AntiSpyware Soft is back.

View previous topic View next topic Go down

AntiSpyware Soft is back.

Post by TrIggA on Sat May 01, 2010 5:24 pm

Well, had the same problem before, I had it fixed by Belahzur. This is a bit different, I can't open programs, but it doesn't redirect me to any site when I go to a certain one. Anyway, I can disable it for a session by ending the process before it fully loads. I've run Malware Byte's, OldTimer Temp File Cleaner, OTL, and now I'm going to run ESET Online Scanner and ComboFix.exe, as I was told to previously. I'll post all the logs here. Thanks in advance.

TrIggA
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-10
Gender Gender : Male
OS OS : Windows XP Professional, SP3
Protection Protection : AVG Free, Malwarebyte's Anti-Malware
Points Points : 25311
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiSpyware Soft is back.

Post by TrIggA on Sat May 01, 2010 5:53 pm

Logs:

ComboFix -

ComboFix 10-04-30.03 - Josh 05/01/2010 13:29:06.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2497 [GMT -4:00]
Running from: c:\documents and settings\Josh\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate

.
((((((((((((((((((((((((( Files Created from 2010-04-01 to 2010-05-01 )))))))))))))))))))))))))))))))
.

2010-05-01 12:47 . 2010-05-01 12:47 -------- d-----w- c:\documents and settings\Rich\Local Settings\Application Data\ghycohbmv
2010-04-13 12:16 . 2010-04-13 12:16 -------- d-----w- c:\documents and settings\Nicole.PRATT\Application Data\Apple Computer
2010-04-10 17:47 . 2010-04-10 17:47 -------- d-----w- c:\program files\iPod
2010-04-10 17:46 . 2010-04-10 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-10 17:44 . 2010-04-10 17:44 -------- d-----w- c:\program files\QuickTime
2010-04-10 17:40 . 2010-04-10 17:40 -------- d-----w- c:\program files\Bonjour
2010-04-09 20:47 . 2010-04-09 20:47 -------- d-----w- C:\users
2010-04-09 20:45 . 2010-04-09 20:45 -------- d-----w- c:\program files\Common Files\Softimage
2010-04-09 20:44 . 2009-04-06 21:08 57344 ------w- c:\windows\system32\XSIChooser.exe
2010-04-09 20:43 . 2010-04-09 20:44 -------- d-----w- C:\SoftImage
2010-04-09 20:42 . 2010-04-09 20:42 -------- d-----w- c:\program files\SoftImage
2010-04-09 20:40 . 2010-04-09 20:40 -------- d-----w- c:\documents and settings\Josh\Application Data\InstallShield
2010-04-08 21:25 . 2010-04-08 21:25 -------- d-----w- c:\documents and settings\Rich\Local Settings\Application Data\Yahoo!
2010-04-04 03:47 . 2010-04-04 03:47 36120 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2010-04-04 03:47 . 2010-04-04 03:47 131072 ----a-w- c:\windows\system32\SpoonUninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 15:10 . 2009-03-26 22:35 138784 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-01 15:10 . 2009-03-26 22:35 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-15 01:36 . 2009-08-25 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-15 01:23 . 2009-08-16 22:52 -------- d-----w- c:\program files\Electronic Arts
2010-04-15 01:23 . 2009-03-26 22:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-15 01:23 . 2010-04-15 01:23 0 ----a-w- c:\documents and settings\Josh\_r_a_p_.tmp
2010-04-13 00:09 . 2009-10-31 03:42 -------- d-----w- c:\program files\Google
2010-04-10 17:47 . 2010-02-19 12:03 -------- d-----w- c:\program files\iTunes
2010-04-10 17:47 . 2009-11-26 01:12 -------- d-----w- c:\program files\Common Files\Apple
2010-03-31 23:48 . 2010-03-09 20:42 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-03-27 01:59 . 2009-07-25 22:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-17 21:27 . 2010-01-13 02:14 122668 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-16 02:16 . 2009-03-26 22:40 170400 ----a-w- c:\documents and settings\Rich\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-15 00:45 . 2009-12-24 15:15 -------- d-----w- c:\documents and settings\Josh\Application Data\TS3Client
2010-03-12 00:13 . 2009-03-26 21:30 170400 ----a-w- c:\documents and settings\Josh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-11 22:39 . 2010-03-11 19:56 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-03-11 19:56 . 2009-03-26 22:35 138056 ----a-w- c:\documents and settings\Josh\Application Data\PnkBstrK.sys
2010-03-11 19:56 . 2009-03-26 22:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-11 12:05 . 2009-05-06 23:47 -------- d-----w- c:\program files\EA GAMES
2010-03-11 01:45 . 2009-03-27 00:05 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-11 01:45 . 2010-03-11 01:45 -------- d-----w- c:\documents and settings\Josh\Application Data\SystemRequirementsLab
2010-03-10 19:50 . 2010-03-10 19:46 -------- d-----w- c:\program files\WinSCP
2010-03-09 11:09 . 2003-03-31 12:00 430080 ------w- c:\windows\system32\vbscript.dll
2010-03-07 13:11 . 2009-04-06 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-03-04 01:21 . 2010-03-04 01:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-04 01:20 . 2009-10-06 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-03-03 01:12 . 2009-07-25 19:53 -------- d-----w- c:\documents and settings\Josh\Application Data\BitTorrent
2010-03-02 23:56 . 2010-02-24 22:49 -------- d-----w- c:\documents and settings\Marge\Application Data\Apple Computer
2010-03-02 20:37 . 2010-03-02 20:37 -------- d-----w- c:\program files\ESET
2010-02-26 05:43 . 2003-03-31 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2003-03-31 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2003-03-31 12:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2003-03-31 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-03-31 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-11 03:16 . 2010-02-11 03:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\documents and settings\josh\my documents\steam\steam.exe" [2010-04-15 1238352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 484904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-06 1822720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-21 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-08 1953792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-06 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"sjtgnvgn"="c:\documents and settings\Rich\Local Settings\Application Data\ghycohbmv\yfufjxttssd.exe" [2010-05-01 270080]

c:\documents and settings\Rich\Start Menu\Programs\Startup\
Event Minder Reminders.lnk - c:\hallmark\EMREMIND.EXE [2009-5-10 6240]

c:\documents and settings\Josh\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder 2008.lnk - c:\windows\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2009-8-30 1718]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 12:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Josh^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\Josh\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Josh^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Josh\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Xfire\\Xfire.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\synergy\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\source sdk base\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life deathmatch source\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\Steam.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life blue shift\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\opposing force\\hl.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\team fortress classic\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Bittorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Sony Vegas\\Actual\\VegSrv80.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FarCry2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2Editor.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2BenchmarkTool.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\srcds\\orangebox\\srcds.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\srcds\\CSS\\srcds.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\synergy dedicated server\\srcds.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\quake\\Winquake.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\quake\\qwcl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\quake\\Glquake.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\quake\\glqwcl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\quake 2\\quake2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\quake 2\\ground_zero.bat"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\quake 2\\reckoning.bat"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\quake 3 arena\\quake3.exe"=
"c:\\SoftImage\\Softimage_Mod_Tool_7.5\\Application\\bin\\XSI.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\hitman 2 silent assassin\\hitman2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\hitman 2 silent assassin\\config.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\hitman codename 47\\Hitman.Exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\hitman codename 47\\Setup.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\hitman blood money\\HitmanBloodMoney.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\hitman blood money\\configure.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2\\bin\\SDKLauncher.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\day of defeat source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/26/2009 6:05 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/26/2009 6:05 PM 108552]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [12/16/2009 6:38 PM 375296]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/26/2009 6:05 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/26/2009 6:05 PM 297752]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [3/26/2009 6:04 PM 38656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2009 11:42 PM 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 qcserxp;HTC Diagnostic Port (PID 0B03);c:\windows\system32\drivers\qcserxp.sys [9/16/2009 7:48 PM 92800]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 21:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 03:42]

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 03:42]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Josh\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-nwiz - nwiz.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-01 13:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Josh\LOCALS~1\Temp\NOD29E.tmp 33521149 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-179605362-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ca,b3,8b,20,6d,69,ea,a1,6d,b8,63,54,40,ad,10,73,14,2a,c4,61,95,55,d1,
45,30,81,ee,48,20,ee,9f,04,7d,0b,e1,d3,af,7f,c6,8a,1b,10,f3,19,56,41,37,01,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-343818398-179605362-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:53,62,e4,b3,57,aa,a5,21,60,80,be,76,64,fd,84,aa,10,63,0a,a9,6b,
16,bb,43,86,2a,92,2a,5f,b3,5f,68,34,18,b0,fb,9d,66,ca,11,79,f5,80,f1,40,f0,\
"rkeysecu"=hex:9a,e4,aa,18,80,64,ce,fc,21,d2,d3,41,93,f8,2a,28
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3016)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
Completion time: 2010-05-01 13:49:10
ComboFix-quarantined-files.txt 2010-05-01 17:48

Pre-Run: 86,771,286,016 bytes free
Post-Run: 86,731,259,904 bytes free

- - End Of File - - 5BBAA0ACC5A74F77B7C0CCB6D07962D8

Malware Byte's -

Malwarebytes' Anti-Malware 1.44
Database version: 3720
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/1/2010 12:44:31 PM
mbam-log-2010-05-01 (12-44-31).txt

Scan type: Quick Scan
Objects scanned: 170942
Time elapsed: 9 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

TrIggA
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-10
Gender Gender : Male
OS OS : Windows XP Professional, SP3
Protection Protection : AVG Free, Malwarebyte's Anti-Malware
Points Points : 25311
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiSpyware Soft is back.

Post by TrIggA on Sat May 01, 2010 5:54 pm

OTL -

Extras:

OTL Extras logfile created on: 5/1/2010 12:57:46 PM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\Josh\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 80.93 Gb Free Space | 27.15% Space Free | Partition Type: NTFS
Drive D: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRATT
Current User Name: Josh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe" = C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:*:Enabled:etqwded.exe -- (Splash Damage, Ltd.)
"C:\Documents and Settings\Josh\My Documents\Xfire\Xfire.exe" = C:\Documents and Settings\Josh\My Documents\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe" = C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) -- (Splash Damage, Ltd.)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\garrysmod\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\garrysmod\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\synergy\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\synergy\hl2.exe:*:Enabled:hl2 -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\source sdk base\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life deathmatch source\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life deathmatch source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\counter-strike source\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Josh\My Documents\Steam\Steam.exe" = C:\Documents and Settings\Josh\My Documents\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life blue shift\hl.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life\hl.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\opposing force\hl.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\opposing force\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" = C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\team fortress classic\hl.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life 2 deathmatch\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\team fortress 2\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer(tm) Generals Zero Hour\generals.exe" = C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer(tm) Generals Zero Hour\generals.exe:*:Enabled:generals -- File not found
"C:\Documents and Settings\Josh\My Documents\Bittorrent\bittorrent.exe" = C:\Documents and Settings\Josh\My Documents\Bittorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Josh\My Documents\Sony Vegas\Actual\VegSrv80.exe" = C:\Documents and Settings\Josh\My Documents\Sony Vegas\Actual\VegSrv80.exe:*:Enabled:Sony Vegas Network Render Service Control -- (Sony Pictures Digital Inc.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe" = C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe:*:Enabled:Main executable for Tiberian Sun -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat" = C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- File not found
"C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Renegade(tm)\Renegade\Game.exe" = C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Renegade(tm)\Renegade\Game.exe:*:Enabled:Renegade -- File not found
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\far cry 2\bin\FarCry2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\far cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\far cry 2\bin\FC2Editor.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\far cry 2\bin\FC2Editor.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\far cry 2\bin\FC2BenchmarkTool.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\far cry 2\bin\FC2BenchmarkTool.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\far cry 2\bin\FC2ServerLauncher.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\far cry 2\bin\FC2ServerLauncher.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Program Files\id Software\Return to Castle Wolfenstein222\WolfMP.exe" = C:\Program Files\id Software\Return to Castle Wolfenstein222\WolfMP.exe:*:Enabled:WolfMP -- File not found
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2 -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\srcds\orangebox\srcds.exe" = C:\srcds\orangebox\srcds.exe:*:Enabled:srcds -- ()
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()
"C:\srcds\CSS\srcds.exe" = C:\srcds\CSS\srcds.exe:*:Enabled:srcds -- ()
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\synergy dedicated server\srcds.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\synergy dedicated server\srcds.exe:*:Enabled:srcds -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead\bin\SDKLauncher.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead Authoring Tools -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe" = C:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein(TM) -- (Activision)
"C:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe" = C:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein(TM) -- (Activision)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\quake\Winquake.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\quake\Winquake.exe:*:Enabled:Quake -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\quake\qwcl.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\quake\qwcl.exe:*:Enabled:Quake -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\quake\Glquake.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\quake\Glquake.exe:*:Enabled:Quake -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\quake\glqwcl.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\quake\glqwcl.exe:*:Enabled:Quake -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\quake 2\quake2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\quake 2\quake2.exe:*:Enabled:Quake II -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\quake 2\ground_zero.bat" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\quake 2\ground_zero.bat:*:Enabled:Quake II: Ground Zero -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\quake 2\reckoning.bat" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\quake 2\reckoning.bat:*:Enabled:Quake II: The Reckoning -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\quake 3 arena\quake3.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\quake 3 arena\quake3.exe:*:Enabled:Quake III Arena -- ()
"C:\SoftImage\Softimage_Mod_Tool_7.5\Application\bin\XSI.exe" = C:\SoftImage\Softimage_Mod_Tool_7.5\Application\bin\XSI.exe:*:Enabled:XSI -- (Autodesk, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company 2 -- (EA Digital Illusions CE AB)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Battlefield: Bad Company 2 -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\hitman 2 silent assassin\hitman2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\hitman 2 silent assassin\hitman2.exe:*:Enabled:Hitman 2: Silent Assassin -- (IO Interactive)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\hitman 2 silent assassin\config.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\hitman 2 silent assassin\config.exe:*:Enabled:Hitman 2: Silent Assassin -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\hitman codename 47\Hitman.Exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\hitman codename 47\Hitman.Exe:*:Enabled:Hitman: Codename 47 -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\hitman codename 47\Setup.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\hitman codename 47\Setup.exe:*:Enabled:Hitman: Codename 47 -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\hitman blood money\HitmanBloodMoney.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\hitman blood money\HitmanBloodMoney.exe:*:Enabled:Hitman: Blood Money -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\hitman blood money\configure.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\hitman blood money\configure.exe:*:Enabled:Hitman: Blood Money -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead 2\bin\SDKLauncher.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead 2\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead 2 Authoring Tools -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\day of defeat source\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0C9CB04A-5A5A-499E-95FC-F7FA9D70AA8A}" = Autodesk Softimage Mod Tool 7.5
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1DED92A7-05FA-4736-8AEA-1BE2363F1033}" = Nero 7 Essentials
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{38189804-0D18-4469-8BE6-CC16C4E1B2A5}" = WModem_Installer
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{471DCE2E-75B0-4B4F-B6B1-C4EA5A3D1E2C}" = Autodesk Softimage Mod Tool 7.5
"{4CD67A02-DF59-43f7-8E8F-86DCF40543EF}" = 2570_Help
"{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI
"{4F77F6EE-2C99-49F7-940A-2E9C208C3BE1}" = Paint.NET v3.5.2
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{65761BAE-11E8-48FE-B30F-1F01011AB906}" = The Sims™ 3 Create a World Tool - Beta
"{65AB08A4-56A4-4362-A9E7-F0A8D8901F80}" = WModem Driver Installer
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{747A6A10-DA58-48C2-A1F0-C15514419C8A}" = Hallmark Card Studio 2008
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91C514E8-C92E-48E4-BDEE-DE3407837194}" = Wolfenstein(TM) 1.2 Patch
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A8D91906-4032-4443-8C49-69F90E38F39D}" = 2570
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - Quake Wars(TM)
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein(TM) 1.1 Patch
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE55FD52-0D47-4c5a-96EC-48F70FF30520}" = 2570Trb
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"AVG8Uninstall" = AVG 8.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Blood Harvest Modified" = Blood Harvest Modified
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Crash Course 3.2 Installer" = Crash Course 3.2 Installer
"CreataCard Gold 3" = CreataCard Gold 3
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Dead Air Modified" = Dead Air Modified
"Death Toll Modified" = Death Toll Modified
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Download Manager" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Fraps" = Fraps (remove only)
"Free iPod Video Converter_is1" = Free iPod Video Converter V 2.91
"GCFScape_is1" = GCFScape 1.7.2
"Get a Life_is1" = Get a Life Final v1.0
"Half-Life 2 Riot Act" = Half-Life 2 Riot Act 1.0
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"Hamachi" = Hamachi 1.0.3.0
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{91C514E8-C92E-48E4-BDEE-DE3407837194}" = Wolfenstein(TM) 1.2 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein(TM) 1.1 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"No Mercy Modified" = No Mercy Modified
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 1250" = Killing Floor
"Steam App 130" = Half-Life: Blue Shift
"Steam App 17520" = Synergy
"Steam App 19900" = Far Cry 2
"Steam App 205" = Source Dedicated Server
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 2200" = Quake III Arena
"Steam App 2310" = Quake
"Steam App 2320" = Quake II
"Steam App 2330" = Quake II: The Reckoning
"Steam App 2340" = Quake II: Ground Zero
"Steam App 2350" = Quake III: Team Arena
"Steam App 240" = Counter-Strike: Source
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 280" = Half-Life: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 50" = Half-Life: Opposing Force
"Steam App 500" = Left 4 Dead
"Steam App 513" = Left 4 Dead Authoring Tools Beta
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 590" = Left 4 Dead 2 Demo
"Steam App 6850" = Hitman 2: Silent Assassin
"Steam App 6860" = Hitman: Blood Money
"Steam App 6900" = Hitman: Codename 47
"Steam App 70" = Half-Life
"Steam App 9030" = Quake Mission Pack 2: Dissolution of Eternity
"Steam App 9040" = Quake Mission Pack 1: Scourge of Armagon
"SunEdit 2K Beta 7.2" = SunEdit 2K Beta 7.2
"SvenCoop" = Sven Co-op 4.0B
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 4" = TeamViewer 4
"TeamViewer 5" = TeamViewer 5
"VZAccess Manager" = VZAccess Manager
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = SMT5800VW User Manual
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Worldcraft 3" = Worldcraft 3
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XCC Utilities" = XCC Utilities 1.46
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"ShockWave V0.95" = ShockWave V0.95
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/13/2010 3:51:34 PM | Computer Name = PRATT | Source = Bonjour Service | ID = 100
Description = 420: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/13/2010 3:51:34 PM | Computer Name = PRATT | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/13/2010 3:51:34 PM | Computer Name = PRATT | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/25/2010 9:06:48 PM | Computer Name = PRATT | Source = Bonjour Service | ID = 100
Description = 248: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/25/2010 9:06:49 PM | Computer Name = PRATT | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/25/2010 9:06:49 PM | Computer Name = PRATT | Source = Bonjour Service | ID = 100
Description = 424: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/25/2010 9:06:49 PM | Computer Name = PRATT | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/25/2010 9:06:49 PM | Computer Name = PRATT | Source = Bonjour Service | ID = 100
Description = 436: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 5/1/2010 10:00:54 AM | Computer Name = PRATT | Source = Application Hang | ID = 1002
Description = Hanging application yfufjxttssd.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/1/2010 1:03:04 PM | Computer Name = PRATT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: A connection with the server could not be established

[ System Events ]
Error - 4/8/2010 5:07:14 PM | Computer Name = PRATT | Source = DCOM | ID = 10010
Description = The server {ED081F25-6A77-4C89-B689-C6E15C582EC1} did not register
with DCOM within the required timeout.


< End of report >

TrIggA
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-10
Gender Gender : Male
OS OS : Windows XP Professional, SP3
Protection Protection : AVG Free, Malwarebyte's Anti-Malware
Points Points : 25311
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiSpyware Soft is back.

Post by TrIggA on Sat May 01, 2010 5:55 pm

OTL:

OTL logfile created on: 5/1/2010 12:57:46 PM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\Josh\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 80.93 Gb Free Space | 27.15% Space Free | Partition Type: NTFS
Drive D: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRATT
Current User Name: Josh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/01 12:55:01 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\My Documents\Downloads\OTL.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 14:53:33 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/03/13 08:29:12 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/16 18:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/11/06 08:58:33 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/26 15:45:46 | 000,542,272 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2009/10/26 15:45:38 | 000,843,032 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2009/08/28 08:03:36 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/28 08:03:36 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/28 08:03:34 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/28 08:03:33 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/28 08:03:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/29 12:50:00 | 000,110,936 | ---- | M] (TODO: ) -- C:\Program Files\Creative Home\Hallmark Card Studio 2008\Planner\PLNRnote.exe
PRC - [2007/06/01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/05/01 12:55:01 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/16 18:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/08/28 08:03:33 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/28 08:03:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/01/12 00:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/01/07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/08/28 08:03:36 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/28 08:03:36 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/29 23:36:35 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/05/01 09:23:20 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/10 13:33:58 | 000,048,640 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/04/12 15:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/15 18:12:04 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/12/27 18:38:42 | 000,092,800 | ---- | M] (HTC Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcserxp.sys -- (qcserxp) HTC Diagnostic Port (PID 0B03)
DRV - [2004/08/14 04:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 09:53:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/01/04 13:05:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/10 13:44:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/10 13:44:17 | 000,000,000 | ---D | M]

[2009/03/26 17:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Extensions
[2010/04/30 14:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions
[2010/04/28 15:04:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/16 12:49:03 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/03/06 01:14:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/01 08:35:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [sjtgnvgn] C:\Documents and Settings\Rich\Local Settings\Application Data\ghycohbmv\yfufjxttssd.exe ()
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] c:\documents and settings\josh\my documents\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2008.lnk = C:\WINDOWS\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe ()
O4 - Startup: C:\Documents and Settings\Josh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Josh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Josh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/26 17:58:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/15 20:53:55 | 000,000,142 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/01 13:01:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/01 13:01:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/01 13:01:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/01 13:01:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/01 12:42:15 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/04/27 21:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\My Documents\Hitman Blood Money
[2010/04/15 15:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\My Documents\dumps
[2010/04/14 21:20:07 | 163,984,087 | ---- | C] (Acresso Software Inc.) -- C:\Documents and Settings\Josh\Desktop\worldtool.exe
[2010/04/10 13:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/10 13:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/10 13:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/10 13:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/09 16:47:01 | 000,000,000 | ---D | C] -- C:\users
[2010/04/09 16:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Softimage
[2010/04/09 16:43:06 | 000,000,000 | ---D | C] -- C:\SoftImage
[2010/04/09 16:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\SoftImage
[2010/04/09 16:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Application Data\InstallShield
[2010/04/09 16:12:11 | 466,912,227 | ---- | C] (Softimage ) -- C:\Documents and Settings\Josh\Desktop\setup_XSIDEMO_Mod Tool_7_5_203_win32.exe
[2010/04/03 23:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Desktop\hlss
[2010/04/03 13:33:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Desktop\my_voiceover
[2010/04/01 20:17:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Desktop\L4D2_Sounds
[1 C:\Documents and Settings\Josh\*.tmp files -> C:\Documents and Settings\Josh\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/01 13:02:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/01 12:48:26 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/01 12:48:07 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2008.lnk
[2010/05/01 12:48:04 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/01 12:47:58 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/01 12:47:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/01 12:46:13 | 023,855,104 | -H-- | M] () -- C:\Documents and Settings\Josh\ntuser.dat
[2010/05/01 12:46:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Josh\ntuser.ini
[2010/05/01 12:04:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/01 11:10:29 | 000,138,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/05/01 09:06:57 | 059,471,543 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/25 21:06:46 | 002,117,500 | -H-- | M] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\IconCache.db
[2010/04/24 16:47:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/22 20:37:52 | 000,000,077 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\Hitman Codename 47.url
[2010/04/22 20:37:52 | 000,000,077 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\Hitman Blood Money.url
[2010/04/22 20:37:52 | 000,000,077 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\Hitman 2 Silent Assassin.url
[2010/04/19 05:42:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/17 20:56:16 | 000,011,079 | ---- | M] () -- C:\Documents and Settings\Josh\My Documents\Saint Research Paper.docx
[2010/04/17 20:18:27 | 000,011,453 | ---- | M] () -- C:\Documents and Settings\Josh\My Documents\Letter to the Bishop.docx
[2010/04/16 15:23:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/14 21:36:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 21:24:10 | 000,001,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Create a World Tool - Beta.lnk
[2010/04/14 21:22:33 | 163,984,087 | ---- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Josh\Desktop\worldtool.exe
[2010/04/13 20:07:06 | 000,215,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/04/12 20:09:20 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/10 13:44:11 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/10 00:06:50 | 003,325,440 | R--- | M] () -- C:\Documents and Settings\Josh\Desktop\YouTube- Don't tell Locke what he can't can't do!.mp3
[2010/04/09 21:45:55 | 000,262,162 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\notaspy.tga
[2010/04/09 16:46:55 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Softimage_Mod_Tool_7.5.lnk
[2010/04/09 16:39:28 | 466,912,227 | ---- | M] (Softimage ) -- C:\Documents and Settings\Josh\Desktop\setup_XSIDEMO_Mod Tool_7_5_203_win32.exe
[2010/04/03 23:47:24 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\dBpowerAMP Music Converter.lnk
[2010/04/03 23:47:24 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\dMC Audio CD Input.lnk
[2010/04/03 23:47:21 | 000,036,120 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2010/04/03 23:47:20 | 000,131,072 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/04/03 23:46:41 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.bmp
[2010/04/02 16:16:53 | 000,101,888 | ---- | M] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Documents and Settings\Josh\*.tmp files -> C:\Documents and Settings\Josh\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/01 13:01:49 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/01 13:01:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/01 13:01:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/01 13:01:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/01 13:01:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/22 20:37:52 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\Hitman Codename 47.url
[2010/04/22 20:37:52 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\Hitman Blood Money.url
[2010/04/22 20:37:52 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\Hitman 2 Silent Assassin.url
[2010/04/17 20:56:16 | 000,011,079 | ---- | C] () -- C:\Documents and Settings\Josh\My Documents\Saint Research Paper.docx
[2010/04/17 20:12:43 | 000,011,453 | ---- | C] () -- C:\Documents and Settings\Josh\My Documents\Letter to the Bishop.docx
[2010/04/14 21:24:10 | 000,001,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Create a World Tool - Beta.lnk
[2010/04/12 20:09:20 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/10 13:47:39 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/10 13:44:11 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/10 00:06:50 | 003,325,440 | R--- | C] () -- C:\Documents and Settings\Josh\Desktop\YouTube- Don't tell Locke what he can't can't do!.mp3
[2010/04/09 21:45:20 | 000,262,162 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\notaspy.tga
[2010/04/09 16:45:53 | 000,001,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Softimage_Mod_Tool_7.5.lnk
[2010/04/09 16:44:45 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\XSIChooser.exe
[2010/04/03 23:47:24 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\dBpowerAMP Music Converter.lnk
[2010/04/03 23:47:24 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\dMC Audio CD Input.lnk
[2010/04/03 23:47:21 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.bmp
[2010/04/03 23:47:20 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/04/03 23:47:20 | 000,036,120 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2010/02/10 23:16:10 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/01/16 15:20:50 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2010/01/16 15:20:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010/01/16 15:20:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2010/01/16 15:20:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2010/01/16 15:20:50 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2010/01/16 15:20:49 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2009/10/14 16:00:30 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/24 09:47:53 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/24 09:47:53 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/29 23:24:39 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/05/29 21:43:58 | 000,010,802 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/05/10 21:18:01 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/05/10 10:38:10 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/05/10 09:45:52 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2009/04/23 17:55:26 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/26 20:51:23 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/03/26 18:35:35 | 000,138,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/03/26 18:04:26 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/03/26 18:04:15 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/06/28 12:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >


Sorry it took so many posts, but I have everything (Except ESET Online Scanner, which, thus far, has found 1 virus, "Eicar test file."

TrIggA
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-10
Gender Gender : Male
OS OS : Windows XP Professional, SP3
Protection Protection : AVG Free, Malwarebyte's Anti-Malware
Points Points : 25311
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiSpyware Soft is back.

Post by Belahzur on Sat May 01, 2010 6:37 pm

Hello.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    Folder::
    c:\documents and settings\Rich\Local Settings\Application Data\ghycohbmv

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "sjtgnvgn"=-

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiSpyware Soft is back.

Post by TrIggA on Sat May 01, 2010 11:34 pm

Thanks, the virus itself was the "yfufjxttssd.exe." I had to end that process before I could use the computer. I think it's gone, but you guys are the judge of that.

Anyway, here it is:

ComboFix 10-05-01.02 - Josh 05/01/2010 18:35:07.6.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2700 [GMT -4:00]
Running from: c:\documents and settings\Josh\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Josh\My Documents\Downloads\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rich\Local Settings\Application Data\ghycohbmv
c:\documents and settings\Rich\Local Settings\Application Data\ghycohbmv\yfufjxttssd.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-01 to 2010-05-01 )))))))))))))))))))))))))))))))
.

2010-05-01 22:30 . 2008-04-13 17:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-05-01 22:30 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-04-13 12:16 . 2010-04-13 12:16 -------- d-----w- c:\documents and settings\Nicole.PRATT\Application Data\Apple Computer
2010-04-10 17:47 . 2010-04-10 17:47 -------- d-----w- c:\program files\iPod
2010-04-10 17:46 . 2010-04-10 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-10 17:44 . 2010-04-10 17:44 -------- d-----w- c:\program files\QuickTime
2010-04-10 17:40 . 2010-04-10 17:40 -------- d-----w- c:\program files\Bonjour
2010-04-09 20:47 . 2010-04-09 20:47 -------- d-----w- C:\users
2010-04-09 20:45 . 2010-04-09 20:45 -------- d-----w- c:\program files\Common Files\Softimage
2010-04-09 20:44 . 2009-04-06 21:08 57344 ------w- c:\windows\system32\XSIChooser.exe
2010-04-09 20:43 . 2010-04-09 20:44 -------- d-----w- C:\SoftImage
2010-04-09 20:42 . 2010-04-09 20:42 -------- d-----w- c:\program files\SoftImage
2010-04-09 20:40 . 2010-04-09 20:40 -------- d-----w- c:\documents and settings\Josh\Application Data\InstallShield
2010-04-08 21:25 . 2010-04-08 21:25 -------- d-----w- c:\documents and settings\Rich\Local Settings\Application Data\Yahoo!
2010-04-04 03:47 . 2010-04-04 03:47 36120 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2010-04-04 03:47 . 2010-04-04 03:47 131072 ----a-w- c:\windows\system32\SpoonUninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 21:15 . 2009-03-26 22:40 170400 ----a-w- c:\documents and settings\Rich\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-01 15:10 . 2009-03-26 22:35 138784 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-01 15:10 . 2009-03-26 22:35 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-15 01:36 . 2009-08-25 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-15 01:23 . 2009-08-16 22:52 -------- d-----w- c:\program files\Electronic Arts
2010-04-15 01:23 . 2009-03-26 22:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-15 01:23 . 2010-04-15 01:23 0 ----a-w- c:\documents and settings\Josh\_r_a_p_.tmp
2010-04-13 00:09 . 2009-10-31 03:42 -------- d-----w- c:\program files\Google
2010-04-10 17:47 . 2010-02-19 12:03 -------- d-----w- c:\program files\iTunes
2010-04-10 17:47 . 2009-11-26 01:12 -------- d-----w- c:\program files\Common Files\Apple
2010-03-31 23:48 . 2010-03-09 20:42 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-03-27 01:59 . 2009-07-25 22:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-17 21:27 . 2010-01-13 02:14 122668 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-15 00:45 . 2009-12-24 15:15 -------- d-----w- c:\documents and settings\Josh\Application Data\TS3Client
2010-03-12 00:13 . 2009-03-26 21:30 170400 ----a-w- c:\documents and settings\Josh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-11 22:39 . 2010-03-11 19:56 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-03-11 19:56 . 2009-03-26 22:35 138056 ----a-w- c:\documents and settings\Josh\Application Data\PnkBstrK.sys
2010-03-11 19:56 . 2009-03-26 22:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-11 12:05 . 2009-05-06 23:47 -------- d-----w- c:\program files\EA GAMES
2010-03-11 01:45 . 2009-03-27 00:05 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-11 01:45 . 2010-03-11 01:45 -------- d-----w- c:\documents and settings\Josh\Application Data\SystemRequirementsLab
2010-03-10 19:50 . 2010-03-10 19:46 -------- d-----w- c:\program files\WinSCP
2010-03-09 11:09 . 2003-03-31 12:00 430080 ------w- c:\windows\system32\vbscript.dll
2010-03-07 13:11 . 2009-04-06 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-03-04 01:21 . 2010-03-04 01:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-04 01:20 . 2009-10-06 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-03-03 01:12 . 2009-07-25 19:53 -------- d-----w- c:\documents and settings\Josh\Application Data\BitTorrent
2010-03-02 23:56 . 2010-02-24 22:49 -------- d-----w- c:\documents and settings\Marge\Application Data\Apple Computer
2010-02-26 05:43 . 2003-03-31 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2003-03-31 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2003-03-31 12:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2003-03-31 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-03-31 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-11 03:16 . 2010-02-11 03:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-01 22:48 . 2010-05-01 22:48 16384 c:\windows\temp\Perflib_Perfdata_54c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\documents and settings\josh\my documents\steam\steam.exe" [2010-04-15 1238352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 484904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-06 1822720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-21 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-08 1953792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-06 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

c:\documents and settings\Rich\Start Menu\Programs\Startup\
Event Minder Reminders.lnk - c:\hallmark\EMREMIND.EXE [2009-5-10 6240]

c:\documents and settings\Josh\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder 2008.lnk - c:\windows\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2009-8-30 1718]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 12:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Josh^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\Josh\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Josh^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Josh\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Xfire\\Xfire.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\synergy\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\source sdk base\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life deathmatch source\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\Steam.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life blue shift\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\opposing force\\hl.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\team fortress classic\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Bittorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Sony Vegas\\Actual\\VegSrv80.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FarCry2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2Editor.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2BenchmarkTool.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\srcds\\orangebox\\srcds.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\srcds\\CSS\\srcds.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\synergy dedicated server\\srcds.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\quake\\Winquake.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\quake\\qwcl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\quake\\Glquake.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\quake\\glqwcl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\quake 2\\quake2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\quake 2\\ground_zero.bat"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\quake 2\\reckoning.bat"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\quake 3 arena\\quake3.exe"=
"c:\\SoftImage\\Softimage_Mod_Tool_7.5\\Application\\bin\\XSI.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\hitman 2 silent assassin\\hitman2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\hitman 2 silent assassin\\config.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\hitman codename 47\\Hitman.Exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\hitman codename 47\\Setup.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\hitman blood money\\HitmanBloodMoney.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\hitman blood money\\configure.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2\\bin\\SDKLauncher.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\day of defeat source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/26/2009 6:05 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/26/2009 6:05 PM 108552]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [12/16/2009 6:38 PM 375296]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/26/2009 6:05 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/26/2009 6:05 PM 297752]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [3/26/2009 6:04 PM 38656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2009 11:42 PM 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 qcserxp;HTC Diagnostic Port (PID 0B03);c:\windows\system32\drivers\qcserxp.sys [9/16/2009 7:48 PM 92800]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 21:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 03:42]

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 03:42]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Josh\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-01 19:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-179605362-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ca,b3,8b,20,6d,69,ea,a1,6d,b8,63,54,40,ad,10,73,14,2a,c4,61,95,55,d1,
45,30,81,ee,48,20,ee,9f,04,7d,0b,e1,d3,af,7f,c6,8a,1b,10,f3,19,56,41,37,01,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-343818398-179605362-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:53,62,e4,b3,57,aa,a5,21,60,80,be,76,64,fd,84,aa,10,63,0a,a9,6b,
16,bb,43,86,2a,92,2a,5f,b3,5f,68,34,18,b0,fb,9d,66,ca,11,79,f5,80,f1,40,f0,\
"rkeysecu"=hex:9a,e4,aa,18,80,64,ce,fc,21,d2,d3,41,93,f8,2a,28
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2432)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\taskmgr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-01 19:27:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-01 23:27
ComboFix2.txt 2010-05-01 17:49

Pre-Run: 86,695,321,600 bytes free
Post-Run: 86,634,184,704 bytes free

- - End Of File - - 6AC07E60F3126F22A501E6B5AD85E16D

TrIggA
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-10
Gender Gender : Male
OS OS : Windows XP Professional, SP3
Protection Protection : AVG Free, Malwarebyte's Anti-Malware
Points Points : 25311
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiSpyware Soft is back.

Post by Belahzur on Sun May 02, 2010 9:08 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AntiSpyware Soft is back.

Post by TrIggA on Sun May 02, 2010 11:14 pm

It's great, once again, thanks a bunch Belahzur!

TrIggA
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-02-10
Gender Gender : Male
OS OS : Windows XP Professional, SP3
Protection Protection : AVG Free, Malwarebyte's Anti-Malware
Points Points : 25311
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AntiSpyware Soft is back.

Post by Belahzur on Mon May 03, 2010 9:50 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum