.0. It continues to run in the tak manger, but it will not scan my computer. Thank you in advance. Tom J.

OTL Extras logfile created on: 12/6/2011 6:49:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 37.61% Memory free
2.09 Gb Paging File | 1.09 Gb Available in Paging File | 52.27% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 58.41 Gb Free Space | 52.25% Space Free | Partition Type: NTFS

Computer Name: NEW-D9C3CAAAB78 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"2440:TCP" = 2440:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\MP3Suite\MP3Suite.exe" = C:\Program Files\MP3Suite\MP3Suite.exe:*:Enabled:MP3Suite -- (MP3Suite, Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{4571CC76-42C4-7D67-E024-0AEB166E1C6F}" = Acrobat.com
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F1ECD36-0DFA-4C58-830B-0F089083407F}" = AVG 2012
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67E158AF-8856-4337-B483-EA21930786AF}" = GameTap
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}" = Build-a-lot
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114075133}" = 3-D Ultra Minigolf Adventures Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114852710}" = Westward II Heroes of the Frontier
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114945627}" = Family Feud 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8653730A-683D-4C42-BB18-6471291D5DEA}" = Canon MP Navigator 1.1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73B}" = IBM Lotus Forms Viewer 3.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A918DE8A-98C8-0920-0001-000000000000}" = Multimedia Samples
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}" = HP Photosmart Cameras 9.0
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD961214-93C9-44FE-9A38-BBE647E98AE9}" = CameraReadme
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D335AC77-6F59-46D6-9082-F74A9F7E0FC3}" = Canon MP Drivers 7.0
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D95ED581-3C67-4BB4-AA50-DDCC6A97226D}" = ArcSoft PhotoStudio 5.5
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DD963B12-31DE-4881-A936-A60754E4AC1F}_is1" = Harry Potter Design Gallery version 1.1
"{DEF9CA03-7317-4a01-8111-06996235128E}" = CameraDrivers
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E46B2F8A-6CCD-4949-871D-F9664F2113AB}" = PayPal Plug-In
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"AbiWord2" = AbiWord 2.6.4
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AIM_6" = AIM 6
"AVG" = AVG 2012
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Email Notifier" = Email Notifier for toolbars
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FrostWire" = FrostWire 4.21.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"LimeWire" = LimeWire 5.1.2
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MP3Suite" = MP3Suite
"MPlayer" = MPlayer (remove only)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"oovootoolbar" = ooVoo Toolbar
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PCSI" = Prevx
"Picasa 3" = Picasa 3
"Pixillion" = Pixillion Image Converter
"PROSet" = Intel® PRO Network Adapters and Drivers
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"TomTom HOME" = TomTom HOME 2.7.3.1894
"VGA USB Camera" = VGA USB Camera
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirtualDub" = VirtualDub (remove only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebBrowser4Widgets" = WebBrowser4Widgets by Central Topic
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

OTL logfile created on: 12/6/2011 6:49:17 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 37.61% Memory free
2.09 Gb Paging File | 1.09 Gb Available in Paging File | 52.27% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 58.41 Gb Free Space | 52.25% Space Free | Partition Type: NTFS

Computer Name: NEW-D9C3CAAAB78 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/06 12:41:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
PRC - [2011/12/05 11:05:16 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\exefix_xp.com
PRC - [2011/11/02 17:24:11 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/10/01 14:27:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/27 00:01:05 | 006,416,120 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2009/11/13 03:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/05 11:05:16 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\exefix_xp.com
MOD - [2011/11/20 18:08:53 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/01 14:27:02 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/02 17:24:11 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/27 00:01:05 | 006,416,120 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2010/04/06 10:50:15 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/13 03:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/03 17:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/12/06 13:17:39 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/12/06 12:54:34 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A5F730C0-2C82-435B-94C6-E3D53B3F97F5}\MpKsl877a8e85.sys -- (MpKsl877a8e85)
DRV - [2011/12/06 12:42:59 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A5F730C0-2C82-435B-94C6-E3D53B3F97F5}\MpKsldf5c9405.sys -- (MpKsldf5c9405)
DRV - [2011/12/06 05:59:19 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A5F730C0-2C82-435B-94C6-E3D53B3F97F5}\MpKslbebd8f98.sys -- (MpKslbebd8f98)
DRV - [2011/12/05 20:17:23 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A5F730C0-2C82-435B-94C6-E3D53B3F97F5}\MpKsl0c803b06.sys -- (MpKsl0c803b06)
DRV - [2011/11/02 17:24:07 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/11/02 17:24:07 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/11/27 00:01:06 | 000,076,696 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2010/11/27 00:01:06 | 000,032,008 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2010/11/27 00:01:05 | 000,026,096 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2009/10/05 09:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/08/22 12:14:45 | 000,021,638 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/08/21 22:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 22:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/03/18 05:10:48 | 000,031,264 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\GameTap\bin\Release\X4HSX32.sys -- (X4HSX32)
DRV - [2007/06/28 14:19:36 | 000,157,024 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma730c.sys -- (Ma730c)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/05 09:42:16 | 000,103,680 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ma730Pt.sys -- (Ma730Pt)
DRV - [2007/01/26 17:48:44 | 000,050,522 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ma730Vad.sys -- (Ma730Vad)
DRV - [2007/01/26 16:32:40 | 000,021,851 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ma730VaA.sys -- (Ma730VaA)
DRV - [2006/03/14 03:34:04 | 000,028,384 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PA30E4Z1.sys -- (GG9V4AC9)
DRV - [2004/07/22 14:50:16 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/19 04:07:50 | 000,541,548 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/11 07:54:14 | 000,391,424 | R--- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/09/25 16:00:00 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@gametap.com/npgametaptool,version=1.0: C:\Program Files\GameTap\bin\Release\npgametaptool.dll (Turner Broadcasting System, Inc. ("TBS"))
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\user\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files\LivingPlay Games\nplplaypop.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/03 13:30:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 14:27:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/08 15:51:31 | 000,000,000 | ---D | M]

[2011/05/30 18:22:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
[2011/12/03 20:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\71lsjbh2.default\extensions
[2011/12/03 20:42:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\71lsjbh2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/09 17:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/09 17:59:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/30 12:06:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/09 18:12:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/05/09 18:12:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/03 13:30:07 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2010/05/18 12:12:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/01 23:20:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/01 14:27:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/10 23:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/03/10 23:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/03/10 23:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/03/10 23:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/10 23:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/03/10 23:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011/10/01 14:26:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/12/06 12:42:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.0\PEhelper.dll (IBM Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s2.work4sure.com/c/ge/w4sgeen9.exe (Reg Error: Key error.)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} http://inst.c-wss.com/n031p/EN/install/gtdownlr.cab (Automatic Driver Installation Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab (Windows Live Safety Center Base Module)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/bingame/amad/default/atomaders.cab (AtlAtomadersCtlAttrib Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab75411.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} http://200.9.36.138:82/wg_webeye.cab (Web Camera Server Control)
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} http://www.delreyhotel.com/english/key_largo_bar/webcam/plugin/h263ctrl.cab (VaPgCtrl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{832C16C9-50B0-4B01-B6F9-714EFFE15BDB}: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/16 14:54:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/06 20:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Unity
[2011/12/06 20:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Unity
[2011/12/06 12:42:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/06 12:40:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2011/12/05 20:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2011/12/05 20:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Uniblue
[2011/12/05 20:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/12/05 20:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\PackageAware
[2011/12/05 19:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/05 18:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\AVG
[2011/12/05 18:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/12/05 17:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\AVG2012
[2011/12/05 13:10:01 | 000,141,120 | ---- | C] (GridinSoft) -- C:\Documents and Settings\Tom\Desktop\unhider.exe
[2011/12/05 11:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2011/12/04 20:36:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tom\My Documents\My Videos
[2011/12/03 20:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Apple Computer
[2011/12/03 13:52:49 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/12/03 13:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/03 13:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/12/03 13:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/12/03 13:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/03 13:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/03 12:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/12/02 16:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\Downloads
[2011/11/24 16:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/20 15:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\LivingPlay Games
[2007/06/24 16:50:28 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2011/12/06 21:27:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C1561FB3-EC1E-49A7-A511-6BCFBAD960A5}.job
[2011/12/06 21:19:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/12/06 21:17:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1482476501-682003330-1004UA.job
[2011/12/06 21:12:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/06 12:59:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/06 12:55:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/06 12:54:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/06 12:54:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/06 12:42:28 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/06 12:41:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2011/12/06 09:48:24 | 111,503,533 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/06 06:17:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1482476501-682003330-1004Core.job
[2011/12/05 20:13:31 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/05 18:55:18 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/12/05 18:55:18 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\AVG PC Tuneup 2011.lnk
[2011/12/05 12:02:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/05 11:12:06 | 000,141,120 | ---- | M] (GridinSoft) -- C:\Documents and Settings\Tom\Desktop\unhider.exe
[2011/12/05 11:05:16 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\exefix_xp.com
[2011/12/05 11:05:16 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\exefix_xp.com
[2011/12/03 13:30:08 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/29 21:24:21 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~Ce37LKHSzT82JD
[2011/11/29 21:24:21 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~Ce37LKHSzT82JDr
[2011/11/29 21:24:13 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ce37LKHSzT82JD
[2011/11/26 11:11:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/24 22:51:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/10 23:41:24 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/08 19:40:47 | 000,477,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 19:40:47 | 000,085,058 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/12/06 09:48:24 | 111,503,533 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/05 20:17:25 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/05 20:13:31 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/12/05 20:08:52 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/05 18:55:18 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/12/05 18:55:18 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\AVG PC Tuneup 2011.lnk
[2011/12/05 13:12:09 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\exefix_xp.com
[2011/12/05 13:10:07 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\exefix_xp.com
[2011/12/05 12:02:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/03 13:30:08 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/29 21:24:21 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~Ce37LKHSzT82JD
[2011/11/29 21:24:21 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~Ce37LKHSzT82JDr
[2011/11/29 21:24:13 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ce37LKHSzT82JD
[2011/11/20 15:19:05 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/05/30 13:13:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/30 13:13:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/30 13:13:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/30 13:13:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/29 22:28:58 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17620772r
[2011/05/29 22:28:58 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17620772
[2011/05/29 22:28:51 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17620772
[2011/05/02 17:06:20 | 000,014,524 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jy77wl2qt75ey7lij6vb8isfomw8c61b7jtc4r8yd5xbq
[2010/10/11 19:39:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/19 04:55:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/18 00:01:28 | 000,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/17 23:40:01 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2009/12/17 23:40:01 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2009/12/17 13:19:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2009/12/17 13:19:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2009/12/17 13:19:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2009/12/17 13:19:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2009/12/17 13:19:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2009/12/17 13:19:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2009/12/17 13:03:21 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2009/12/12 11:25:13 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/10/03 15:36:25 | 000,044,612 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/27 18:34:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/14 12:39:59 | 000,019,517 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2009/02/24 21:16:52 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2009/02/24 21:15:47 | 000,000,068 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/02/24 21:15:43 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2009/02/24 21:15:43 | 000,021,638 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009/02/24 21:15:43 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/02/24 21:15:43 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2008/12/29 20:41:45 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/19 11:12:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/05/15 22:19:30 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/03/28 22:10:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MessageExe.INI
[2008/02/22 12:29:07 | 000,000,085 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2008/02/03 21:12:31 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/26 15:19:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/11/24 18:09:50 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2007/11/08 22:49:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MelodyExe.INI
[2007/11/03 10:22:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2007/11/03 10:13:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2007/11/03 10:13:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI
[2007/11/03 10:11:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2007/11/03 10:07:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VideoExe.INI
[2007/10/07 19:56:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\sel3110.exe
[2007/10/07 19:56:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\CleanDev.exe
[2007/10/07 19:56:37 | 000,032,528 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/12 13:49:08 | 000,129,044 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2007/06/12 13:49:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2007/04/28 10:31:56 | 000,020,798 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/23 19:29:09 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/20 13:25:16 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6s.DLL
[2007/03/16 15:28:14 | 000,155,648 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/03/16 15:20:23 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2007/03/16 14:56:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/03/16 14:51:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/03/16 05:38:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/03/16 05:36:56 | 000,241,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,477,584 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,085,058 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/04/21 21:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\201F
[2009/07/31 20:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2011/12/03 19:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2009/12/17 23:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2011/06/12 17:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/07/03 22:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2011/12/03 13:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/01/20 19:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Defender Pro
[2011/04/30 15:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2008/10/25 14:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008/08/11 13:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap
[2008/05/14 13:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/03/30 20:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011/12/06 09:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/06/29 23:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfAdventures
[2009/09/28 18:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/11/21 12:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/07/29 17:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/11/20 18:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/01/17 19:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2008/05/19 11:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2007/10/09 18:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2008/02/05 14:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/12/05 21:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/22 14:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/01/30 11:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/07/31 20:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/05 11:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/08/31 13:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2010/04/21 21:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/23 17:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/12/05 20:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2011/12/05 18:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AVG
[2011/12/05 17:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AVG2012
[2011/07/01 22:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ICAClient
[2011/07/01 23:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\oovootoolbar
[2011/12/05 20:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Uniblue
[2011/12/06 20:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Unity
[2011/07/01 23:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Windows Search
[2011/12/06 12:59:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/12/06 21:19:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/12/06 21:27:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C1561FB3-EC1E-49A7-A511-6BCFBAD960A5}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B652B720
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7ADF62E
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AE6CC6C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E9307D7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDFF58FE
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC174F28
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A696643D
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F

< End of report >

Edited by boopme, 07 December 2011 - 10:36 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 12 December 2011 - 01:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431130 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 tomm3289

tomm3289
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 13 December 2011 - 01:01 AM

I believe I acquired the windows defender virus. I've tried malwarebytes, avg, unhider, rkill, and just about every program I can find to fix my computer. My Prevx3.0 seems to be froze, and the new norton antivirus I installed doesnt seem to help. It did not allow me to run the gmer saying there was a trojan virus in it. I finally did get it to run but an error came up, so it doesnt look like it scanned everything. Hopefully what I got you will help some. ThanksAttached File  log 1.txt   31.18KB   2 downloads

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:46 PM

Posted 13 December 2011 - 10:34 AM

Hello tomm3289,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 tomm3289

tomm3289
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 13 December 2011 - 02:47 PM

Hello again. I can not run combofix. It says I can not save it because I can not change the name of the folder. I'm sending along the logs you requested.Attached File  TDSSKiller.2.6.23.0_13.12.2011_09.23.30_log.txt   64.59KB   1 downloads

#6 tomm3289

tomm3289
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 13 December 2011 - 03:05 PM

This is the dialogue box after I try and run combofix.C:\Documents and Settings\Tom\My Documents\Downloads\ComboFix.exe could not be saved, because an unknown error occurred.

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:46 PM

Posted 13 December 2011 - 03:57 PM

Hello try this

If this doesn't work try running Combofix in Safemode


Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.


Download and Rename Combofix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below. You must rename it 1234.scr before saving it to your desktop.

Link 1
Link 2


Posted Image


Posted Image
--------------------------------------------------------------------
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on 1234.scr & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:46 PM

Posted 16 December 2011 - 10:47 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 tomm3289

tomm3289
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 17 December 2011 - 05:56 PM

Hello again. I'm still here. Just been out of town for a few day's. Finally got the combofix to run and am including the log. Thanks for the helpAttached File  combo log.txt   26.61KB   1 downloads

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:46 PM

Posted 18 December 2011 - 10:58 PM

Hello,

We need to check for a certain infection.

Click here to download Kaspersky Virus Removal Tool.
  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop.
  • After that leave what is selected and put a check next to My Computer.
  • Click on the option that says Threat Detection and change it to Disinfect => Do not select, delete if disinfection fails.
  • Then click on Start Scan.
  • Before it is done it may prompt for action regardless of the setting so choose skip if prompted.
  • When the scan is done no log will be produced.
  • Click on the bottom where it says Report to open the report.
  • Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:46 PM

Posted 21 December 2011 - 12:41 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 tomm3289

tomm3289
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 21 December 2011 - 11:43 PM

Here is latest scan. thanks

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:46 PM

Posted 22 December 2011 - 01:14 AM

Here is latest scan. thanks


Where is the scan results?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 tomm3289

tomm3289
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 23 December 2011 - 08:19 PM

Hello again. The file is to big. I tried to compress it...not an expert at it...but the smallest I could get it to was 3mb, and it's still to big to attach. Do you know a different way I can get this file smaller? thanks again

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:46 PM

Posted 24 December 2011 - 01:46 AM

Hello,

Use multiple posts to post the log if necessary.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users