antivir removal - did updates and OTL scan, logs listed

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

antivir removal - did updates and OTL scan, logs listed8th August 2010, 12:58 am

logs continued

Hi GeekPolice. I now have read your annoucement, sorry I did not see this at first. The first time I tried to remove the antivir virus I used the Malwarebytes scan and thought I was good but the antivir prog. came back. I have downloaded and ran the combofix and the OTL scan. Here are the log copies. I hope I am close to resolution. Thanks for your help.

OTL Extras logfile created on: 8/7/2010 8:25:08 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 537.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.07 Gb Total Space | 54.80 Gb Free Space | 75.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KEOGH
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C0856B6-6260-4952-8FF5-C79C3FD3AA44}" = e-Sword
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"amg-skipbocastawaycapertm" = SKIP-BO Castaway Caper(TM)
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ie8" = Windows Internet Explorer 8
"Lexmark Supplies Monitor" = Lexmark Supplies Monitor
"Lexmark Z25-Z35" = Lexmark Z25-Z35
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows XP Service Pack" = Windows XP Service Pack 3
"Works2002Setup" = Microsoft Works 2002 Setup Launcher

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2010 6:26:07 PM | Computer Name = KEOGH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/23/2010 7:55:47 PM | Computer Name = KEOGH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/24/2010 5:48:42 PM | Computer Name = KEOGH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/4/2010 5:38:15 PM | Computer Name = KEOGH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/4/2010 5:38:16 PM | Computer Name = KEOGH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/8/2010 5:54:19 PM | Computer Name = KEOGH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/8/2010 9:13:57 PM | Computer Name = KEOGH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/25/2010 8:09:36 AM | Computer Name = KEOGH | Source = Userenv | ID = 1068
Description = Windows ended GPO processing because the computer shut down or the
user logged off.

Error - 3/5/2010 11:05:14 AM | Computer Name = KEOGH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/9/2010 10:05:53 PM | Computer Name = KEOGH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/6/2010 1:27:54 AM | Computer Name = KEOGH | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 8/6/2010 1:27:54 AM | Computer Name = KEOGH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tosrfcom

Error - 8/6/2010 1:29:31 AM | Computer Name = KEOGH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 8/6/2010 1:34:01 AM | Computer Name = KEOGH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/6/2010 1:35:35 AM | Computer Name = KEOGH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/6/2010 1:36:35 AM | Computer Name = KEOGH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips intelppm Tosrfcom

Error - 8/6/2010 1:47:14 AM | Computer Name = KEOGH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/6/2010 1:48:26 AM | Computer Name = KEOGH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/6/2010 2:00:19 AM | Computer Name = KEOGH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/7/2010 7:28:38 PM | Computer Name = KEOGH | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

< End of report >

Re: antivir removal - did updates and OTL scan, logs listed8th August 2010, 2:05 am

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:

Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

Reply to this topic with the word BUMP, or
see this topic.
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Note: the following tool is to only be used under the guidance of a malware helper. In the event you already have the tool, please delete the old copy and download a new copy.

Please download ComboFix antivir removal - did updates and OTL scan, logs listed Combofix

antivir removal - did updates and OTL scan, logs listed Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\combo-fix.exe" /killall
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*NOTE*: If you already have the Recovery Console installed, ComboFix will skip this part and will continue scanning for malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

antivir removal - did updates and OTL scan, logs listed Query_RC

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
antivir removal - did updates and OTL scan, logs listed RC_successful

antivir removal - did updates and OTL scan, logs listed RC_successful

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

bumb - combofix run and log for antivir removal10th August 2010, 1:59 pm

Thanks again for helping. I am inspired to know people like you are fighting against the evil that just wants to cause problems for others and you are willing to fix it. Yeah good guys!!

I ran combofix per your instructions and the log follows. I had done this before on my own and did malwarebytes and hijackthis to clean up my laptop but I now know this may not have worked right. I have not had any more problems since Sun but I did have the antivir comeback after a couple days the first time I did this. So I hope with your help now it is done right and all checks out ok.

ComboFix 10-08-09.03 - Administrator 08/10/2010 9:22.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.586 [GMT -4:00]
Running from: c:\documents and settings\Administrator\desktop\combo-fix.exe
Command switches used :: /killall
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))
.

2010-08-10 02:22 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-08-10 02:18 . 2010-08-10 02:18 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-10 02:16 . 2010-08-10 02:17 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-08-10 02:16 . 2010-08-10 02:16 -------- d-----w- c:\windows\system32\LogFiles
2010-08-09 06:43 . 2010-08-10 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\x3watch
2010-08-09 06:43 . 2010-08-09 06:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\x3watch
2010-08-09 06:41 . 2010-08-09 06:50 -------- d-----w- c:\program files\X3watch
2010-08-07 22:27 . 2010-08-07 22:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert
2010-08-07 22:14 . 2010-01-27 17:51 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-07 22:14 . 2010-01-22 12:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-07 22:14 . 2010-01-22 12:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-08-07 22:14 . 2010-01-22 12:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-08-07 22:14 . 2009-10-28 04:36 1152444 ----a-w- c:\windows\UDB.zip
2010-08-07 22:14 . 2008-11-26 15:08 131 ----a-w- c:\windows\IDB.zip
2010-08-07 22:05 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-07 22:05 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-07 22:05 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-07 22:04 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-07 22:04 . 2010-08-07 22:30 -------- d-----w- c:\program files\Spyware Doctor
2010-08-07 22:04 . 2010-08-07 22:15 -------- d-----w- c:\program files\Common Files\PC Tools
2010-08-07 22:04 . 2010-08-07 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-07 22:04 . 2010-08-07 22:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-08-07 22:03 . 2010-08-10 13:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-06 06:31 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-06 06:31 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-06 05:29 . 2010-08-06 05:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-06 05:29 . 2010-08-06 06:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-06 05:29 . 2010-08-06 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-06 04:26 . 2010-08-06 11:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ipmtrmwma
2010-08-04 13:39 . 2010-08-04 13:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-04 13:35 . 2010-08-04 13:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skip-Bo
2010-08-04 13:35 . 2010-08-04 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-08-04 13:35 . 2010-08-04 13:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-04 13:34 . 2010-08-05 14:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-08-04 13:34 . 2010-08-04 13:34 -------- d-----w- c:\program files\Google
2010-08-04 13:30 . 2010-08-04 13:30 -------- d-----w- c:\program files\RealArcade
2010-07-21 13:09 . 2010-07-21 13:09 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-21 13:09 . 2010-07-21 13:09 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-21 13:09 . 2010-07-21 13:09 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 13:09 . 2010-07-21 13:09 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-15 14:58 . 2010-07-15 14:58 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-15 14:58 . 2010-07-15 14:58 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-15 14:57 . 2010-07-15 14:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 14:54 . 2010-07-15 14:54 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-15 14:54 . 2010-07-15 14:54 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-15 14:54 . 2010-07-15 14:54 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-15 14:54 . 2010-07-15 14:54 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-14 16:56 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 20:03 . 2010-03-10 17:08 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-07 01:26 . 2009-12-30 00:15 6064 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-06 13:15 . 2009-07-30 17:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSN6
2010-08-04 13:35 . 2009-07-29 21:21 60024 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 14:57 . 2009-12-16 04:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 14:56 . 2009-12-16 04:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-14 14:31 . 2009-07-16 16:15 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-02 13:42 . 2009-12-16 04:06 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-21 22:07 . 2010-05-21 22:07 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62396d6e-n\msvcp71.dll
2010-05-21 22:07 . 2010-05-21 22:07 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62396d6e-n\jmc.dll
2010-05-21 22:07 . 2010-05-21 22:07 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62396d6e-n\msvcr71.dll
2010-05-21 22:07 . 2010-05-21 22:07 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6cdf35c1-n\decora-sse.dll
2010-05-21 22:07 . 2010-05-21 22:07 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6cdf35c1-n\decora-d3d.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-07_23.37.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-10 13:29 . 2010-08-10 13:29 16384 c:\windows\temp\Perflib_Perfdata_124.dat
+ 2006-09-28 22:56 . 2006-09-28 22:56 55808 c:\windows\system32\WudfSvc.dll
+ 2006-09-29 00:13 . 2006-09-29 00:13 95344 c:\windows\system32\WUDFCoinstaller.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 38400 c:\windows\system32\wpdshextres.dll
+ 2006-10-19 00:00 . 2006-10-19 00:00 17408 c:\windows\system32\wpdshextautoplay.exe
+ 2006-10-19 01:47 . 2006-10-19 01:47 63488 c:\windows\system32\wpdmtpus.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 35840 c:\windows\system32\wpdconns.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 99840 c:\windows\system32\wmpshell.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 37376 c:\windows\system32\wmdmps.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 33792 c:\windows\system32\wmdmlog.dll
+ 2010-08-10 02:18 . 2007-07-27 14:41 16760 c:\windows\system32\spmsg.dll
+ 2004-08-04 07:56 . 2006-10-19 01:47 27136 c:\windows\system32\mspmsnsv.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 11264 c:\windows\system32\LAPRXY.dll
+ 2006-09-28 23:00 . 2006-09-28 23:00 82944 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-28 22:55 . 2006-09-28 22:55 77568 c:\windows\system32\drivers\WudfPf.sys
+ 2006-10-19 00:00 . 2006-10-19 00:00 38528 c:\windows\system32\drivers\wpdusb.sys
+ 2009-12-16 17:51 . 2006-10-19 01:47 99840 c:\windows\system32\dllcache\wmpshell.dll
+ 2009-12-16 17:51 . 2006-10-19 01:46 64000 c:\windows\system32\dllcache\wmplayer.exe
+ 2009-12-16 17:51 . 2006-10-19 01:47 96256 c:\windows\system32\dllcache\wmpband.dll
+ 2009-12-16 17:50 . 2006-10-19 01:47 37376 c:\windows\system32\dllcache\wmdmps.dll
+ 2009-12-16 17:50 . 2006-10-19 01:47 33792 c:\windows\system32\dllcache\wmdmlog.dll
+ 2009-12-16 17:49 . 2006-10-19 01:47 27136 c:\windows\system32\dllcache\mspmsnsv.dll
+ 2009-12-16 17:48 . 2006-10-19 01:47 11264 c:\windows\system32\dllcache\LAPRXY.dll
+ 2004-08-04 07:56 . 2006-10-19 01:47 4096 c:\windows\system32\wmvdmoe2.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\wmvdmod.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 4096 c:\windows\system32\WMVADVE.DLL
+ 2006-10-19 01:47 . 2006-10-19 01:47 4096 c:\windows\system32\WMVADVD.dll
+ 2004-08-04 07:56 . 2006-10-19 01:47 4096 c:\windows\system32\wmsdmoe2.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\wmsdmod.dll
+ 2006-10-19 01:58 . 2006-10-19 01:58 8704 c:\windows\system32\wdfmgr.exe
+ 2006-10-19 01:47 . 2006-10-19 01:47 4096 c:\windows\system32\wdfapi.dll
+ 2006-10-19 01:58 . 2006-10-19 01:58 8704 c:\windows\system32\uwdf.exe
+ 2003-03-31 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\MPG4DMOD.dll
+ 2004-08-04 07:56 . 2006-10-19 01:47 4096 c:\windows\system32\MP4SDMOD.dll
+ 2004-08-04 07:56 . 2006-10-19 01:47 4096 c:\windows\system32\MP43DMOD.dll
+ 2009-12-16 17:51 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2009-12-16 17:51 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\wmvdmod.dll
+ 2009-12-16 17:51 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2009-12-16 17:51 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\wmsdmod.dll
+ 2009-12-16 17:48 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\MPG4DMOD.dll
+ 2009-12-16 17:48 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\MP4SDMOD.dll
+ 2009-12-16 17:48 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\MP43DMOD.dll
+ 2009-12-16 17:45 . 2006-10-19 01:47 7168 c:\windows\system32\dllcache\asferror.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 7168 c:\windows\system32\asferror.dll
+ 2006-09-28 22:56 . 2006-09-28 22:56 316416 c:\windows\system32\WUDFx.dll
+ 2006-09-28 22:56 . 2006-09-28 22:56 165376 c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 22:56 . 2006-09-28 22:56 146432 c:\windows\system32\WudfHost.exe
+ 2006-10-19 01:47 . 2006-10-19 01:47 356352 c:\windows\system32\wpdsp.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 133632 c:\windows\system32\WPDShServiceObj.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 154624 c:\windows\system32\wpdmtp.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 629760 c:\windows\system32\wpd_ci.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 656896 c:\windows\system32\WMVXENCD.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 767488 c:\windows\system32\WMVSENCD.dll
+ 2004-08-04 07:56 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 204288 c:\windows\system32\wmpsrcwp.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 130048 c:\windows\system32\wmpps.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 613376 c:\windows\system32\wmpmde.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-04 07:56 . 2009-07-14 03:43 286208 c:\windows\system32\wmpdxm.dll
+ 2004-08-04 07:56 . 2006-10-19 01:47 242688 c:\windows\system32\wmpasf.dll
+ 2003-03-31 12:00 . 2008-06-18 09:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2004-08-04 07:56 . 2006-10-19 01:47 157184 c:\windows\system32\wmidx.dll
+ 2004-08-04 07:56 . 2006-10-19 01:47 227328 c:\windows\system32\wmerror.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 535040 c:\windows\system32\wmdrmsdk.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 348672 c:\windows\system32\wmdrmnet.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 429056 c:\windows\system32\wmdrmdev.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 222208 c:\windows\system32\WMASF.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 757248 c:\windows\system32\WMADMOD.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 211456 c:\windows\system32\qasf.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 199168 c:\windows\system32\PortableDeviceWMDRM.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 132096 c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 166912 c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 101888 c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 284160 c:\windows\system32\PortableDeviceApi.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 321536 c:\windows\system32\mswmdm.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 414208 c:\windows\system32\msscp.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 175616 c:\windows\system32\mspmsp.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 179712 c:\windows\system32\msnetobj.dll
+ 2006-10-02 19:28 . 2006-10-02 19:28 312128 c:\windows\system32\msdelta.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 259072 c:\windows\system32\MPG4DECD.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 259072 c:\windows\system32\MP43DECD.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 212992 c:\windows\system32\MFPLAT.dll
+ 2003-03-31 12:00 . 2008-06-18 05:09 100864 c:\windows\system32\logagent.exe
+ 2003-03-31 12:00 . 2006-10-19 01:47 991744 c:\windows\system32\drmv2clt.dll
+ 2006-10-19 00:00 . 2006-10-19 00:00 249856 c:\windows\system32\drmupgds.exe
+ 2006-10-19 01:47 . 2006-10-19 01:47 671232 c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
+ 2009-04-03 17:15 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2009-07-13 07:18 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-12-16 17:51 . 2006-10-19 01:47 242688 c:\windows\system32\dllcache\wmpasf.dll
+ 2008-06-10 23:18 . 2008-06-18 09:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2009-12-16 17:50 . 2006-10-19 01:47 157184 c:\windows\system32\dllcache\wmidx.dll
+ 2009-12-16 17:50 . 2006-10-19 01:47 227328 c:\windows\system32\dllcache\wmerror.dll
+ 2009-12-16 17:50 . 2006-10-19 01:47 222208 c:\windows\system32\dllcache\WMASF.dll
+ 2009-12-16 17:50 . 2006-10-19 01:47 757248 c:\windows\system32\dllcache\WMADMOD.dll
+ 2009-12-16 17:50 . 2006-11-01 22:31 315904 c:\windows\system32\dllcache\unregmp2.exe
+ 2009-12-16 17:49 . 2006-10-19 01:47 321536 c:\windows\system32\dllcache\mswmdm.dll
+ 2009-12-16 17:49 . 2006-10-19 01:47 414208 c:\windows\system32\dllcache\msscp.dll
+ 2009-12-16 17:49 . 2006-10-19 01:47 175616 c:\windows\system32\dllcache\mspmsp.dll
+ 2009-12-16 17:49 . 2006-10-19 01:47 179712 c:\windows\system32\dllcache\msnetobj.dll
+ 2009-12-16 17:48 . 2006-10-19 01:47 243712 c:\windows\system32\dllcache\mpvis.dll
+ 2008-06-10 06:31 . 2008-06-18 05:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2009-12-16 17:46 . 2006-10-19 01:47 991744 c:\windows\system32\dllcache\drmv2clt.dll
+ 2009-12-16 17:45 . 2006-10-19 01:47 229376 c:\windows\system32\dllcache\cewmdm.dll
+ 2009-12-16 17:45 . 2006-10-19 01:47 542720 c:\windows\system32\dllcache\blackbox.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 229376 c:\windows\system32\cewmdm.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 542720 c:\windows\system32\blackbox.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 276992 c:\windows\system32\audiodev.dll
+ 2003-03-31 12:00 . 2006-11-01 22:31 315904 c:\windows\inf\unregmp2.exe
+ 2006-10-19 01:47 . 2006-10-19 01:47 2603008 c:\windows\system32\WpdShext.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 1382912 c:\windows\system32\WMVSDECD.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 1574912 c:\windows\system32\WMVENCOD.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 1543680 c:\windows\system32\WMVDECOD.dll
+ 2003-03-31 12:00 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll
+ 2004-08-04 07:56 . 2006-10-19 01:47 1329152 c:\windows\system32\WMSPDMOE.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 8231936 c:\windows\system32\wmploc.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 1661440 c:\windows\system32\wmpencen.dll
+ 2003-03-31 12:00 . 2006-10-19 01:47 1117696 c:\windows\system32\WMADMOE.dll
+ 2008-11-07 23:32 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-12-16 17:51 . 2006-10-19 01:47 1329152 c:\windows\system32\dllcache\WMSPDMOE.dll
+ 2009-12-16 17:51 . 2006-10-19 01:47 8231936 c:\windows\system32\dllcache\wmploc.dll
+ 2009-12-16 17:50 . 2006-10-19 01:47 1117696 c:\windows\system32\dllcache\WMADMOE.dll
+ 2009-12-16 17:50 . 2006-11-01 22:31 1669120 c:\windows\system32\dllcache\setup_wm.exe
+ 2004-08-04 07:56 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll
+ 2009-07-13 07:18 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-06 24576]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"LXSUPMON"="c:\windows\System32\LXSUPMON.EXE" [2002-01-28 885760]
"Broadcom Wireless Manager UI"="c:\windows\System32\WLTRAY.exe" [2007-10-09 2183168]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"x3watch"="c:\program files\X3watch\x3watch.exe" [2010-05-22 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 14:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/7/2010 6:05 PM 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/16/2009 12:06 AM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/16/2009 12:06 AM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 10:57 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 10:57 AM 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [8/7/2010 6:15 PM 112592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2010 9:34 AM 136176]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/7/2010 6:04 PM 366840]
.
Contents of the 'Scheduled Tasks' folder

2010-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 13:34]

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 13:34]

2010-08-10 c:\windows\Tasks\User_Feed_Synchronization-{7974157D-3DE9-488E-A23C-48963B8105B1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-507921405-1343024091-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,5d,70,20,50,f0,80,48,aa,a8,ca,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,5d,70,20,50,f0,80,48,aa,a8,ca,\

[HKEY_USERS\S-1-5-21-507921405-1343024091-1801674531-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(868)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3904)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-10 09:39:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-10 13:39
ComboFix2.txt 2010-08-07 23:38

Pre-Run: 58,472,931,328 bytes free
Post-Run: 58,531,467,264 bytes free

- - End Of File - - 52BAC5A56EB78FFD7759791108CC75BE

Re: antivir removal - did updates and OTL scan, logs listed10th August 2010, 7:14 pm

Please download MySystem-Search from one of the following links:

Download mirror 1

Download mirror 2

Save the file to your Desktop.
Double-click on mss.exe
Allow it to run, and follow the prompts.
Once done, it will launch a log.
Post it in your next reply.

Note: the logs are long. Please use more than one post, if necessary.

MSS results follow up checking for Antivir problem13th August 2010, 1:42 am

I ran the downloaded MSS program and the log is incuded here. So far I have had no more problems. I will still follow up after this if any more should be done. Thanks again. DMarlinJ

MySystem-Search

MSS v1.7

Basic System Information

Username: Administrator - Date: 08/10/2010 - Time: 20:40:58

Microsoft Windows XP [Version 5.1.2600]
Processor type: x86 Family 6 Model 14 Stepping 8, GenuineIntel
Total processors: 2
Computer Name: KEOGH
Logon Server: \\KEOGH

CD Emulation Drivers running?

Peer-to-Peer applications?

Security Tools Check

Malwarebytes' Anti-Malware

File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=ComFile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile

Running processes

PROCESS PID PRIO PATH
smss.exe 720 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 780 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 808 High C:\WINDOWS\system32\winlogon.exe
services.exe 856 Normal C:\WINDOWS\system32\services.exe
lsass.exe 868 Normal C:\WINDOWS\system32\lsass.exe
Ati2evxx.exe 1040 Normal C:\WINDOWS\System32\Ati2evxx.exe
svchost.exe 1056 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1176 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1216 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1284 Normal C:\WINDOWS\System32\svchost.exe
avgchsvx.exe 1332 Normal C:\Program Files\AVG\AVG9\avgchsvx.exe
avgrsx.exe 1340 Normal C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe 1412 Normal C:\WINDOWS\system32\svchost.exe
avgcsrvx.exe 1440 Normal C:\Program Files\AVG\AVG9\avgcsrvx.exe
LEXBCES.EXE 1800 Normal C:\WINDOWS\system32\LEXBCES.EXE
spoolsv.exe 1824 Normal C:\WINDOWS\system32\spoolsv.exe
LEXPPS.EXE 1888 Normal C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe 1896 Normal C:\WINDOWS\System32\svchost.exe
avgwdsvc.exe 1992 Normal C:\Program Files\AVG\AVG9\avgwdsvc.exe
BDTUpdateService.exe 2004 Normal C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
jqs.exe 292 Idle C:\Program Files\Java\jre6\bin\jqs.exe
avgnsx.exe 304 Normal C:\Program Files\AVG\AVG9\avgnsx.exe
svchost.exe 548 Normal C:\WINDOWS\System32\svchost.exe
WLTRYSVC.EXE 140 Normal C:\WINDOWS\System32\WLTRYSVC.EXE
bcmwltry.exe 1092 Normal C:\WINDOWS\System32\bcmwltry.exe
avgemc.exe 1292 Normal C:\Program Files\AVG\AVG9\avgemc.exe
avgcsrvx.exe 2072 Normal C:\Program Files\AVG\AVG9\avgcsrvx.exe
alg.exe 2216 Normal C:\WINDOWS\System32\alg.exe
Ati2evxx.exe 1780 Normal C:\WINDOWS\system32\Ati2evxx.exe
SynTPEnh.exe 3996 Normal C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
jusched.exe 4008 Normal C:\Program Files\Common Files\Java\Java Update\jusched.exe
WkUFind.exe 4044 Normal C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
WksSb.exe 408 Normal C:\Program Files\Microsoft Works\WksSb.exe
LXSUPMON.EXE 700 Normal C:\WINDOWS\System32\LXSUPMON.EXE
WLTRAY.exe 1236 Normal C:\WINDOWS\System32\WLTRAY.exe
avgtray.exe 572 Normal C:\PROGRA~1\AVG\AVG9\avgtray.exe
cli.exe 924 Normal C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
x3watch.exe 2476 Normal C:\Program Files\X3watch\x3watch.exe
wkcalrem.exe 2528 Normal C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
cli.exe 3948 Normal C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
explorer.exe 3904 Normal C:\WINDOWS\explorer.exe
ctfmon.exe 3592 Normal C:\WINDOWS\system32\ctfmon.exe
iexplore.exe 3060 Normal C:\Program Files\internet explorer\iexplore.exe
iexplore.exe 3616 Normal C:\Program Files\internet explorer\iexplore.exe
iexplore.exe 2584 Normal C:\Program Files\internet explorer\iexplore.exe
mss.exe 3072 Normal C:\Documents and Settings\Administrator\Desktop\mss.exe
cmd.exe 712 Normal C:\WINDOWS\system32\cmd.exe
pv.exe 744 Normal C:\Documents and Settings\Administrator\Desktop\pv.exe

User Profile check

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x1c09a4d2
ProfileLoadTimeHigh REG_DWORD 0x1cb3890
RefCount REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x1bc480a0
ProfileLoadTimeHigh REG_DWORD 0x1cb3890
RefCount REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-507921405-1343024091-1801674531-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator
Sid REG_BINARY 010500000000000515000000FD43461EDBEB0C50235F636BF4010000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xfddfc3dc
ProfileLoadTimeHigh REG_DWORD 0x1cb3890
RefCount REG_DWORD 0x1
RunLogonScriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

Current Scheduled Tasks

PATH: C:\Windows\Tasks

AppleSoftwareUpdate.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
desktop.ini
SA.DAT
User_Feed_Synchronization-{7974157D-3DE9-488E-A23C-48963B8105B1}.job

Windows Drivers and NT-Services

Volume in drive C has no label.
Volume Serial Number is D85B-6F72

Directory of C:\Windows\System32\Drivers

Volume in drive C has no label.
Volume Serial Number is D85B-6F72

Directory of C:\Windows\System32\Drivers

08/17/2001 09:46 AM 6,400 enum1394.sys
08/17/2001 09:59 AM 3,072 audstub.sys
08/17/2001 01:48 PM 12,160 mouhid.sys
08/17/2001 01:51 PM 3,328 pciide.sys
08/17/2001 01:53 PM 6,784 serscan.sys
02/07/2002 04:24 PM 25,420 tosrflan.sys
04/15/2002 10:11 PM 67,866 netwlan5.img
08/01/2002 09:53 PM 160,672 tosrfpcc.sys
03/31/2003 08:00 AM 7,680 mcd.sys
03/31/2003 08:00 AM 12,032 nikedrv.sys
03/31/2003 08:00 AM 18,688 cdaudio.sys
03/31/2003 08:00 AM 13,952 cbidf2k.sys
03/31/2003 08:00 AM 51,712 tosdvd.sys
03/31/2003 08:00 AM 17,792 ptilink.sys
03/31/2003 08:00 AM 12,032 rio8drv.sys
03/31/2003 08:00 AM 12,032 riodrv.sys
03/31/2003 08:00 AM 2,944 null.sys
03/31/2003 08:00 AM 5,888 rootmdm.sys
03/31/2003 08:00 AM 12,416 nwlnkflt.sys
03/31/2003 08:00 AM 32,512 nwlnkfwd.sys
03/31/2003 08:00 AM 646 gmreadme.txt
03/31/2003 08:00 AM 58,112 vdmindvd.sys
03/31/2003 08:00 AM 4,736 usbd.sys
03/31/2003 08:00 AM 11,776 cpqdap01.sys
03/31/2003 08:00 AM 32,896 ipfltdrv.sys
03/31/2003 08:00 AM 8,832 rasacd.sys
03/31/2003 08:00 AM 4,224 beep.sys
03/31/2003 08:00 AM 14,592 smclib.sys
03/31/2003 08:00 AM 6,784 parvdm.sys
03/31/2003 08:00 AM 3,456 oprghdlr.sys
03/31/2003 08:00 AM 55,936 nwlnkspx.sys
03/31/2003 08:00 AM 16,512 raspti.sys
03/31/2003 08:00 AM 11,648 acpiec.sys
03/31/2003 08:00 AM 3,440,660 gm.dls
03/31/2003 08:00 AM 5,888 dmload.sys
03/31/2003 08:00 AM 125,056 ftdisk.sys
03/31/2003 08:00 AM 34,432 rawwan.sys
03/31/2003 08:00 AM 4,352 wmilib.sys
03/31/2003 08:00 AM 10,496 dxapi.sys
03/31/2003 08:00 AM 4,224 rdpcdd.sys
03/31/2003 08:00 AM 21,376 tsbvcap.sys
03/31/2003 08:00 AM 352,256 atmuni.sys
03/31/2003 08:00 AM 4,224 mnmdd.sys
03/31/2003 08:00 AM 31,360 atmepvc.sys
03/31/2003 08:00 AM 63,232 nwlnknb.sys
03/31/2003 08:00 AM 262,528 cinemst2.sys
03/31/2003 08:00 AM 7,936 fs_rec.sys
03/31/2003 08:00 AM 12,160 fsvga.sys
03/31/2003 08:00 AM 12,032 ws2ifsl.sys
03/31/2003 08:00 AM 3,328 dxgthk.sys
04/07/2003 09:52 PM 21,120 tosbtsd2.sys
07/01/2003 12:52 PM 16,320 tostrans.sys
03/17/2004 11:04 AM 13,059 mdmxsdk.sys
05/17/2004 03:18 PM 8,573 tosrfec.sys
07/17/2004 02:36 PM 64,352 ativmc20.cod
07/18/2004 01:55 AM 129,045 cxthsfs2.cty
08/04/2004 01:29 AM 327,040 ati2mtaa.sys
08/04/2004 01:29 AM 57,856 atinbtxx.sys
08/04/2004 01:29 AM 13,824 atinmdxx.sys
08/04/2004 01:29 AM 14,336 atinpdxx.sys
08/04/2004 01:29 AM 52,224 atinraxx.sys
08/04/2004 01:29 AM 11,615 ati1mdxx.sys
08/04/2004 01:29 AM 12,047 ati1pdxx.sys
08/04/2004 01:29 AM 56,623 ati1btxx.sys
08/04/2004 01:29 AM 30,671 ati1raxx.sys
08/04/2004 01:29 AM 104,960 atinrvxx.sys
08/04/2004 01:29 AM 28,672 atinsnxx.sys
08/04/2004 01:29 AM 63,663 ati1rvxx.sys
08/04/2004 01:29 AM 13,824 atinttxx.sys
08/04/2004 01:29 AM 29,455 ati1xbxx.sys
08/04/2004 01:29 AM 36,463 ati1tuxx.sys
08/04/2004 01:29 AM 26,367 ati1snxx.sys
08/04/2004 01:29 AM 21,343 ati1ttxx.sys
08/04/2004 01:29 AM 73,216 atintuxx.sys
08/04/2004 01:29 AM 31,744 atinxbxx.sys
08/04/2004 01:29 AM 34,735 ati1xsxx.sys
08/04/2004 01:29 AM 63,488 atinxsxx.sys
08/04/2004 01:29 AM 452,736 mtxparhm.sys
08/04/2004 01:29 AM 11,807 wadv07nt.sys
08/04/2004 01:29 AM 11,295 wadv08nt.sys
08/04/2004 01:29 AM 11,935 wadv11nt.sys
08/04/2004 01:29 AM 11,871 wadv09nt.sys
08/04/2004 01:29 AM 22,271 watv06nt.sys
08/04/2004 01:29 AM 25,471 watv10nt.sys
08/04/2004 01:29 AM 166,912 s3gnbm.sys
08/04/2004 01:29 AM 1,897,408 nv4_mini.sys
08/04/2004 01:41 AM 1,309,184 mtlstrm.sys
08/04/2004 01:41 AM 126,686 mtlmnt5.sys
08/04/2004 01:41 AM 13,776 recagent.sys
08/04/2004 01:41 AM 180,360 ntmtlfax.sys
08/04/2004 01:41 AM 129,535 slnt7554.sys
08/04/2004 01:41 AM 404,990 slntamr.sys
08/04/2004 01:41 AM 95,424 slnthal.sys
08/04/2004 01:41 AM 13,240 slwdmsup.sys
08/04/2004 01:41 AM 220,032 hsfbs2s2.sys
08/04/2004 01:41 AM 685,056 hsfcxts2.sys
08/04/2004 01:41 AM 1,041,536 hsfdpsp2.sys
08/12/2004 05:45 PM 113,664 Hdaudio.sys
08/30/2004 04:27 PM 48,640 tosdbt.sys
01/06/2005 01:42 PM 18,612 tosrfnds.sys
04/06/2005 09:54 AM 50,048 tosrfsnd.sys
07/11/2005 06:58 PM 3,712 toshidpt.sys
07/22/2005 11:01 AM 717,952 HSF_CNXT.sys
07/22/2005 11:01 AM 201,600 HSFHWAZL.sys
07/22/2005 11:02 AM 1,035,008 HSF_DPV.sys
08/01/2005 04:45 PM 64,896 tosrfcom.sys
08/09/2005 12:10 PM 133,972 del1028.cty
09/15/2005 06:06 PM 36,480 tosrfbnp.sys
10/03/2005 12:57 PM 86,867 BCOREUSB.sys
10/14/2005 10:10 AM 58,560 ativckxx.vp
11/22/2005 09:47 AM 47,104 tosporte.sys
01/11/2006 05:29 PM 62,848 tosrfhid.sys
01/20/2006 05:08 PM 108,928 tosrfbd.sys
02/08/2006 04:44 PM 929 ativcaxx.vp
02/08/2006 04:44 PM 1,114,674 ativcaxx.cpa
02/09/2006 09:31 PM 39,936 tosrfusb.sys
03/08/2006 12:35 PM 191,872 SynTP.sys
05/23/2006 09:19 PM 45,056 ati2erec.dll
05/23/2006 10:06 PM 1,578,496 ati2mtag.sys
05/23/2006 10:24 PM 28,976 ativvpxx.vp
09/28/2006 06:55 PM 77,568 WudfPf.sys
09/28/2006 07:00 PM 82,944 WudfRd.sys
10/18/2006 08:00 PM 38,528 wpdusb.sys
11/21/2006 04:25 AM 45,568 bcm4sbxp.sys
05/10/2007 10:24 AM 1,222,840 sthda.sys
10/09/2007 07:17 PM 33,664 BCMWLNPF.SYS
10/09/2007 07:17 PM 1,123,328 BCMWL5.SYS
04/13/2008 12:36 PM 144,384 hdaudbus.sys
04/13/2008 12:39 PM 20,480 secdrv.sys
04/13/2008 12:39 PM 142,592 aec.sys
04/13/2008 02:31 PM 35,840 processr.sys
04/13/2008 02:31 PM 42,752 p3.sys
04/13/2008 02:31 PM 36,352 intelppm.sys
04/13/2008 02:31 PM 36,736 crusoe.sys
04/13/2008 02:31 PM 37,376 amdk6.sys
04/13/2008 02:31 PM 37,760 amdk7.sys
04/13/2008 02:32 PM 66,048 udfs.sys
04/13/2008 02:32 PM 19,072 msfs.sys
04/13/2008 02:32 PM 30,848 npfs.sys
04/13/2008 02:32 PM 180,608 mrxdav.sys
04/13/2008 02:32 PM 196,224 rdpdr.sys
04/13/2008 02:32 PM 129,792 fltmgr.sys
04/13/2008 02:33 PM 44,544 fips.sys
04/13/2008 02:34 PM 163,584 nwrdr.sys
04/13/2008 02:36 PM 14,208 battc.sys
04/13/2008 02:36 PM 5,888 smbali.sys
04/13/2008 02:36 PM 187,776 acpi.sys
04/13/2008 02:36 PM 13,952 cmbatt.sys
04/13/2008 02:36 PM 10,240 compbatt.sys
04/13/2008 02:36 PM 42,752 alim1541.sys
04/13/2008 02:36 PM 42,368 agp440.sys
04/13/2008 02:36 PM 40,960 sisagp.sys
04/13/2008 02:36 PM 43,008 amdagp.sys
04/13/2008 02:36 PM 44,928 agpcpq.sys
04/13/2008 02:36 PM 42,240 viaagp.sys
04/13/2008 02:36 PM 44,672 uagp35.sys
04/13/2008 02:36 PM 46,464 gagp30kx.sys
04/13/2008 02:36 PM 63,744 mf.sys
04/13/2008 02:36 PM 37,248 isapnp.sys
04/13/2008 02:36 PM 120,192 pcmcia.sys
04/13/2008 02:36 PM 79,232 sdbus.sys
04/13/2008 02:36 PM 68,224 pci.sys
04/13/2008 02:36 PM 15,488 mssmbios.sys
04/13/2008 02:36 PM 73,472 sr.sys
04/13/2008 02:38 PM 71,168 dxg.sys
04/13/2008 02:39 PM 384,768 update.sys
04/13/2008 02:39 PM 42,368 mountmgr.sys
04/13/2008 02:39 PM 24,576 kbdclass.sys
04/13/2008 02:39 PM 23,040 mouclass.sys
04/13/2008 02:39 PM 5,376 mspclock.sys
04/13/2008 02:39 PM 4,992 mspqm.sys
04/13/2008 02:39 PM 7,552 mskssrv.sys
04/13/2008 02:39 PM 4,352 swenum.sys
04/13/2008 02:40 PM 80,128 parport.sys
04/13/2008 02:40 PM 15,744 serenum.sys
04/13/2008 02:40 PM 27,392 fdc.sys
04/13/2008 02:40 PM 20,480 flpydisk.sys
04/13/2008 02:40 PM 57,600 redbook.sys
04/13/2008 02:40 PM 24,960 pciidex.sys
04/13/2008 02:40 PM 96,384 scsiport.sys
04/13/2008 02:40 PM 96,512 atapi.sys
04/13/2008 02:40 PM 14,208 diskdump.sys
04/13/2008 02:40 PM 62,976 cdrom.sys
04/13/2008 02:40 PM 11,008 sffp_sd.sys
04/13/2008 02:40 PM 11,904 sffdisk.sys
04/13/2008 02:40 PM 36,352 disk.sys
04/13/2008 02:40 PM 10,240 sffp_mmc.sys
04/13/2008 02:40 PM 11,392 sfloppy.sys
04/13/2008 02:40 PM 19,712 partmgr.sys
04/13/2008 02:40 PM 14,976 tape.sys
04/13/2008 02:40 PM 42,112 imapi.sys
04/13/2008 02:41 PM 52,352 volsnap.sys
04/13/2008 02:43 PM 12,672 mutohpen.sys
04/13/2008 02:43 PM 14,208 wacompen.sys
04/13/2008 02:44 PM 81,664 videoprt.sys
04/13/2008 02:44 PM 20,992 vga.sys
04/13/2008 02:44 PM 153,344 dmio.sys
04/13/2008 02:44 PM 799,744 dmboot.sys
04/13/2008 02:45 PM 52,864 dmusic.sys
04/13/2008 02:45 PM 6,272 splitter.sys
04/13/2008 02:45 PM 172,416 kmixer.sys
04/13/2008 02:45 PM 56,576 swmidi.sys
04/13/2008 02:45 PM 2,944 drmkaud.sys
04/13/2008 02:45 PM 60,160 drmk.sys
04/13/2008 02:45 PM 49,408 stream.sys
04/13/2008 02:45 PM 24,960 hidparse.sys
04/13/2008 02:45 PM 36,864 hidclass.sys
04/13/2008 02:45 PM 19,200 hidir.sys
04/13/2008 02:45 PM 10,368 hidusb.sys
04/13/2008 02:45 PM 46,592 irbus.sys
04/13/2008 02:45 PM 15,104 usbscan.sys
04/13/2008 02:45 PM 30,208 usbehci.sys
04/13/2008 02:45 PM 20,608 usbuhci.sys
04/13/2008 02:45 PM 143,872 usbport.sys
04/13/2008 02:45 PM 59,520 usbhub.sys
04/13/2008 02:45 PM 26,368 usbstor.sys
04/13/2008 02:45 PM 32,128 usbccgp.sys
04/13/2008 02:45 PM 25,600 usbcamd.sys
04/13/2008 02:45 PM 25,728 usbcamd2.sys
04/13/2008 02:45 PM 15,872 usbintel.sys
04/13/2008 02:46 PM 25,344 sonydcam.sys
04/13/2008 02:46 PM 61,696 ohci1394.sys
04/13/2008 02:46 PM 53,376 1394bus.sys
04/13/2008 02:46 PM 121,984 usbvideo.sys
04/13/2008 02:46 PM 18,944 bthusb.sys
04/13/2008 02:46 PM 25,600 hidbth.sys
04/13/2008 02:46 PM 36,480 bthprint.sys
04/13/2008 02:46 PM 59,136 rfcomm.sys
04/13/2008 02:46 PM 37,888 bthmodem.sys
04/13/2008 02:46 PM 17,024 bthenum.sys
04/13/2008 02:47 PM 25,856 usbprint.sys
04/13/2008 02:51 PM 60,800 arp1394.sys
04/13/2008 02:51 PM 59,904 atmarpc.sys
04/13/2008 02:51 PM 61,824 nic1394.sys
04/13/2008 02:51 PM 55,808 atmlane.sys
04/13/2008 02:51 PM 101,120 bthpan.sys
04/13/2008 02:53 PM 40,320 nmnt.sys
04/13/2008 02:53 PM 71,552 bridge.sys
04/13/2008 02:53 PM 36,608 ip6fw.sys
04/13/2008 02:54 PM 11,264 irenum.sys
04/13/2008 02:55 PM 14,592 ndisuio.sys
04/13/2008 02:56 PM 12,288 tunmp.sys
04/13/2008 02:56 PM 34,688 netbios.sys
04/13/2008 02:56 PM 88,320 nwlnkipx.sys
04/13/2008 02:56 PM 35,072 msgpc.sys
04/13/2008 02:56 PM 69,120 psched.sys
04/13/2008 02:56 PM 30,592 rndismp.sys
04/13/2008 02:56 PM 30,592 rndismpx.sys
04/13/2008 02:56 PM 12,800 usb8023x.sys
04/13/2008 02:56 PM 12,800 usb8023.sys
04/13/2008 02:57 PM 20,864 ipinip.sys
04/13/2008 02:57 PM 152,832 ipnat.sys
04/13/2008 02:57 PM 34,560 wanarp.sys
04/13/2008 02:57 PM 10,112 ndistapi.sys
04/13/2008 02:57 PM 14,336 asyncmac.sys
04/13/2008 02:57 PM 40,576 ndproxy.sys
04/13/2008 02:57 PM 41,472 raspppoe.sys
04/13/2008 03:00 PM 19,072 tdi.sys
04/13/2008 03:00 PM 30,080 modem.sys
04/13/2008 03:14 PM 63,744 cdfs.sys
04/13/2008 03:14 PM 143,744 fastfat.sys
04/13/2008 03:15 PM 64,512 serial.sys
04/13/2008 03:15 PM 574,976 ntfs.sys
04/13/2008 03:15 PM 60,800 sysaudio.sys
04/13/2008 03:16 PM 49,536 classpnp.sys
04/13/2008 03:16 PM 141,056 ks.sys
04/13/2008 03:17 PM 105,344 mup.sys
04/13/2008 03:17 PM 83,072 wdmaud.sys
04/13/2008 03:18 PM 52,480 i8042prt.sys
04/13/2008 03:19 PM 146,048 portcls.sys
04/13/2008 03:19 PM 75,264 ipsec.sys
04/13/2008 03:19 PM 51,328 rasl2tp.sys
04/13/2008 03:19 PM 48,384 raspptp.sys
04/13/2008 03:20 PM 182,656 ndis.sys
04/13/2008 03:20 PM 91,520 ndiswan.sys
04/13/2008 03:21 PM 162,816 netbt.sys
04/13/2008 03:28 PM 175,744 rdbss.sys
04/13/2008 08:11 PM 3,775 adv11nt5.dll
04/13/2008 08:11 PM 3,711 adv09nt5.dll
04/13/2008 08:11 PM 3,647 adv07nt5.dll
04/13/2008 08:11 PM 3,615 adv05nt5.dll
04/13/2008 08:11 PM 4,255 adv01nt5.dll
04/13/2008 08:11 PM 3,967 adv02nt5.dll
04/13/2008 08:11 PM 3,135 adv08nt5.dll
04/13/2008 08:11 PM 14,143 atv06nt5.dll
04/13/2008 08:11 PM 21,183 atv01nt5.dll
04/13/2008 08:11 PM 15,423 ch7xxnt5.dll
04/13/2008 08:11 PM 17,279 atv10nt5.dll
04/13/2008 08:11 PM 11,359 atv02nt5.dll
04/13/2008 08:11 PM 25,471 atv04nt5.dll
04/13/2008 08:12 PM 3,901 siint5.dll
04/13/2008 08:12 PM 11,325 vchnt5.dll
04/13/2008 08:13 PM 40,840 termdd.sys
04/13/2008 08:13 PM 12,040 tdpipe.sys
04/13/2008 08:13 PM 21,896 tdtcp.sys
04/13/2008 08:13 PM 139,656 rdpwd.sys
05/08/2008 10:02 AM 203,136 rmcast.sys
06/13/2008 07:05 AM 272,128 bthport.sys
06/20/2008 07:51 AM 361,600 tcpip.sys
08/14/2008 06:04 AM 138,496 afd.sys
06/22/2009 07:48 AM 91,776 mqac.sys
06/24/2009 07:18 AM 92,928 ksecdd.sys
07/16/2009 07:55 AM <DIR> disdn
09/15/2009 02:01 AM 7,387 pctgntdi.cat
09/15/2009 02:12 AM 7,412 PCTAppEvent.cat
09/15/2009 05:20 AM 7,383 pctplsg.cat
09/16/2009 03:20 AM 7,383 pctcore.cat
10/20/2009 12:20 PM 265,728 http.sys
11/23/2009 01:54 PM 88,040 PCTAppEvent.sys
12/31/2009 12:50 PM 353,792 srv.sys
02/05/2010 09:17 AM 233,136 pctgntdi.sys
02/11/2010 08:02 AM 226,880 tcpip6.sys
02/24/2010 09:11 AM 455,680 mrxsmb.sys
03/29/2010 10:06 AM 218,592 PCTCore.sys
04/08/2010 02:29 PM 63,360 pctplsg.sys
04/29/2010 03:39 PM 20,952 mbam.sys
04/29/2010 03:39 PM 38,224 mbamswissarmy.sys
06/02/2010 09:42 AM 29,584 avgmfx86.sys
07/15/2010 10:56 AM 216,400 avgldx86.sys
07/15/2010 10:57 AM 243,024 avgtdix.sys
08/09/2010 10:17 PM <DIR> UMDF
08/10/2010 09:36 AM <DIR> etc
08/10/2010 09:39 AM <DIR> ..
08/10/2010 09:39 AM <DIR> .
08/10/2010 07:12 PM <DIR> Avg
319 File(s) 35,369,392 bytes
6 Dir(s) 58,393,989,120 bytes free

Stealth malware?

Internet Explorer

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.0.2600.0000
FullScreen REG_SZ no
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0x0
MigrateProxy REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivacyAdvanced REG_DWORD 0x0
GlobalUserOffline REG_DWORD 0x0
EnableAutodial REG_BINARY 00000000
WarnOnZoneCrossing REG_DWORD 0x0
PrivDiscUiShown REG_DWORD 0x1
UrlEncoding REG_DWORD 0x0
SecureProtocols REG_DWORD 0xa0
ZonesSecurityUpgrade REG_BINARY 9E44FDA77D9CCA01
DisableCachingOfSSLPages REG_DWORD 0x0
ProxyServer REG_SZ http=127.0.0.1:6522
WarnonBadCertRecving REG_DWORD 0x1
WarnOnPostRedirect REG_DWORD 0x0
WarnOnHTTPSToHTTPRedirect REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
NoUpdateCheck REG_DWORD 0x1
NoJITSetup REG_DWORD 0x1
Disable Script Debugger REG_SZ yes
Show_ChannelBand REG_SZ No
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Start Page REG_SZ http://att.my.yahoo.com/
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
FullScreen REG_SZ no
Window_Placement REG_BINARY 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCE0200005E0200004E05000020040000
Error Dlg Displayed On Every Error REG_SZ no
Error Dlg Details Pane Open REG_SZ no
NotifyDownloadComplete REG_SZ yes
Use FormSuggest REG_SZ no
AutoSearch REG_DWORD 0x0
AddToFavoritesExpanded REG_DWORD 0x0
StatusBarWeb REG_DWORD 0x0
XMLHTTP REG_DWORD 0x1
UseClearType REG_SZ yes
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
CompatibilityFlags REG_DWORD 0x0
IE8RunOnceLastShown REG_DWORD 0x1
IE8RunOnceLastShown_TIMESTAMP REG_BINARY C09E0420C5C2CA01
IE8TourShown REG_DWORD 0x1
IE8TourShownTime REG_BINARY 04AD84DE7D9CCA01
FormSuggest PW Ask REG_SZ no
AutoHide REG_SZ yes
IE8RunOncePerInstallCompleted REG_DWORD 0x1
IE8RunOnceCompletionTime REG_BINARY 345BC457C5C2CA01
HistoryViewType REG_BINARY 08006663030000000000
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1
Check_Associations REG_SZ yes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
SearchAssistant REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
CustomizeSearch REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{A3BC75A2-1F87-4686-AA43-5347D756017C} REG_SZ
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} REG_SZ AVG Security Toolbar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} REG_BINARY 00
{472734EA-242A-422B-ADF8-83D1E48CC825} REG_SZ PC Tools Browser Guard

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...

Security Center

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
AntiVirusDisableNotify REG_DWORD 0x0
FirewallDisableNotify REG_DWORD 0x0
UpdatesDisableNotify REG_DWORD 0x0
AntiVirusOverride REG_DWORD 0x0
FirewallOverride REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\AVG\AVG9\avgemc.exe REG_SZ C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe
C:\Program Files\AVG\AVG9\avgupd.exe REG_SZ C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
C:\Program Files\AVG\AVG9\avgnsx.exe REG_SZ C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
C:\WINDOWS\system32\LEXPPS.EXE REG_SZ C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS
C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe REG_SZ C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9
C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe REG_SZ C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10
C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe REG_SZ C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

Uninstall List

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\All ATI Software

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\amg-skipbocastawaycapertm

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ATI Display Driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Broadcom 802.11b Network Adapter

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Defender_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2229593

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2286198

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB835221WXP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911564

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951066

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951978

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954155_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955759

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956744

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956844

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957097

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961371-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968816_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969059

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969947

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970430

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971468

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971486

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971557

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971633

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971657

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971737

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972270

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973507

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973525

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9L

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973815

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973904

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974112

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974318

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974392

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974571

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975025

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975364-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975467

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975560

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975562

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975713

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976662-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977165

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977816

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977914

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978037

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978207

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978207-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978251

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978262

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978338

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978601

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978695_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978706

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979306

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979309

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979402_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979482

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979559

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980182-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980218

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980232

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981332-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981793

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982381-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lexmark Supplies Monitor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lexmark Z25-Z35

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M979906

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft NetShow Player 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAMB_ADVMB_FILTER_DRV

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Doctor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMCSetup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wmp11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Works2002Setup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\X3watch_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216018FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5C0856B6-6260-4952-8FF5-C79C3FD3AA44}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612B9183-67A9-4B44-9877-2F059E35B86A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6421F085-1FAA-DE13-D02A-CFB412C522A4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{65C101D4-0032-4970-A99B-476928F3E5D2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6ADD0603-16EF-400D-9F9E-486432835002}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8CFA9151-6404-409A-AF22-4632D04582FD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{911B0409-6000-11D3-8CFE-0050048383C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2BCA9F1-566C-4805-97D1-7FDC93386723}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A93000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3A439E4-7303-491F-A678-CEA36A87D517}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C769A271-7E1C-48F9-B331-474600DD4C06}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C99C0593-3B48-41D9-B42F-6E035B320449}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DC19E750-988B-4005-A355-85EF66055EFE}

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! BrowserPlus

Adobe Products

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
DisplayName REG_SZ Adobe Flash Player 10 ActiveX
DisplayVersion REG_SZ 10.0.42.34
Publisher REG_SZ Adobe Systems Incorporated
URLInfoAbout REG_SZ http://www.adobe.com/go/getflashplayer
VersionMajor REG_SZ 10
VersionMinor REG_SZ 0
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
URLUpdateInfo REG_SZ http://www.adobe.com/go/flashplayer/
DisplayIcon REG_SZ C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
UninstallString REG_SZ C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
RequiresIESysFile REG_SZ 4.70.0.1155
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1

Autorun

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
WorksFUD REG_SZ C:\Program Files\Microsoft Works\wkfud.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
SigmatelSysTrayApp REG_SZ %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Microsoft Works Update Detection REG_SZ C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Microsoft Works Portfolio REG_SZ C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
LXSUPMON REG_SZ C:\WINDOWS\System32\LXSUPMON.EXE RUN
Broadcom Wireless Manager UI REG_SZ C:\WINDOWS\System32\WLTRAY.exe
AVG9_TRAY REG_SZ C:\PROGRA~1\AVG\AVG9\avgtray.exe
ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
x3watch REG_SZ C:\Program Files\X3watch\x3watch.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

Restrictions - Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel

Restrictions - REGEDIT

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

Restrictions - Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x143
NoDriveAutoRun REG_DWORD 0x3ffffff
NoDrives REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

DNS Settings

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0FDCCCFA-B319-4B00-BB0F-898A697512B8}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{31140676-CDAA-495C-B303-E8A86B8CAC0B}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{729D7D66-1765-4103-9E15-C7CB0F99FA94}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A27D98D-491C-4ECA-A45B-7B15C081467A}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D594739E-BB5F-44CB-A858-80B832D9847F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E79B45FD-9753-4BEE-AC39-918DDD1F9236}

Windows IP Configuration

Host Name . . . . . . . . . . . . : keogh

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-16-CE-50-62-88

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 10.0.0.1

Lease Obtained. . . . . . . . . . : Tuesday, August 10, 2010 7:08:13 PM

Lease Expires . . . . . . . . . . : Wednesday, August 11, 2010 7:08:13 PM

AppInit DLLs

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Shell Service Object Delay Load

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
WPDShServiceObj REG_SZ {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

Shell Execute Hooks

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

Image File Execution Options

MSS log continued file was too long13th August 2010, 1:44 am

This is the second half of the posted file.

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE

Security Providers

Local Security Authority

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Bounds REG_BINARY 0030000000200000
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
LsaPid REG_DWORD 0x364
SecureBoot REG_DWORD 0x1
auditbaseobjects REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
fipsalgorithmpolicy REG_DWORD 0x0
forceguest REG_DWORD 0x1
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 0x1
lmcompatibilitylevel REG_DWORD 0x0
nodefaultadminowner REG_DWORD 0x1
nolmhash REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli\0\0
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x1
enabledcom REG_SZ y

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache

AppCert DLLs

App Paths

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths
REG_SZ C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\
Path REG_SZ C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
REG_SZ C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
Path REG_SZ C:\Program Files\Adobe\Reader 9.0\Reader\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AVGSE.DLL
REG_SZ C:\PROGRA~1\AVG\AVG9\avgse.dll
Menu1 REG_SZ Scan with &AVG Free
Help1 REG_SZ Scan against viruses with AVG Free

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bckgzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\BIP_Camera.exe
Path REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\BIP_Camera.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\BIP_Camera1.exe
REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\BIP_Camera1.exe
Path REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chkrzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
REG_SZ C:\WINDOWS\System32\cmmgr32.exe
Path REG_SZ C:\WINDOWS\System32
CmstpExtensionDll REG_SZ C:\WINDOWS\System32\cmcfg32.dll
CMInternalVersion REG_SZ 1.2
CmNative REG_DWORD 0x1
ProfilesUpgraded REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\combofix.exe
REG_SZ C:\Documents and Settings\Administrator\desktop\combo-fix.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CONF.EXE
REG_SZ C:\Program Files\NetMeeting\conf.exe
Path REG_SZ C:\Program Files\NetMeeting;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dialer.exe
REG_SZ C:\Program Files\Windows NT\dialer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ECCenter.exe
Path REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ECCenter.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ECCenter1.exe
REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ECCenter1.exe
Path REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HELPCTR.EXE
REG_EXPAND_SZ %Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hrtzzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hypertrm.exe
REG_SZ "C:\Program Files\Windows NT\hypertrm.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN1.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN2.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\INETWIZ.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISIGNUP.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
REG_SZ C:\Program Files\Java\jre6\bin\javaws.exe
Path REG_SZ C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe
REG_EXPAND_SZ %SystemRoot%\system32\usmt\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
REG_SZ C:\Program Files\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
REG_SZ "C:\Program Files\Windows Media Player\mplayer2.exe"
Path REG_SZ "C:\Program Files\Windows Media Player"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSCONFIG.EXE
REG_EXPAND_SZ %systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\msimn.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msinfo32.exe
REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe
Path REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSMSGS.EXE
REG_SZ C:\Program Files\Messenger\msmsgs.exe
Path REG_SZ C:\Program Files\Messenger;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSN6.EXE
REG_SZ C:\Program Files\MSN\MSNCoreFiles\MSN6.exe
Path REG_SZ C:\Program Files\MSN\MSNCoreFiles

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
REG_EXPAND_SZ %SystemRoot%\system32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\system32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path REG_SZ C:\Program Files\QuickTime\
REG_SZ C:\Program Files\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pinball.exe
REG_SZ C:\Program Files\Windows NT\Pinball\pinball.exe
Path REG_SZ C:\Program Files\Windows NT\Pinball

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
REG_SZ C:\Program Files\QuickTime\QuickTimePlayer.exe
Path REG_SZ C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rvsezm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sbase.exe
REG_SZ C:\Program Files\OpenOffice.org 3\program\sbase.exe
Path REG_SZ C:\Program Files\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\scalc.exe
REG_SZ C:\Program Files\OpenOffice.org 3\program\scalc.exe
Path REG_SZ C:\Program Files\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sdraw.exe
REG_SZ C:\Program Files\OpenOffice.org 3\program\sdraw.exe
Path REG_SZ C:\Program Files\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\shvlzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\simpress.exe
REG_SZ C:\Program Files\OpenOffice.org 3\program\simpress.exe
Path REG_SZ C:\Program Files\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\smath.exe
REG_SZ C:\Program Files\OpenOffice.org 3\program\smath.exe
Path REG_SZ C:\Program Files\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\soffice.exe
REG_SZ C:\Program Files\OpenOffice.org 3\program\soffice.exe
Path REG_SZ C:\Program Files\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\swriter.exe
REG_SZ C:\Program Files\OpenOffice.org 3\program\swriter.exe
Path REG_SZ C:\Program Files\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosBtMng.exe
Path REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosBtMng1.exe
Path REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosBtProc.exe
Path REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TosBtProc1.exe
REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc1.exe
Path REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\unopkg.exe
REG_SZ C:\Program Files\OpenOffice.org 3\program\unopkg.exe
Path REG_SZ C:\Program Files\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wabmig.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winnt32.exe
RunAsOnNonAdminInstall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office10\WINWORD.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office10\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WirelessFTP.exe
Path REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\WirelessFTP.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WirelessFTP1.exe
REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\WirelessFTP1.exe
Path REG_SZ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkscal.exe
Path REG_SZ C:\Program Files\Common Files\Microsoft Shared\Works Shared\
REG_SZ C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkscal.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe
Path REG_SZ C:\Program Files\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

Mozilla

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions
jqs@sun.com REG_EXPAND_SZ C:\Program Files\Java\jre6\lib\deploy\jqs\ff

Shared Task Scheduler

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

SafeBoot

SafeBootMinimal

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

SafeBootNetwork

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sharedaccess

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

File Rename Operations - Session

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations

Known DLLs - Session

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
advapi32 REG_SZ advapi32.dll
comdlg32 REG_SZ comdlg32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
imagehlp REG_SZ imagehlp.dll
kernel32 REG_SZ kernel32.dll
lz32 REG_SZ lz32.dll
ole32 REG_SZ ole32.dll
oleaut32 REG_SZ oleaut32.dll
olecli32 REG_SZ olecli32.dll
olecnv32 REG_SZ olecnv32.dll
olesvr32 REG_SZ olesvr32.dll
olethk32 REG_SZ olethk32.dll
rpcrt4 REG_SZ rpcrt4.dll
shell32 REG_SZ shell32.dll
url REG_SZ url.dll
urlmon REG_SZ urlmon.dll
user32 REG_SZ user32.dll
version REG_SZ version.dll
wininet REG_SZ wininet.dll
wldap32 REG_SZ wldap32.dll

Downloaded program files (ActiveX)

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8100D56A-5661-482C-BEE8-AFECE305D968}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}

PATH: C:\windows\Downloaded Program Files

FP_AX_CAB_INSTALLER.exe
IEAWSDC.DLL
ieawsdc.inf
PhotoUploader55.inf
PhotoUploader55.ocx
QTPlugin.inf
swflash.inf

Mountpoints

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64d6adf4-71f8-11de-88b9-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64d6adf8-71f8-11de-88b9-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC

Winlogon

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
AutoRestartShell REG_DWORD 0x1
DefaultDomainName REG_SZ KEOGH
DefaultUserName REG_SZ Administrator
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD 0xffffffff
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0x1
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0x1
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0x0
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 0x1
ShowLogonOptions REG_DWORD 0x1
AltDefaultUserName REG_SZ Administrator
AltDefaultDomainName REG_SZ KEOGH
ChangePasswordUseKerberos REG_DWORD 0x1
LegalNotice Text REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials

Windows Update

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\windowsupdate\auto update\results\install
LastSuccessTime REG_SZ 2010-08-10 12:34:15
LastError REG_DWORD 0x0

Security Software Information

*Note*: Some security software does not store itself in the WMI.

Antivirus: AVG Anti-Virus Free *Scanner enabled* (Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

{END OF FILE}

Re: antivir removal - did updates and OTL scan, logs listed13th August 2010, 7:13 am

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note for Vista: Right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose Copy):

Code:
:reg [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyServer"=- :Commands [emptytemp] [purity] [Reboot]
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Scan with Malwarebytes' Anti-Malware

Please open Malwarebytes' Anti-Malware, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Re: antivir removal - did updates and OTL scan, logs listed18th August 2010, 6:08 am

Still with us? Please let me know how things are going!

antivir removal - did updates and OTL scan, logs listed

descriptionantivir removal - did updates and OTL scan, logs listed8th August 2010, 12:58 am

descriptionRe: antivir removal - did updates and OTL scan, logs listed8th August 2010, 2:05 am

descriptionbumb - combofix run and log for antivir removal10th August 2010, 1:59 pm

descriptionRe: antivir removal - did updates and OTL scan, logs listed10th August 2010, 7:14 pm

descriptionMSS results follow up checking for Antivir problem13th August 2010, 1:42 am

descriptionMSS log continued file was too long13th August 2010, 1:44 am

descriptionRe: antivir removal - did updates and OTL scan, logs listed13th August 2010, 7:13 am

descriptionRe: antivir removal - did updates and OTL scan, logs listed18th August 2010, 6:08 am

descriptionRe: antivir removal - did updates and OTL scan, logs listed