WiredWX Hobby Weather ToolsLog in

 


Fake Anti Virus

2 posters

descriptionFake Anti Virus EmptyFake Anti Virus

more_horiz
My computer, a Windows Vista, got infected with a virus that seems to block programs from accessing, saying that the object is infected and wants to initiate my antivirus software. This also blocks anti virus programs. It will even pop up windows of porn sites. Now, I restarted my computer and was able to activate AntiMalware Bytes, it scanned, and picked up one infection. I removed it, but it still seems to be there. Funnily, the virus will not block my Avast antivirus software and it has eliminated some infections too.

Am I doing the right thing? Is there a better way to eliminate it? I have school papers due in a few days, so I wanna have this issue resolved quickly if possible. My girlfriend recommended you guys, so I could really use some help.

descriptionFake Anti Virus EmptyRe: Fake Anti Virus

more_horiz
The virus seems to be some form of the Antispyware Soft program, as it is the 'anti-virus' program they want me to run to 'get rid of' the problems. The viruses it claims to read are "win32, Nugel.E, and Banker Fox.A".

descriptionFake Anti Virus EmptyRe: Fake Anti Virus

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionFake Anti Virus EmptyRe: Fake Anti Virus

more_horiz
Here is the data

OTL logfile created on: 5/15/2010 5:55:13 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Nick F\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.23 Gb Total Space | 61.81 Gb Free Space | 44.39% Space Free | Partition Type: NTFS
Drive D: | 9.81 Gb Total Space | 1.68 Gb Free Space | 17.10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICKF-PC
Current User Name: Nick F
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/15 17:43:59 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Nick F\Downloads\OTL.exe
PRC - [2010/04/20 23:24:01 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/20 23:23:58 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/03 12:04:10 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/04/01 10:08:24 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/14 09:11:34 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/14 09:11:29 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/14 09:09:50 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/14 09:09:49 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/10 16:39:26 | 005,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/09/28 10:05:10 | 000,240,976 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0316.3\mswinext.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/07/17 11:12:14 | 000,288,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
PRC - [2009/07/09 13:07:14 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/02/25 14:26:00 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/02/05 13:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/02/05 13:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/02/05 13:08:26 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 13:06:04 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/02/05 13:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/06 15:22:18 | 000,266,240 | ---- | M] () -- C:\Program Files\HP\Button Manager\BM.exe
PRC - [2008/11/06 10:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/10/15 01:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008/06/16 08:03:20 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008/05/21 14:33:32 | 000,530,944 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
PRC - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008/01/20 19:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/14 16:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
PRC - [2007/12/14 09:39:22 | 000,455,336 | ---- | M] () -- C:\Program Files\Lexmark 5000 Series\lxdmmon.exe
PRC - [2007/12/14 09:39:19 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\Philips\SPC230NC\Monitor.exe
PRC - [2007/12/07 07:37:36 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdmcoms.exe
PRC - [2007/03/14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
PRC - [2007/03/14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/13 15:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/05/15 17:43:59 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Nick F\Downloads\OTL.exe
MOD - [2010/03/14 09:11:33 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 19:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/14 09:11:29 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/14 09:09:50 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/05 13:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/02/05 13:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/02/05 13:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/02/05 13:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/07 07:37:36 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdmcoms.exe -- (lxdm_device)
SRV - [2007/12/07 07:37:27 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe -- (lxdmCATSCustConnectService)
SRV - [2007/03/14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2007/03/14 15:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/13 15:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)


========== Driver Services (SafeList) ==========

DRV - [2010/04/20 23:23:59 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/14 09:11:33 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/14 09:09:49 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/10 21:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/05 13:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/02/05 13:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/02/05 13:06:59 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/02/05 13:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/02/05 13:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/05/03 05:39:00 | 000,042,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/27 12:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 15:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/04/17 11:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/17 07:07:46 | 000,203,776 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/29 06:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/20 19:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 19:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 19:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/31 16:19:50 | 000,461,056 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SPC230NC.SYS -- (SPC230NC)
DRV - [2007/10/31 18:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 18:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 18:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/26 14:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2007/07/11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/02 16:08:14 | 000,017,664 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/23 11:01:12 | 000,025,792 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cscc.edu/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cscc.edu/"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313


FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/10/09 23:15:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/16 23:27:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 09:23:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 09:23:42 | 000,000,000 | ---D | M]

[2010/04/02 19:54:03 | 000,000,000 | ---D | M] -- C:\Users\Nick F\AppData\Roaming\Mozilla\Extensions
[2010/04/02 19:54:03 | 000,000,000 | ---D | M] -- C:\Users\Nick F\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2010/05/14 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Nick F\AppData\Roaming\Mozilla\Firefox\Profiles\l4fjkkx4.default\extensions
[2010/04/27 21:36:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nick F\AppData\Roaming\Mozilla\Firefox\Profiles\l4fjkkx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/18 17:01:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nick F\AppData\Roaming\Mozilla\Firefox\Profiles\l4fjkkx4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/27 21:36:32 | 000,000,000 | ---D | M] -- C:\Users\Nick F\AppData\Roaming\Mozilla\Firefox\Profiles\l4fjkkx4.default\extensions\personas@christopher.beard
[2010/03/03 16:18:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0316.3\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0316.3\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Lexmark 5000 Series Fax Server] C:\Program Files\Lexmark 5000 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxdmamon] C:\Program Files\Lexmark 5000 Series\lxdmamon.exe ()
O4 - HKLM..\Run: [lxdmmon.exe] C:\Program Files\Lexmark 5000 Series\lxdmmon.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0316.3\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [close delete] C:\ProgramData\Burn Deaf Deaf.qfc File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [tgiuxtca] C:\Users\Nick F\AppData\Local\kkdwqrlei\lmdjtdatssd.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [way math bike enc] C:\ProgramData\funk jugs option.ubu File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Nick F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nick F\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nick F\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/24 23:20:48 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{68d6e2fa-432d-11de-bbc3-001f1645c259}\Shell - "" = AutoRun
O33 - MountPoints2\{68d6e2fa-432d-11de-bbc3-001f1645c259}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/15 00:01:54 | 000,000,000 | ---D | C] -- C:\Users\Nick F\AppData\Local\kkdwqrlei
[2010/05/03 15:45:57 | 000,000,000 | ---D | C] -- C:\Users\Nick F\AppData\Roaming\Real
[2009/12/27 23:18:07 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdmhcp.dll
[2009/12/27 23:18:07 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdminpa.dll
[2009/12/27 23:18:06 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdmusb1.dll
[2009/12/27 23:18:06 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdmiesc.dll
[2009/12/27 23:18:05 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdmserv.dll
[2009/12/27 23:18:05 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdmpmui.dll
[2009/12/27 23:18:05 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdmprox.dll
[2009/12/27 23:18:04 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdmlmpm.dll
[2009/12/27 23:18:02 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdmhbn3.dll
[2009/12/27 23:17:59 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdmcomc.dll
[2009/12/27 23:17:59 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdmcomm.dll

========== Files - Modified Within 30 Days ==========

[2010/05/15 17:56:05 | 003,145,728 | -HS- | M] () -- C:\Users\Nick F\ntuser.dat
[2010/05/15 17:54:06 | 000,000,246 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/05/15 17:52:35 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/05/15 17:52:26 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/05/15 17:52:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/15 17:52:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/15 17:52:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/15 17:51:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/15 17:51:53 | 2951,020,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/15 17:50:27 | 000,524,288 | -HS- | M] () -- C:\Users\Nick F\ntuser.dat{9abde0d2-8786-11de-b2b5-001f1645c259}.TMContainer00000000000000000001.regtrans-ms
[2010/05/15 17:50:27 | 000,065,536 | -HS- | M] () -- C:\Users\Nick F\ntuser.dat{9abde0d2-8786-11de-b2b5-001f1645c259}.TM.blf
[2010/05/15 17:49:50 | 060,032,049 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/15 17:49:24 | 003,791,406 | -H-- | M] () -- C:\Users\Nick F\AppData\Local\IconCache.db
[2010/05/15 17:48:24 | 000,000,512 | ---- | M] () -- C:\Users\Nick F\Desktop\OTL - Shortcut.lnk
[2010/05/14 23:39:49 | 000,011,483 | ---- | M] () -- C:\Users\Nick F\Documents\Super Smash Bros1.celtx
[2010/05/12 15:41:33 | 000,037,472 | ---- | M] () -- C:\Users\Nick F\AppData\Roaming\wklnhst.dat
[2010/05/12 07:40:47 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNick F.job
[2010/05/07 15:34:13 | 000,002,671 | ---- | M] () -- C:\Users\Nick F\Desktop\Character Creation Utility.lnk
[2010/05/01 22:01:14 | 000,000,680 | ---- | M] () -- C:\Users\Nick F\AppData\Local\d3d9caps.dat
[2010/04/30 08:29:35 | 000,008,409 | ---- | M] () -- C:\Users\Nick F\Documents\LOG SAVER.odt
[2010/04/28 21:53:33 | 000,331,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/21 11:39:50 | 000,017,368 | ---- | M] () -- C:\Users\Nick F\Documents\Cutscene~Echoes of Soleanna Intro.rtf
[2010/04/21 11:39:24 | 000,023,261 | ---- | M] () -- C:\Users\Nick F\Documents\Cutscene~Echoes of Soleanna Intro.odt
[2010/04/20 23:23:59 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/18 09:43:20 | 000,015,344 | ---- | M] () -- C:\Users\Nick F\Documents\Guardians MOVIE.celtx
[2010/04/18 00:58:29 | 000,062,464 | ---- | M] () -- C:\Users\Nick F\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/05/15 17:48:24 | 000,000,512 | ---- | C] () -- C:\Users\Nick F\Desktop\OTL - Shortcut.lnk
[2010/05/14 23:39:49 | 000,011,483 | ---- | C] () -- C:\Users\Nick F\Documents\Super Smash Bros1.celtx
[2010/04/21 11:32:52 | 000,017,368 | ---- | C] () -- C:\Users\Nick F\Documents\Cutscene~Echoes of Soleanna Intro.rtf
[2010/04/21 04:19:32 | 000,023,261 | ---- | C] () -- C:\Users\Nick F\Documents\Cutscene~Echoes of Soleanna Intro.odt
[2010/04/18 09:43:19 | 000,015,344 | ---- | C] () -- C:\Users\Nick F\Documents\Guardians MOVIE.celtx
[2009/12/27 23:25:39 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdmcoin.dll
[2009/12/27 23:22:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDMPMON.DLL
[2009/12/27 23:22:07 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDMFXPU.DLL
[2009/12/27 23:21:47 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdmoem.dll
[2009/12/27 23:18:23 | 000,000,060 | -H-- | C] () -- C:\Windows\System32\lxdmrwrd.ini
[2009/12/27 23:18:08 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdminst.dll
[2009/12/27 23:18:02 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdmgrd.dll
[2009/10/22 10:24:51 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/10/22 10:24:50 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/10/22 10:24:44 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/10/22 10:24:43 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/10/22 10:24:42 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/10/22 10:24:38 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/10/22 10:24:37 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/24 13:12:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 15:11:47 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/08 12:35:32 | 000,000,842 | ---- | C] () -- C:\Windows\System32\SPC230NC.INI
[2007/05/22 15:59:37 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdmdrs.dll
[2007/05/22 07:10:11 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdmcaps.dll
[2007/04/17 07:17:05 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdmcnv4.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/07/31 22:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdmvs.dll
[2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >

descriptionFake Anti Virus EmptyRe: Fake Anti Virus

more_horiz
OTL Extras logfile created on: 5/15/2010 5:55:13 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Nick F\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.23 Gb Total Space | 61.81 Gb Free Space | 44.39% Space Free | Partition Type: NTFS
Drive D: | 9.81 Gb Total Space | 1.68 Gb Free Space | 17.10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICKF-PC
Current User Name: Nick F
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11EA80CF-0B0D-49A8-959D-EFF5E7248766}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1B645610-E7EC-43A9-A627-065E5A7C79A5}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{2B962293-9744-4283-9D55-30ABC0D8A08E}" = rport=137 | protocol=17 | dir=out | app=system |
"{456D2967-2FDD-4095-89CD-7F9F0AE7E6F2}" = rport=138 | protocol=17 | dir=out | app=system |
"{51314FBC-09BF-41C4-9B92-94B86E57E0A8}" = lport=138 | protocol=17 | dir=in | app=system |
"{644DED8B-403A-4DE3-9944-49E6B97E02F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{65B8C994-50D4-4430-AB62-61C9AA71EDAA}" = lport=6182 | protocol=17 | dir=in | name=miri |
"{6BD169A3-F712-4138-9ECB-632B5E3E1C06}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7DEF0628-0BB4-4306-9EB8-F898FEC7F14C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{965ED3CA-8A34-432A-A3D7-7088F005C558}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{9EEC9DBE-C96B-41CD-B956-24655D200993}" = rport=445 | protocol=6 | dir=out | app=system |
"{A2DBA84D-1022-46F3-A149-B7358BB20BDC}" = lport=137 | protocol=17 | dir=in | app=system |
"{AAA9A975-880E-41A1-A7E6-E118CE616C08}" = lport=445 | protocol=6 | dir=in | app=system |
"{CD126F8A-6ADA-4924-B17B-01334A84E90D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE706A68-0A6C-4CC2-9A43-80FB010D1E16}" = lport=139 | protocol=6 | dir=in | app=system |
"{F0BB74BE-80F7-4354-A73F-AEA43BEA3C3F}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0685ED02-714B-4033-8981-1129968FE43B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0A41CA73-3E00-4A89-B97E-92CCB6751B3D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0E637ABF-C427-44A5-8BFC-95F47862C70C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{114E9D26-CD1D-4D07-AE43-A8F25536BBFE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{11D9147F-A6E9-4BD9-9C6C-D5D0F583CC2E}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{1378A3D2-157A-46A2-8CE7-DCE7CC4062FF}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1BFB6D00-29E4-4186-B18A-1E915BAC37D4}" = protocol=17 | dir=in | app=c:\program files\lexmark 5000 series\lxdmfax.exe |
"{2A862BF3-90A8-4314-AC6E-6A3A1C931A2D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{309AD940-59E0-44BB-9748-636ED3DDAF54}" = protocol=17 | dir=in | app=c:\program files\lexmark 5000 series\lxdmmon.exe |
"{3238950B-A61F-4E1B-86FF-EF3C323F0208}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{34141166-ECF9-4A77-AC84-31292729B403}" = protocol=6 | dir=in | app=c:\program files\lexmark 5000 series\frun.exe |
"{3B2BDC59-02DF-48EC-A223-2A0826C91E7F}" = protocol=6 | dir=in | app=c:\program files\lexmark 5000 series\lxdmfax.exe |
"{3BC569BB-E319-40DC-910E-A0F78C078787}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3E659E5F-BE1A-45E9-A8A8-641CFBD1A99E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{41A19507-B05B-4E11-82E8-EDD49F8D3455}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{43502D9C-7C43-4A3E-B868-A61335224167}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{48C8FAFD-5FA5-4453-828D-46D53937F4DC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4C7E3AB7-4DAA-4934-BF2C-2F7DC2253A0F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdmpswx.exe |
"{50A14F53-C095-4B30-84BD-DE7D6B96906B}" = protocol=6 | dir=in | app=c:\program files\pure networks\network magic\nmsrvc.exe |
"{511FF2B7-BBAA-4B55-8D78-8ABC863C13BC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{51A7D2AD-81F2-45D8-BFB2-A9A3BF826F81}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{52006E0B-7A28-446A-AA76-66BD29705837}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{567C74A9-E306-4E6F-AFF1-6D342937DEE3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{58FA51C8-7556-479E-AC78-D4BDC2CA4286}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{594B66DA-4A7B-4E91-990E-AA2D9D1BBBD1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5E40EE8F-3D48-431F-B53F-63F2AB05762D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{61F37CC8-9338-4592-99C1-AE113615825B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdmpswx.exe |
"{66962F71-F57D-4045-A140-13F748A868A5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6804F69F-EEDC-4F76-8A7A-9606155DA6F8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6C3E3196-48B5-4DE5-AC1E-9A1AA8A97370}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{78946C39-7433-4430-8B05-9EAF59BB895A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7B31993C-7345-4C38-92A8-6325CEB10AE4}" = protocol=17 | dir=in | app=c:\program files\lexmark 5000 series\lxdmamon.exe |
"{7F4D8051-C7E3-4DF6-9C37-B8335F4705C5}" = protocol=17 | dir=in | app=c:\program files\pure networks\network magic\nmsrvc.exe |
"{8D1FF389-46BC-4504-860F-ED36C290DF72}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8FEBE8B0-8C5A-4E56-B24F-69224D01FB84}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{902C1511-41EA-4F94-8EAA-2178A9826391}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{99750CE0-318F-482D-B432-79312FD1FE72}" = protocol=6 | dir=in | app=c:\program files\lexmark 5000 series\lxdmmon.exe |
"{9A6803D7-5B01-4801-9146-A17B554A482F}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{9C5523DF-532E-43BD-B20D-5E0C17414C39}" = protocol=6 | dir=in | app=c:\program files\lexmark 5000 series\lxdmamon.exe |
"{A31BCDF5-4256-4A9B-8BFA-EAE125E49A68}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A8EEE264-26EF-4A2A-B65F-16FD45A18992}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AD2E9C17-3034-47E3-AD6B-7A2A46F573E0}" = protocol=17 | dir=in | app=c:\program files\lexmark 5000 series\frun.exe |
"{ADA792BB-98B8-4036-8044-3B9513557D6A}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{B0C72387-179A-4CC3-A0F1-C2FBAE03795B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{B24925A0-4EB7-40E2-8EDD-A3B9A5D0C849}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{BDB2C357-6A1C-4EB4-AAE9-EC3793B757B5}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{C8975BEB-F69D-4B28-B5C3-898D76F32385}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CCA1AF45-A0AA-46CD-AEB1-A60D9345B758}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D136F867-9CB9-408C-B1C4-A59AC652FDDD}" = protocol=17 | dir=in | app=c:\windows\system32\lxdmcoms.exe |
"{D5CB56C2-FDC3-4F28-9ADB-D5B622DE74DB}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{DA200504-B81E-4025-97C3-19D9D14D0002}" = protocol=6 | dir=in | app=c:\windows\system32\lxdmcoms.exe |
"{F02B4A96-DE85-4E20-8C1D-D596A99A15A5}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{F62D5B55-BBCB-48B8-BDD1-4FDB0EC0EEB7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{47FAD432-EEF9-40E3-9C45-20ED28E3239C}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{AED22BF7-825A-49F1-B5D5-7D4229FFB9E7}C:\program files\philips\intelligent agent\philips intelligent agent.exe" = protocol=6 | dir=in | app=c:\program files\philips\intelligent agent\philips intelligent agent.exe |
"TCP Query User{B3493865-87B9-421D-AEB5-10CE593A4625}C:\program files\lexmark 5000 series\lxdmmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 5000 series\lxdmmon.exe |
"UDP Query User{0F222FA8-3D2A-4F32-B067-C609B5D3EC47}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{6A821181-2509-4468-9C2A-CF95F2E83DFD}C:\program files\lexmark 5000 series\lxdmmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 5000 series\lxdmmon.exe |
"UDP Query User{710E5D44-4099-4FA1-8F09-5D2F87F361FB}C:\program files\philips\intelligent agent\philips intelligent agent.exe" = protocol=17 | dir=in | app=c:\program files\philips\intelligent agent\philips intelligent agent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05F350C6-FA6A-40D0-A130-FB941B39152C}" = Philips SPC230NC Webcam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{091D12F7-A074-4AFE-8401-072E8494D873}" = Clouded Horizons Character Creation Utility
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BB67266-D1A3-4CCC-8EB2-16770AB1FB76}" = ArcSoft WebCam Companion 2
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{719842F9-FF69-4BA6-A6FE-52244575E0B3}" = ArcSoft VideoImpression 2
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B640E7CC-7091-4A24-AE76-2140065D2054}" = HP User Guides 0110
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3FAEA0F-82B6-45E2-9A3D-4E49BE6C9451}" = MSN Toolbar Platform
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CA634931-0CC3-4067-ABCC-7182E1DC23B7}" = HP Button Manager
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECB7782-F35F-45CE-97C0-74BBBDC51C22}" = Webcam Video Viewer
"{D31612BB-C6D7-4142-96AE-16DB062354CF}" = HP Webcam User's Guide
"{D5773BFA-5967-4A1C-AD0F-FFFD0D13FC36}" = Network Magic
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FAB046D7-C187-4648-A1A9-FC875F7E3FCE}" = ArcSoft Magic-i 3
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActivePoint" = Microsoft®️ PowerPoint®️ Animation Player
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"AIMTunes" = AIMTunes
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.2
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"Celtx (2.7)" = Celtx (2.7)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Fraps" = Fraps
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.2.0
"Lexmark 5000 Series" = Lexmark 5000 Series
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.4.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Star Wars DroidWorks" = Star Wars DroidWorks
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 5/15/2010 3:06:49 PM | Computer Name = NickF-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::ExtractSelectedFiles()
chestGetFile() failed: 5.

Error - 5/15/2010 3:06:49 PM | Computer Name = NickF-PC | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_RestoreFile Error 5.

Error - 5/15/2010 3:06:49 PM | Computer Name = NickF-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestRestoreFile Error 5.

Error - 5/15/2010 3:06:49 PM | Computer Name = NickF-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestGetFile Error 5.

Error - 5/15/2010 3:06:49 PM | Computer Name = NickF-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::ExtractSelectedFiles()
chestGetFile() failed: 5.

Error - 5/15/2010 3:06:49 PM | Computer Name = NickF-PC | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_RestoreFile Error 5.

Error - 5/15/2010 3:06:49 PM | Computer Name = NickF-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestRestoreFile Error 5.

Error - 5/15/2010 3:06:49 PM | Computer Name = NickF-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestGetFile Error 5.

Error - 5/15/2010 3:06:49 PM | Computer Name = NickF-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::ExtractSelectedFiles()
chestGetFile() failed: 5.

Error - 5/15/2010 6:10:33 PM | Computer Name = NickF-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\System32\rtutils.dll failed, 00000005.

[ Application Events ]
Error - 11/4/2009 11:21:51 PM | Computer Name = NickF-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18319 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1204 Start Time: 01ca5dbb6ab06918 Termination Time: 0

Error - 11/4/2009 11:22:52 PM | Computer Name = NickF-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18319 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 15c Start Time: 01ca5dc71d8e8988 Termination Time: 47

Error - 11/5/2009 12:47:14 AM | Computer Name = NickF-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/5/2009 12:59:20 AM | Computer Name = NickF-PC | Source = Application Error | ID = 1000
Description = Faulting application OfficeLiveSignIn.exe, version 2.0.2313.0, time
stamp 0x491c0a79, faulting module OfficeLiveSignIn.exe, version 2.0.2313.0, time
stamp 0x491c0a79, exception code 0xc0000005, fault offset 0x00003ce7, process id
0x1430, application start time 0x01ca5dd4a4d5a0b8.

Error - 11/5/2009 2:34:08 AM | Computer Name = NickF-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/5/2009 2:34:08 AM | Computer Name = NickF-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/5/2009 2:08:08 PM | Computer Name = NickF-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/5/2009 11:22:08 PM | Computer Name = NickF-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0xffffb9ba, process id 0xb70, application start time
0x01ca5e42de6b733b.

Error - 11/6/2009 1:53:41 PM | Computer Name = NickF-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/6/2009 2:23:28 PM | Computer Name = NickF-PC | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 5/15/2010 8:24:17 PM | Computer Name = NickF-PC | Source = DCOM | ID = 10010
Description =

Error - 5/15/2010 8:34:26 PM | Computer Name = NickF-PC | Source = DCOM | ID = 10010
Description =

Error - 5/15/2010 8:35:37 PM | Computer Name = NickF-PC | Source = DCOM | ID = 10010
Description =

Error - 5/15/2010 8:36:13 PM | Computer Name = NickF-PC | Source = DCOM | ID = 10010
Description =

Error - 5/15/2010 8:40:23 PM | Computer Name = NickF-PC | Source = DCOM | ID = 10010
Description =

Error - 5/15/2010 8:40:43 PM | Computer Name = NickF-PC | Source = DCOM | ID = 10010
Description =

Error - 5/15/2010 8:50:38 PM | Computer Name = NickF-PC | Source = Service Control Manager | ID = 7016
Description =

Error - 5/15/2010 8:53:38 PM | Computer Name = NickF-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/15/2010 8:53:38 PM | Computer Name = NickF-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 5/15/2010 8:53:38 PM | Computer Name = NickF-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

descriptionFake Anti Virus EmptyRe: Fake Anti Virus

more_horiz
Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKCU..\Run: [close delete] C:\ProgramData\Burn Deaf Deaf.qfc File not found
    O4 - HKCU..\Run: [tgiuxtca] C:\Users\Nick F\AppData\Local\kkdwqrlei\lmdjtdatssd.exe ()
    O4 - HKCU..\Run: [way math bike enc] C:\ProgramData\funk jugs option.ubu File not found
    [2010/05/15 00:01:54 | 000,000,000 | ---D | C] -- C:\Users\Nick F\AppData\Local\kkdwqrlei



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionFake Anti Virus EmptyRe: Fake Anti Virus

more_horiz
here it is


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\close delete deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tgiuxtca deleted successfully.
C:\Users\Nick F\AppData\Local\kkdwqrlei\lmdjtdatssd.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\way math bike enc deleted successfully.
C:\Users\Nick F\AppData\Local\kkdwqrlei folder moved successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05152010_184230

descriptionFake Anti Virus EmptyRe: Fake Anti Virus

more_horiz
Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 2 (Fix + Hosts)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

descriptionFake Anti Virus EmptyRe: Fake Anti Virus

more_horiz
here



--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft®️ Windows Vista™️ Home Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Athlon Dual-Core QL-60 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Nick F ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:139 Go (Free:61 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Sat 05/15/2010|18:47 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\ProgramData\cast dale way math\Readme long.dat
Deleted! - C:\ProgramData\funk jugs option.ubuls
Deleted! - C:\ProgramData\Burn Deaf Deaf.084mbj
Deleted! - C:\ProgramData\Burn Deaf Deaf.qfcwvm
Deleted! - C:\ProgramData\Burn Deaf Deaf.vgxo3w
Deleted! - C:\ProgramData\Burn Deaf Deaf.8znf159
Deleted! - C:\ProgramData\Burn Deaf Deaf.nvtncel
Deleted! - C:\ProgramData\cast dale way math
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Deleted! - C:\PROGRA~2\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in Local

[05/17/2009|10:43] C:\Users\NICKF~1\AppData\Local\ Adobe
[09/17/2009|05:47] C:\Users\NICKF~1\AppData\Local\ AIM Toolbar
[05/28/2009|05:57] C:\Users\NICKF~1\AppData\Local\ AOL
[05/28/2009|05:57] C:\Users\NICKF~1\AppData\Local\ AOL OCP
[09/22/2009|10:40] C:\Users\NICKF~1\AppData\Local\ Apple
[04/04/2010|09:03] C:\Users\NICKF~1\AppData\Local\ Apple Computer
[03/05/2009|05:56] C:\Users\NICKF~1\AppData\Local\ Application Data
[12/25/2009|07:22] C:\Users\NICKF~1\AppData\Local\ ArcSoft
[03/05/2009|06:07] C:\Users\NICKF~1\AppData\Local\0 AtStart.txt
[05/01/2010|10:01] C:\Users\NICKF~1\AppData\Local\680 d3d9caps.dat
[04/18/2010|12:58] C:\Users\NICKF~1\AppData\Local\62,464 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[12/26/2009|08:33] C:\Users\NICKF~1\AppData\Local\6 desktop.ini
[03/05/2009|06:07] C:\Users\NICKF~1\AppData\Local\0 DSwitch.txt
[03/03/2010|06:52] C:\Users\NICKF~1\AppData\Local\81,208 GDIPFONTCACHEV1.DAT
[04/02/2010|07:53] C:\Users\NICKF~1\AppData\Local\ Greyfirst
[08/25/2009|08:35] C:\Users\NICKF~1\AppData\Local\ Hewlett-Packard
[03/05/2009|05:56] C:\Users\NICKF~1\AppData\Local\ History
[05/15/2010|05:49] C:\Users\NICKF~1\AppData\Local\3,791,406 IconCache.db
[02/08/2010|03:29] C:\Users\NICKF~1\AppData\Local\ MagicSoftware
[03/21/2010|08:59] C:\Users\NICKF~1\AppData\Local\ Microsoft
[04/13/2010|10:10] C:\Users\NICKF~1\AppData\Local\ Microsoft Games
[01/06/2010|12:13] C:\Users\NICKF~1\AppData\Local\ Mozilla
[03/05/2009|06:07] C:\Users\NICKF~1\AppData\Local\0 QSwitch.txt
[03/07/2010|08:29] C:\Users\NICKF~1\AppData\Local\ QuickPlay
[05/15/2010|06:47] C:\Users\NICKF~1\AppData\Local\ Temp
[03/05/2009|05:56] C:\Users\NICKF~1\AppData\Local\ Temporary Internet Files
[03/05/2009|05:54] C:\Users\NICKF~1\AppData\Local\ VirtualStore
[01/05/2010|07:05] C:\Users\NICKF~1\AppData\Local\ Yahoo

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[05/12/2010 07:40 AM][--a------] C:\Windows\tasks\HPCeeScheduleForNick F.job
[05/15/2010 05:52 PM][--ah-----] C:\Windows\tasks\SA.DAT
[05/15/2010 05:50 PM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[06/24/2008|11:34] C:\ProgramData\ {174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[04/04/2010|09:29] C:\ProgramData\ {429CAD59-35B1-4DBC-BB6D-1DB246563521}
[03/05/2010|06:52] C:\ProgramData\ {755AC846-7372-4AC8-8550-C52491DAA8BD}
[12/27/2009|11:21] C:\ProgramData\ 5000 Series
[09/17/2009|03:10] C:\ProgramData\ acccore
[09/03/2009|07:18] C:\ProgramData\ Adobe
[09/17/2009|03:11] C:\ProgramData\ AIM Toolbar
[03/05/2009|05:59] C:\ProgramData\ AOL
[09/17/2009|03:11] C:\ProgramData\ AOL Downloads
[05/28/2009|05:59] C:\ProgramData\ AOL OCP
[09/22/2009|10:40] C:\ProgramData\ Apple
[03/05/2010|06:51] C:\ProgramData\ Apple Computer
[11/02/2006|06:02] C:\ProgramData\ Application Data
[12/25/2009|07:22] C:\ProgramData\ ArcSoft
[02/11/2009|11:48] C:\ProgramData\ Atheros
[12/15/2009|06:54] C:\ProgramData\ avg9
[08/10/2009|10:04] C:\ProgramData\ CyberLink
[11/02/2006|06:02] C:\ProgramData\ Desktop
[11/02/2006|06:02] C:\ProgramData\ Documents
[11/02/2006|06:02] C:\ProgramData\ Favorites
[04/25/2009|06:06] C:\ProgramData\ flag jugs second
[08/11/2009|08:34] C:\ProgramData\ Hewlett-Packard
[06/24/2008|11:36] C:\ProgramData\ HP
[01/16/2010|11:28] C:\ProgramData\736 hpzinstall.log
[03/26/2010|01:15] C:\ProgramData\ Lx_cats
[03/26/2010|01:14] C:\ProgramData\158 lxdm
[08/21/2009|12:36] C:\ProgramData\ Malwarebytes
[01/21/2010|11:46] C:\ProgramData\ Messenger Plus!
[06/29/2009|08:00] C:\ProgramData\ Microsoft
[05/15/2010|03:03] C:\ProgramData\ Microsoft Help
[06/24/2008|11:20] C:\ProgramData\ muvee Technologies
[04/03/2010|09:47] C:\ProgramData\ NVIDIA
[05/15/2010|05:52] C:\ProgramData\31,966 nvModes.001
[05/15/2010|05:52] C:\ProgramData\31,966 nvModes.dat
[01/23/2010|11:15] C:\ProgramData\ Office Genuine Advantage
[07/30/2009|07:36] C:\ProgramData\ Philips
[08/07/2009|11:02] C:\ProgramData\ POPWWPROFILES
[03/25/2009|07:12] C:\ProgramData\ Pure Networks
[11/02/2006|06:02] C:\ProgramData\ Start Menu
[03/03/2010|04:18] C:\ProgramData\ Sun
[07/18/2009|08:19] C:\ProgramData\ Symantec
[04/14/2010|06:43] C:\ProgramData\ TEMP
[11/02/2006|06:02] C:\ProgramData\ Templates
[04/13/2010|10:11] C:\ProgramData\ WildTangent
[10/26/2009|02:10] C:\ProgramData\ WLInstaller
[07/30/2009|07:09] C:\ProgramData\ Xerox
[12/17/2009|03:03] C:\ProgramData\ Yahoo!
[04/14/2010|02:32] C:\ProgramData\ Yahoo! Companion

--------------------\\ Listing Folders in C:\Program Files

[12/27/2009|11:20] C:\Program Files\ Abbyy FineReader 6.0 Sprint
[06/24/2008|11:34] C:\Program Files\ Activation Assistant for the 2007 Microsoft Office suites
[09/03/2009|07:18] C:\Program Files\ Adobe
[09/17/2009|03:11] C:\Program Files\ AIM Toolbar
[09/17/2009|03:16] C:\Program Files\ AIM6
[09/17/2009|03:12] C:\Program Files\ AIMTunes
[07/19/2009|09:58] C:\Program Files\ Alwil Software
[04/10/2009|11:27] C:\Program Files\ Amazon
[09/22/2009|10:40] C:\Program Files\ Apple Software Update
[12/25/2009|07:21] C:\Program Files\ ArcSoft
[04/23/2009|08:35] C:\Program Files\ Ask Search Assistant
[02/11/2009|11:49] C:\Program Files\ Atheros
[03/13/2009|01:36] C:\Program Files\ Audacity
[12/15/2009|06:54] C:\Program Files\ AVG
[06/24/2008|11:52] C:\Program Files\ AWS
[04/04/2010|09:17] C:\Program Files\ Bonjour
[03/07/2009|12:52] C:\Program Files\ CCleaner
[04/02/2010|07:52] C:\Program Files\ Celtx
[02/11/2009|11:48] C:\Program Files\ Cisco
[12/25/2009|07:16] C:\Program Files\ Common Files
[02/11/2009|11:56] C:\Program Files\ CONEXANT
[06/24/2008|11:50] C:\Program Files\ CyberLink
[05/09/2009|01:17] C:\Program Files\ Flex Designs, Ltd
[06/30/2009|09:49] C:\Program Files\ Hewlett-Packard
[06/24/2008|10:05] C:\Program Files\ Hewlett-Packard Company
[12/25/2009|07:23] C:\Program Files\ HP
[06/24/2008|10:44] C:\Program Files\ HP Games
[03/26/2010|07:06] C:\Program Files\ InstallShield Installation Information
[11/23/2009|12:58] C:\Program Files\ Internet Explorer
[04/04/2010|09:28] C:\Program Files\ iPod
[04/04/2010|09:29] C:\Program Files\ iTunes
[12/04/2009|04:31] C:\Program Files\ Java
[03/03/2010|04:41] C:\Program Files\ JRE
[10/22/2009|10:26] C:\Program Files\ K-Lite Codec Pack
[12/27/2009|11:22] C:\Program Files\ Lexmark 5000 Series
[02/25/2010|02:04] C:\Program Files\ Lucas Learning
[02/08/2010|03:28] C:\Program Files\ MagicDVDRipper
[01/25/2010|12:45] C:\Program Files\ Malwarebytes' Anti-Malware
[04/29/2010|09:40] C:\Program Files\ Messenger Plus! Live
[03/05/2009|04:11] C:\Program Files\ Microsoft
[11/02/2006|05:37] C:\Program Files\ Microsoft Games
[03/08/2009|08:06] C:\Program Files\ Microsoft Office
[01/20/2010|12:11] C:\Program Files\ Microsoft Silverlight
[03/05/2009|04:12] C:\Program Files\ Microsoft SQL Server Compact Edition
[03/05/2009|04:10] C:\Program Files\ Microsoft Sync Framework
[06/09/2009|11:26] C:\Program Files\ Microsoft Works
[06/24/2008|11:32] C:\Program Files\ Microsoft.NET
[03/11/2010|10:32] C:\Program Files\ Movie Maker
[04/02/2010|12:10] C:\Program Files\ Mozilla Firefox
[11/02/2006|05:37] C:\Program Files\ MSBuild
[10/09/2009|11:14] C:\Program Files\ MSN Toolbar
[10/09/2009|11:15] C:\Program Files\ MSN Toolbar Installer
[03/05/2009|07:51] C:\Program Files\ MSXML 4.0
[06/24/2008|11:20] C:\Program Files\ muvee Technologies
[02/11/2009|11:55] C:\Program Files\ NetWaiting
[03/05/2009|06:00] C:\Program Files\ Online Services
[03/03/2010|04:46] C:\Program Files\ OpenOffice.org 3
[07/30/2009|07:36] C:\Program Files\ Philips
[03/25/2009|07:13] C:\Program Files\ Pure Networks
[04/04/2010|09:23] C:\Program Files\ QuickTime
[11/02/2006|05:37] C:\Program Files\ Reference Assemblies
[04/04/2010|09:02] C:\Program Files\ Safari
[02/11/2009|11:53] C:\Program Files\ Synaptics
[11/14/2009|02:06] C:\Program Files\ Thomson
[08/03/2009|12:05] C:\Program Files\ Ubisoft
[11/02/2006|06:01] C:\Program Files\ Uninstall Information
[04/03/2010|05:36] C:\Program Files\ uTorrent
[03/05/2009|05:59] C:\Program Files\ Viewpoint
[03/06/2009|06:27] C:\Program Files\ Winamp
[11/23/2009|12:58] C:\Program Files\ Windows Calendar
[11/23/2009|12:58] C:\Program Files\ Windows Collaboration
[11/23/2009|12:58] C:\Program Files\ Windows Defender
[11/23/2009|12:58] C:\Program Files\ Windows Journal
[09/01/2009|04:25] C:\Program Files\ Windows Live
[08/11/2009|10:37] C:\Program Files\ Windows Live Safety Center
[03/05/2009|04:04] C:\Program Files\ Windows Live SkyDrive
[05/13/2010|10:51] C:\Program Files\ Windows Mail
[11/23/2009|12:58] C:\Program Files\ Windows Media Player
[11/02/2006|05:37] C:\Program Files\ Windows NT
[11/23/2009|12:58] C:\Program Files\ Windows Photo Gallery
[11/23/2009|08:08] C:\Program Files\ Windows Portable Devices
[11/23/2009|12:58] C:\Program Files\ Windows Sidebar
[05/09/2009|05:43] C:\Program Files\ WinRAR
[10/22/2009|10:14] C:\Program Files\ XP Codec Pack
[12/17/2009|03:03] C:\Program Files\ Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[09/03/2009|07:18] C:\Program Files\Common Files\ Adobe
[03/05/2009|05:58] C:\Program Files\Common Files\ AOL
[04/04/2010|09:28] C:\Program Files\Common Files\ Apple
[12/25/2009|07:17] C:\Program Files\Common Files\ ArcSoft
[06/24/2008|11:32] C:\Program Files\Common Files\ DESIGNER
[06/24/2008|11:36] C:\Program Files\Common Files\ HP
[06/24/2008|11:55] C:\Program Files\Common Files\ InstallShield
[03/03/2010|04:18] C:\Program Files\Common Files\ Java
[12/15/2009|06:53] C:\Program Files\Common Files\ microsoft shared
[06/24/2008|11:20] C:\Program Files\Common Files\ muvee Technologies
[11/09/2009|12:59] C:\Program Files\Common Files\ PowerPoint Animation Player
[03/25/2009|07:13] C:\Program Files\Common Files\ Pure Networks Shared
[03/06/2009|06:26] C:\Program Files\Common Files\ PX Storage Engine
[11/02/2006|04:18] C:\Program Files\Common Files\ Services
[09/17/2009|03:11] C:\Program Files\Common Files\ Software Update Utility
[11/02/2006|04:18] C:\Program Files\Common Files\ SpeechEngines
[07/18/2009|08:21] C:\Program Files\Common Files\ Symantec Shared
[11/23/2009|12:58] C:\Program Files\Common Files\ System
[03/05/2009|03:50] C:\Program Files\Common Files\ Windows Live

--------------------\\ Process

( 103 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 18:48:20
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:167][D:9]-> C:\Users\NICKF~1\AppData\Local\Temp
[F:22][D:1]-> C:\Users\NICKF~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:637][D:7]-> C:\Users\NICKF~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:33][D:2]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - Sat 05/15/2010|18:50 - Option : [2]

--------------------\\ Scan completed at 18:50:15
[ UAC => 1 ]

descriptionFake Anti Virus EmptyRe: Fake Anti Virus

more_horiz
Hello.
Lets do some tidying up here and remove some stuff.

I see that you are running µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

You are also running two antivirus', I see from the uninstall list you have Avast installed, along with AVG. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove AVG to avoid conflict and other future problems.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    µTorrent
    Adobe Reader 8.1.3
    Ask.com Search Assistant 1.0.2
    AVG Free 9.0
    Java(TM) 6 Update 5
    Java(TM) 6 Update 16
    Java(TM) 6 Update 18
    Viewpoint Media Player

  • Click on the Uninstall/Change button at the top.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionFake Anti Virus EmptyRe: Fake Anti Virus

more_horiz
I already have downloaded MalwareBytes-Anti Malware prior to this virus attack. I understand uTorrent, but why AVG? It's been helpful before.

descriptionFake Anti Virus EmptyRe: Fake Anti Virus

more_horiz
Hello.
Re-read my post, look at my instructions carefully.

You are also running two antivirus', I see from the uninstall list you have Avast installed, along with AVG. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove AVG to avoid conflict and other future problems.


AVG is known for lots of false positives, so I would rather AVG is removed and keep avast rather than the other way around.

descriptionFake Anti Virus EmptyRe: Fake Anti Virus

more_horiz
Alright, thank you very much for your time to helping me fix this problem.

descriptionFake Anti Virus EmptyRe: Fake Anti Virus

more_horiz
Who installed Messenger Plus on this machine? regardless of who, but they caused this infection. Messenger Plus has "sponsors" which causes this infection, there is an option not to install the sponsors, but whoever installed Messenger Plus didn't read the screen given.

Standing by for MBAM log.

descriptionFake Anti Virus EmptyRe: Fake Anti Virus

more_horiz
I did. I installed it. Is there anyway to remove the sponsors without removing the program?

descriptionFake Anti Virus EmptyRe: Fake Anti Virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum