WiredWX Hobby Weather ToolsLog in

 


Win32/Cryptor Virus- Plz Help Remove

2 posters

descriptionWin32/Cryptor Virus- Plz Help Remove EmptyWin32/Cryptor Virus- Plz Help Remove

more_horiz
I have run AVG 2011, AVG PC Tuneup, Avira Antivirus, Registry Repair Wizard, and Spyware Doctor to try and remove this virus, but none of it worked. It all started one day when AVG said its VDB failed, but I ignored it and went on the web, in which case I caught the virus and now it won't go away. It always pops up, according to AVG, in the C:\Windows\Temp\(insert long random number here).exe. My computer is slow as a snail now, hidden folders become visible, identity protection in AVG is at risk, Windows' windows turn into windows 95 look, etc. Plz help me.
Here is a quick spec of my computer:
Windows Vista Home Premium (32 Bit)
Service Pack 2
Vaio VGN-CR420E Laptop
Intel Core 2 Duo CPU T8100 @ 2.10GHz
3 GB Ram

descriptionWin32/Cryptor Virus- Plz Help Remove EmptyRe: Win32/Cryptor Virus- Plz Help Remove

more_horiz
Here is the OTL File: Its very long, so I will split it into parts:
OTL logfile created on: 8/30/2011 12:05:00 PM - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 39.62% Memory free
6.18 Gb Paging File | 3.67 Gb Available in Paging File | 59.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83.01 Gb Total Space | 25.32 Gb Free Space | 30.51% Space Free | Partition Type: NTFS
Drive D: | 12.60 Gb Total Space | 0.18 Gb Free Space | 1.40% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/29 17:59:20 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2011/08/28 22:27:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.com
PRC - [2011/08/28 09:33:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/27 13:49:35 | 002,576,384 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.30\deploy\LoLLauncher.exe
PRC - [2011/08/27 13:49:30 | 001,290,240 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2011/08/24 04:01:18 | 002,219,664 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\GirafficWatchdog.exe
PRC - [2011/08/24 04:01:04 | 003,655,296 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Giraffic.exe
PRC - [2011/06/20 16:52:18 | 004,358,496 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgmfapx.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/04/25 23:56:48 | 001,540,480 | ---- | M] (SmartPCTools) -- C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/24 05:59:34 | 000,199,904 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2011/01/20 09:45:10 | 000,764,232 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 12:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 12:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2011/01/01 01:17:29 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/10/30 21:09:43 | 002,975,640 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/29 06:59:56 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/21 03:05:18 | 000,960,560 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 03:04:02 | 000,377,248 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 02:59:56 | 004,359,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/08/30 18:10:42 | 001,562,381 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2008/01/20 22:24:36 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
PRC - [2007/09/19 12:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/06/15 13:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/27 13:49:35 | 002,576,384 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.30\deploy\LoLLauncher.exe
MOD - [2011/08/27 13:49:30 | 001,290,240 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2011/08/11 10:11:21 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/11 10:08:04 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/11 09:57:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/01/10 12:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll
MOD - [2010/12/01 01:26:54 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2010/12/01 01:26:52 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2010/12/01 01:26:52 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2010/10/30 21:09:43 | 002,975,640 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/01/17 17:55:40 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/28 09:33:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/24 04:01:18 | 002,219,664 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/08/05 12:37:57 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/24 05:59:34 | 000,199,904 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Toolbar Updater Service)
SRV - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/08/30 18:10:42 | 001,562,381 | ---- | M] () [Auto | Running] -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/08/29 17:59:16 | 000,063,360 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2011/08/29 17:59:15 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/08/28 09:33:18 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/28 09:33:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/12 05:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 10:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 10:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/10 00:45:08 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/28 18:55:49 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/11/28 18:55:43 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/11/28 18:55:43 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/11/28 18:55:40 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2008/02/25 14:56:28 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/01/30 12:25:06 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2008/01/30 12:25:06 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008/01/30 11:56:02 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2008/01/29 21:14:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/19 14:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/11/02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006/11/01 16:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {c200e798-529d-4847-8b76-4abeb4658d41} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.conduit.com?SearchSource=10&ctid=CT3001725
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C EC D0 15 49 C6 1D 41 BF D5 A3 57 DB BD C8 7A [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49717

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Quizulous_v2b Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3001725&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6044
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.023.001
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4e55bf35&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/01 01:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/24 23:19:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/08/24 23:19:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/18 10:40:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/06 13:09:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2011/01/01 01:06:46 | 000,000,000 | ---D | M]

[2009/11/29 20:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011/08/21 19:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions
[2010/04/27 03:18:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/21 19:49:01 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/07/03 18:15:10 | 000,000,000 | ---D | M] (SocialRibbons LP 1) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}
[2011/08/16 11:22:01 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/03/24 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{7B13EC3E-999A-4B70-B9CB-2617B8323822}-TRASH
[2011/06/23 19:22:08 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/08/05 12:20:03 | 000,000,000 | ---D | M] (Quizulous_v2b Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{ec173f7c-6744-441f-be93-c7cc43103ba5}
[2011/08/05 12:20:01 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\anttoolbar@ant.com
[2011/07/03 18:14:43 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\plugin@yontoo.com
[2011/01/01 02:57:59 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\searchrecs@veoh.com
[2011/08/16 11:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\trash
[2011/07/03 18:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}\chrome\content\dca\core\extensionManager
[2009/12/11 02:15:08 | 000,004,554 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\aim-search.xml
[2010/01/07 16:37:32 | 000,000,653 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\aol-search.xml
[2011/08/21 19:49:03 | 000,002,259 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\bing-zugo.xml
[2011/06/23 14:31:42 | 000,000,929 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\conduit.xml
[2011/04/13 15:43:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/15 00:15:21 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/20 20:03:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 21:17:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 15:20:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/01 19:11:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/08/24 23:19:17 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NKXRI7HD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/08/18 10:40:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/17 08:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2011/04/14 06:26:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (SocialRibbons LP 1) - {2F3D5040-D8E1-F5B4-150E-F532A5F23615} - C:\Program Files\SocialRibbons LP 1\Toolbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O2 - BHO: (Verizon - AOL Toolbar Loader) - {86916f9e-4c81-42f8-9d60-4a1a54dae898} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (TBSB00982 Class) - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Verizon - AOL Toolbar) - {9a964391-f5af-4fad-9964-51c4ed876f20} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon - AOL Toolbar) - {9A964391-F5AF-4FAD-9964-51C4ED876F20} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Registry Repair Wizard Scheduler] C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe (SmartPCTools)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Verizon - AOL Toolbar Search - C:\ProgramData\Verizon - AOL Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
MsConfig - StartUpReg: Weather - hkey= - key= - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
MsConfig - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: ServicepointService - C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: ServicepointService - C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/30 12:02:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/29 15:29:25 | 000,059,664 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2011/08/29 15:29:25 | 000,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2011/08/29 15:29:25 | 000,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2011/08/29 15:23:46 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/08/29 15:23:45 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/08/29 15:23:45 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/08/29 15:21:04 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/08/29 15:21:04 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/08/29 15:20:58 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/08/29 15:20:58 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/08/29 15:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2011/08/29 15:20:51 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/08/29 15:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/08/29 15:20:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\PC Tools
[2011/08/29 15:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/08/29 15:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/08/28 22:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/28 18:03:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\AVG
[2011/08/28 16:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/08/28 10:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair Wizard
[2011/08/28 10:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCTools
[2011/08/28 10:05:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SmartPCTools
[2011/08/28 02:17:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira
[2011/08/28 02:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/08/28 02:14:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/08/28 02:14:12 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/28 02:14:12 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/28 02:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/08/28 02:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/28 01:51:24 | 000,000,000 | ---D | C] -- C:\15417789a839261edc54cc9feb88
[2011/08/27 13:43:15 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/08/27 13:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/08/27 13:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\LeagueOfLegends
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/27 00:32:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FixCleaner
[2011/08/27 00:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/08/25 23:13:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2011/08/25 08:28:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\AVG Security Toolbar
[2011/08/24 23:48:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{290B56E5-F30F-44F9-9F3C-5B86248499EC}
[2011/08/24 23:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/08/24 18:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/24 18:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/24 09:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/24 09:45:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2AB9971F-1A5B-422D-9DC2-58B32D32F9D8}
[2011/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{89E67C65-7F3C-44EB-9560-44F4C86156DD}
[2011/08/23 10:00:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E22A9DD9-2CCF-4F6B-9C28-29CE13B5E337}
[2011/08/23 10:00:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E10D234E-D330-4476-B05A-1809721E8B57}
[2011/08/21 23:00:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{377EA41B-D7F9-458C-8573-19042CA00B40}
[2011/08/21 23:00:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{61FBE1E4-00FF-4EB1-B8F7-F6E8975750EE}
[2011/08/21 19:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar
[2011/08/21 19:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Giraffic
[2011/08/21 19:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Giraffic
[2011/08/21 16:26:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F5A621E1-68E6-48D6-93F8-54B8220086E8}
[2011/08/21 16:25:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{9A9CA7B7-7BD4-4881-8911-DDB08D01D8DF}
[2011/08/21 10:08:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0F29E3B4-F866-4645-9F62-573F4B565167}
[2011/08/19 23:05:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3A800A6B-14DB-454C-9DF7-76064D438D67}
[2011/08/19 23:04:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A1C43EF6-C069-4FA5-88E6-A1DAF36D7BBC}
[2011/08/19 12:27:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FB990608-C6B3-45BF-BC13-FC1BBEA3C53B}
[2011/08/18 10:41:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6F1DB29F-2B01-42A6-BCB7-D26D351BC952}
[2011/08/18 10:40:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7D0D77F9-ECE8-4754-B0B6-3DA5A9328289}
[2011/08/17 10:04:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D6FFBD21-57DF-43E7-8913-E7753EA415E5}
[2011/08/17 10:04:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E14540B5-A7E1-4730-AC37-FEA3915864E9}
[2011/08/13 00:43:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{81746D08-F975-4357-A864-23720D8B2204}
[2011/08/11 10:10:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B3C0113C-FD72-409B-9A5D-811C2CB638C5}
[2011/08/11 10:09:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D81F9FD2-0301-425E-A5A0-A1C9F00A1734}
[2011/08/11 09:58:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/11 09:58:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/11 09:58:44 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/11 09:58:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/11 09:58:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 22:55:04 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 22:54:37 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 22:54:36 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 20:11:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7A9C5FE4-0F92-40FE-B276-563431B12206}
[2011/08/10 09:18:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2FCB5076-9669-43BA-9023-B8D31A24EBC9}
[2011/08/10 09:18:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{02A2ACA1-573F-4D6F-AEFC-59F67C4ED7FF}
[2011/08/09 17:40:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Ventrilo
[2011/08/09 17:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2011/08/09 17:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2011/08/09 17:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/08/09 17:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/08/09 17:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2011/08/07 19:08:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6ED1D73E-89E1-4B58-B73B-CB5A3FEB76B5}
[2011/08/07 18:54:34 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/07 16:23:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{29048A1C-25BB-44AD-AF90-E44AA9A38E8C}
[2011/08/06 13:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/06 13:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/06 13:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/04 19:46:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E59ED909-6070-4B59-ACD7-14904DD4C097}
[2011/08/04 15:38:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D4DD2F3A-9BE7-4D8A-B547-38884AF5A0AA}
[2011/08/03 18:58:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6029DEFE-64DF-4756-90B7-9873C930ECAB}
[2011/08/02 23:18:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{31B66B3B-8BB7-49DB-8443-DBB3BE0D56B7}
[2011/08/02 07:22:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B2F5446C-29A1-4E59-B1D3-0B0FCD4A8574}
[2011/08/01 21:20:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{57709E64-5F64-4FF3-99BB-3B4FD4F434A4}
[2011/07/31 15:24:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4EE62924-CCD9-48A9-BDB9-D0C6AEF23F7D}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

descriptionWin32/Cryptor Virus- Plz Help Remove EmptyRe: Win32/Cryptor Virus- Plz Help Remove

more_horiz
[2011/08/30 12:05:46 | 130,537,212 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/30 12:04:10 | 000,879,225 | ---- | M] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2011/08/30 12:02:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/30 11:49:43 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 11:49:43 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 11:49:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/30 11:49:26 | 3211,173,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/30 10:34:28 | 000,001,356 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2011/08/30 10:00:52 | 000,668,418 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/30 10:00:52 | 000,130,384 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/30 01:38:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/29 19:33:03 | 000,088,576 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/29 17:59:16 | 000,063,360 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/08/29 17:59:15 | 000,218,592 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/08/29 15:20:55 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/08/29 12:52:18 | 000,660,786 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/08/28 16:18:38 | 000,000,954 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/08/28 16:18:38 | 000,000,930 | ---- | M] () -- C:\Users\Admin\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/28 14:28:21 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2011/08/28 10:11:01 | 000,000,911 | ---- | M] () -- C:\Users\Admin\Desktop\Registry Repair Wizard 2011.lnk
[2011/08/28 09:33:18 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/28 09:33:18 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/28 02:14:42 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/27 13:49:20 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/27 02:36:54 | 000,002,483 | ---- | M] () -- C:\Users\Admin\Desktop\HiJackThis.lnk
[2011/08/24 23:19:08 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/24 19:03:00 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2011/08/24 18:15:26 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/22 12:27:58 | 000,001,624 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/21 19:48:38 | 000,001,952 | ---- | M] () -- C:\Users\Admin\Desktop\Veoh Web Player.lnk
[2011/08/21 18:33:26 | 000,309,821 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/08/20 12:10:53 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/08/18 12:14:17 | 000,001,352 | -HS- | M] () -- C:\Users\Admin\AppData\Local\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
[2011/08/18 12:14:17 | 000,001,352 | -HS- | M] () -- C:\ProgramData\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\wggl.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\rgdu.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\qerj.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\qdrn.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\klfm.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\jatr.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\fsfb.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\adeb.exe
[2011/08/10 09:16:53 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/09 17:40:15 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/08/09 17:40:10 | 000,000,712 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011/08/09 17:38:52 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/08/06 13:08:55 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/30 12:03:44 | 000,879,225 | ---- | C] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2011/08/30 11:49:26 | 3211,173,888 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/29 15:23:47 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/08/29 15:23:46 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2011/08/29 15:23:46 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011/08/29 15:23:46 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011/08/29 15:23:46 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011/08/29 15:21:04 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2011/08/29 15:20:58 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2011/08/29 15:20:58 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2011/08/29 15:20:55 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/08/29 15:20:51 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2011/08/28 16:18:38 | 000,000,954 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/08/28 16:18:38 | 000,000,930 | ---- | C] () -- C:\Users\Admin\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/28 10:11:01 | 000,000,911 | ---- | C] () -- C:\Users\Admin\Desktop\Registry Repair Wizard 2011.lnk
[2011/08/28 02:14:42 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/27 13:49:20 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/27 01:45:43 | 000,002,483 | ---- | C] () -- C:\Users\Admin\Desktop\HiJackThis.lnk
[2011/08/24 18:15:26 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/22 12:27:58 | 000,001,624 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/21 19:48:38 | 000,001,952 | ---- | C] () -- C:\Users\Admin\Desktop\Veoh Web Player.lnk
[2011/08/18 12:14:06 | 000,001,352 | -HS- | C] () -- C:\Users\Admin\AppData\Local\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
[2011/08/18 12:14:06 | 000,001,352 | -HS- | C] () -- C:\ProgramData\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\wggl.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\rgdu.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\qerj.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\qdrn.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\klfm.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\jatr.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\fsfb.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\adeb.exe
[2011/08/09 17:40:10 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011/08/09 17:40:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/08/09 17:38:52 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/08/06 13:08:55 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/07/23 09:52:40 | 000,001,520 | -HS- | C] () -- C:\Users\Admin\AppData\Local\15ho16v480qtjopuusb031qp2362v1q
[2011/07/23 09:52:40 | 000,001,520 | -HS- | C] () -- C:\ProgramData\15ho16v480qtjopuusb031qp2362v1q
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\ytig.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\yfje.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\ujjt.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\runx.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\pbex.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\nsmp.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\epjr.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\bndp.exe
[2011/07/09 15:00:59 | 000,000,996 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\033E.F6A
[2011/06/06 00:01:56 | 000,001,566 | -HS- | C] () -- C:\Users\Admin\AppData\Local\734ic5kl480kc2nvg31
[2011/06/06 00:01:56 | 000,001,566 | -HS- | C] () -- C:\ProgramData\734ic5kl480kc2nvg31
[2011/02/20 00:38:31 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2011/02/20 00:38:31 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2011/02/20 00:38:31 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2011/02/20 00:38:31 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe
[2011/02/20 00:38:30 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2010/12/06 02:21:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/05/26 23:14:43 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/05/26 23:14:43 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/20 20:50:54 | 000,000,001 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileJoin.ini
[2010/01/08 11:22:53 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/30 21:11:41 | 000,035,473 | ---- | C] () -- C:\Windows\scunin.dat
[2009/11/30 16:06:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/30 16:06:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/30 08:18:06 | 000,000,236 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\iPod Access v4 Prefs
[2009/11/30 08:15:48 | 000,000,011 | -H-- | C] () -- C:\Users\Admin\AppData\Roaming\iPodAccess_Time
[2009/11/30 07:57:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/30 07:24:37 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2009/11/29 21:26:08 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\winscp.rnd
[2009/11/29 20:20:10 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/29 19:48:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/11/28 21:15:53 | 000,088,576 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 19:26:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/11/28 19:12:39 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2009/11/28 19:12:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2009/11/28 19:12:37 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2009/11/28 19:07:31 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/11/28 18:24:13 | 000,001,356 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2007/10/30 11:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/04/16 04:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,380,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,668,418 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,130,384 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/30 12:02:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/30 12:04:10 | 000,879,225 | ---- | M] () -- C:\Users\Admin\Desktop\SecurityCheck.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/08/18 10:40:11 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/08/18 10:40:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/08/18 10:39:57 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/08/18 10:39:55 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/08/30 11:49:43 | 000,005,280 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 11:49:43 | 000,005,280 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 22:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\mshtml.tlb
[2006/11/02 03:29:16 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\stdole2.tlb
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >
[2010/01/10 00:45:08 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %PROGRAMFILES%\*. >
[2009/11/28 18:55:20 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2011/06/16 19:38:37 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/12/21 11:19:47 | 000,000,000 | ---D | M] -- C:\Program Files\AhnLab
[2011/04/18 01:04:21 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2011/08/29 15:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\Antbar
[2010/01/15 21:10:19 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft
[2011/07/08 12:03:08 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/08/28 16:18:34 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/08/28 02:14:10 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2010/05/26 22:35:43 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2010/05/26 23:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\AVSMedia
[2010/12/16 00:00:10 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2011/08/06 13:11:03 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/11/11 18:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/08/29 15:20:38 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/11/28 19:11:58 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2011/08/27 12:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\Cyberlink
[2010/01/11 07:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
[2011/01/18 22:46:41 | 000,000,000 | ---D | M] -- C:\Program Files\Daum
[2011/08/20 12:10:52 | 000,000,000 | ---D | M] -- C:\Program Files\Defraggler
[2011/08/27 00:32:09 | 000,000,000 | ---D | M] -- C:\Program Files\Downloaded Installers
[2011/05/26 16:30:01 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2011/05/18 01:16:15 | 000,000,000 | ---D | M] -- C:\Program Files\Free Hide Folder
[2011/07/01 10:28:21 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2011/08/30 12:24:12 | 000,000,000 | ---D | M] -- C:\Program Files\Giraffic
[2009/12/02 06:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\GNU
[2011/05/24 19:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/12/25 19:11:31 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH
[2011/08/27 13:43:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/11/28 19:03:29 | 000,000,000 | ---D | M] -- C:\Program Files\intel
[2011/08/11 10:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/08/24 18:14:59 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/06/25 21:54:56 | 000,000,000 | ---D | M] -- C:\Program Files\iPod Access for Windows
[2009/11/30 07:47:35 | 000,000,000 | ---D | M] -- C:\Program Files\iPod Copier 1.0
[2011/08/24 18:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/01/01 19:11:16 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/02/09 16:20:04 | 000,000,000 | ---D | M] -- C:\Program Files\JetAudio
[2009/11/29 21:49:54 | 000,000,000 | ---D | M] -- C:\Program Files\JoinSaw
[2011/08/28 02:20:01 | 000,000,000 | ---D | M] -- C:\Program Files\Keyword Search
[2011/08/27 13:41:24 | 000,000,000 | ---D | M] -- C:\Program Files\LeagueOfLegends
[2010/11/09 07:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/06/30 10:19:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/16 19:31:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/11/07 20:16:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/28 19:40:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/11/28 19:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/11/09 06:56:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 18:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 11:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/08/18 10:41:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/11/28 19:41:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/11/07 20:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/11/28 19:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\OCA Marker
[2010/10/30 21:08:15 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2011/08/06 13:09:08 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/01/01 01:18:17 | 000,000,000 | ---D | M] -- C:\Program Files\real
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/12/06 02:20:27 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2011/08/28 10:10:54 | 000,000,000 | ---D | M] -- C:\Program Files\SmartPCTools
[2011/07/03 18:15:03 | 000,000,000 | ---D | M] -- C:\Program Files\SocialRibbons LP 1
[2011/02/20 00:37:31 | 000,000,000 | ---D | M] -- C:\Program Files\Solveig Multimedia
[2009/11/28 19:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2011/08/30 12:31:29 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2011/08/11 10:10:43 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2011/08/21 19:49:04 | 000,000,000 | ---D | M] -- C:\Program Files\StartNow Toolbar
[2009/11/28 19:27:11 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2011/08/09 17:38:52 | 000,000,000 | ---D | M] -- C:\Program Files\TeamSpeak 3 Client
[2011/06/06 00:11:45 | 000,000,000 | ---D | M] -- C:\Program Files\The KMPlayer
[2009/11/29 21:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\ToneThis
[2011/08/27 01:45:43 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/04/12 16:13:30 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2011/08/09 17:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2010/03/29 16:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2011/02/10 22:35:53 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2010/01/07 16:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon - AOL Toolbar
[2010/11/22 14:33:06 | 000,000,000 | ---D | M] -- C:\Program Files\VERIZONDM
[2010/01/07 16:24:52 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/11/29 21:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2009/11/28 19:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2009/11/30 17:50:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/11/30 17:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/11/30 17:50:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/11/30 17:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/08/07 18:50:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011/08/11 10:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/14 19:53:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/11/30 17:50:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/12/01 02:58:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/11/30 17:50:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/11/29 21:24:59 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/11/29 21:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP
[2009/11/29 21:30:15 | 000,000,000 | ---D | M] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
[2011/07/03 18:15:23 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo Layers Runtime


< MD5 for: AGP440.SYS >
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 22:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 22:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-29 00:31:50

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/18 10:40:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/20 09:24:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Users\Admin\AppData\Local\amo.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/18 10:40:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/20 09:24:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Users\Admin\AppData\Local\amo.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

========== Files - Unicode (All) ==========
[2010/01/02 15:28:32 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?G) -- C:\Windows\System32\䰀Ğ
[2010/01/02 15:28:32 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?G) -- C:\Windows\System32\䰀Ğ

========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

descriptionWin32/Cryptor Virus- Plz Help Remove EmptyRe: Win32/Cryptor Virus- Plz Help Remove

more_horiz
Here is the Extra:
OTL Extras logfile created on: 8/30/2011 12:05:00 PM - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 39.62% Memory free
6.18 Gb Paging File | 3.67 Gb Available in Paging File | 59.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83.01 Gb Total Space | 25.32 Gb Free Space | 30.51% Space Free | Partition Type: NTFS
Drive D: | 12.60 Gb Total Space | 0.18 Gb Free Space | 1.40% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- Reg Error: Key error. File not found
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- Reg Error: Key error.
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2249123214-3724410968-1299857953-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A3D323-AE69-4DE2-B20F-ACCD952022AA}" = lport=6954 | protocol=6 | dir=in | name=league of legends launcher |
"{0B0713A4-CA87-42F8-AB4B-38DE8B7FA903}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{0B437597-91EF-42A3-BEC6-D43CBA9222E0}" = lport=6894 | protocol=17 | dir=in | name=league of legends launcher |
"{0BBF5271-DA8D-4564-967C-8245F4AFC4AF}" = lport=6982 | protocol=6 | dir=in | name=league of legends launcher |
"{1099C141-8C65-4FCE-AE4F-D063BB1EB89B}" = lport=6112 | protocol=6 | dir=in | name=starcraft |
"{10DA03A8-274C-4DD6-85D0-1CC6766CAAF6}" = lport=6917 | protocol=17 | dir=in | name=league of legends launcher |
"{12412044-A9F3-4037-BC49-677FD3972556}" = lport=6112 | protocol=17 | dir=in | name=starcraft |
"{13483F27-4AAF-4235-A32B-2DE9C19EFBA8}" = lport=6887 | protocol=6 | dir=in | name=league of legends launcher |
"{13E87C8A-F3B4-417E-AA61-9F23EB0873BF}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{159837C9-F3DD-45DC-9483-307B67E4E10D}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{165993D4-4D63-4531-903F-F1E916BB8384}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{173B904F-A81A-4B55-9F42-65C2307AF996}" = lport=6962 | protocol=6 | dir=in | name=league of legends launcher |
"{183FEC8C-88F1-41F7-80E9-C09E0F381913}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher |
"{190093A6-614D-4A09-96B6-2AB1A1118444}" = lport=6979 | protocol=6 | dir=in | name=league of legends launcher |
"{190DB5F1-9AA2-4A88-A516-A71667196A02}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher |
"{1E5ED2CF-72CB-4909-8ADC-A29828AC95A3}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{1E97B74A-B4A6-43ED-9D69-ED6B4500060E}" = lport=6929 | protocol=17 | dir=in | name=league of legends launcher |
"{1F91D7E5-53D4-4362-A312-90E482C2A841}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{21D2777A-40CD-47D6-B46D-8A6D4D8A6427}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher |
"{23146826-E32C-47BF-BEA4-E7B2A44A126A}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher |
"{23A52D61-64B0-4C5F-884C-2F78DCC776F6}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{25E3EE3D-9957-4AA7-812B-4CE3FC2BEB50}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{279260E5-FEF1-4DB7-B866-2CE073445A00}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{29B04333-9197-4E2B-9EDF-6C95AAFB3D8B}" = lport=6945 | protocol=6 | dir=in | name=league of legends launcher |
"{2C52FFEA-719E-45AC-BE84-C88F424D0C64}" = lport=6963 | protocol=17 | dir=in | name=league of legends launcher |
"{2C750EA4-FA4E-41CD-9CAE-96A57512922F}" = lport=445 | protocol=6 | dir=in | app=system |
"{319615F0-7C04-4D39-9D1F-383B0579A388}" = lport=6882 | protocol=17 | dir=in | name=league of legends launcher |
"{31B8E44A-F45C-4B6E-AB3B-E03920840ABE}" = rport=138 | protocol=17 | dir=out | app=system |
"{339128DA-2C68-442F-9B62-4CC245DC5CF2}" = lport=6965 | protocol=17 | dir=in | name=league of legends launcher |
"{33B09F2B-3247-4851-B1C5-8B6677BEF614}" = lport=6960 | protocol=6 | dir=in | name=league of legends launcher |
"{35A8FD7D-C834-49FF-BCD5-75CE6514853E}" = lport=6884 | protocol=17 | dir=in | name=league of legends launcher |
"{37288CCB-70A9-4210-933E-43D867DB5385}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{375745D7-220F-4A3F-905D-7E4440DAC2B7}" = lport=6926 | protocol=6 | dir=in | name=league of legends launcher |
"{39D89762-3F9F-41E2-B3FC-E2FCA2FAA8DF}" = lport=6939 | protocol=6 | dir=in | name=league of legends launcher |
"{3A5215C0-225C-4708-ACFD-B2E81BFB0B32}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher |
"{3A54002D-1F39-474F-91B6-FA7235ED00A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{3AF7E628-326A-4A6F-89FD-CBD0DEFED23A}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher |
"{3BB38632-7C07-4A8D-98E1-36105981F5CB}" = lport=6913 | protocol=6 | dir=in | name=league of legends launcher |
"{404431FF-962B-462F-A7EB-A97A6180F2F1}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher |
"{40A0A23D-C8AC-4BD4-80C5-FC7469509B45}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
"{40A90B69-094D-43F3-8856-C5A00E00515E}" = lport=6924 | protocol=17 | dir=in | name=league of legends launcher |
"{442A4B0D-5A61-415B-B348-90A3F189003F}" = lport=6971 | protocol=6 | dir=in | name=league of legends launcher |
"{455355F8-B43C-4F12-97A6-D656995DA4CB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{46B0C7D6-3C7D-496B-97DF-F54BA880FA09}" = lport=6919 | protocol=17 | dir=in | name=league of legends launcher |
"{470B7EDE-EE29-4E60-A81B-619BA6C63583}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher |
"{49ADEAF0-D126-4A6E-86F8-C76B000FBE03}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{4A3A0410-A36F-46F9-9C96-37E69677DAC5}" = lport=6921 | protocol=6 | dir=in | name=league of legends launcher |
"{4B06C6E8-1CEF-427B-996A-727D93AD3BD1}" = lport=6919 | protocol=6 | dir=in | name=league of legends launcher |
"{4B90E19A-4172-46FD-8508-D4DA4AA5ECE6}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D0FFFC2-802C-406C-8D05-02E948E55FF1}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{4D94FCF6-ECA4-4A4C-A534-BD865B5C6CB2}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{4DCC247D-90E1-470C-AEA0-DC3094059E3C}" = lport=6969 | protocol=17 | dir=in | name=league of legends launcher |
"{4F0179D7-2EAB-4C05-92CB-09EF741E7DFC}" = lport=6969 | protocol=6 | dir=in | name=league of legends launcher |
"{4FC9CF35-609E-40A0-85A1-5B1FA5DFEDA8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{50CBDF4C-CFFF-4066-8F66-5A94509B473D}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{51FB9642-1DA8-47A0-9EF9-71C54685A667}" = lport=6954 | protocol=17 | dir=in | name=league of legends launcher |
"{54EA3E4C-AF1A-4F0A-B059-2FAF09F04B07}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{56D5542D-DBFE-4364-B229-6D6A03A4A756}" = lport=6977 | protocol=6 | dir=in | name=league of legends launcher |
"{56E08EDF-6FAD-40EB-82C4-CA08CF13BE4D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{57236925-6ACB-4AD4-A260-EA5E896F9A0C}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{5A5278EF-D558-4610-B277-1B79E233D2AD}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{5ADE2B52-F095-4A30-8973-AF770706A098}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{5D4D7938-6AF8-49D8-B383-7382BA2FF027}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher |
"{5E0F8E79-6597-4E42-A00B-937A9BD1F81D}" = lport=6973 | protocol=6 | dir=in | name=league of legends launcher |
"{5F1FAD54-88FF-4BD1-A9AD-B798E4728965}" = lport=6894 | protocol=6 | dir=in | name=league of legends launcher |
"{5F5C2F26-4046-4DD2-AB47-13A5CE45CE44}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{69038CCF-006D-44C0-B237-336DD2B582A1}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{69194A7D-6E07-45D4-B74E-AAEEAAEC9160}" = lport=6909 | protocol=17 | dir=in | name=league of legends launcher |
"{699CFBAF-F787-4CA5-818D-212E0FEC9BB4}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |
"{6B46DD77-8662-4EAF-B256-E91C41922D9F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6C17F023-650E-4EBC-96C4-B0C84BC906C4}" = lport=6979 | protocol=17 | dir=in | name=league of legends launcher |
"{6E880397-5FEC-4C74-88A1-D3BA1391A733}" = lport=6973 | protocol=17 | dir=in | name=league of legends launcher |
"{6E9470F1-C8CE-4AC8-B5B6-7018C590BC70}" = lport=138 | protocol=17 | dir=in | app=system |
"{7374D1D9-C807-4ECC-AB06-3847E7B41693}" = lport=6915 | protocol=6 | dir=in | name=league of legends launcher |
"{76989483-6CB1-4877-A5DC-808BA02FE60D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76E9FDB7-6CA9-4DD5-B0CF-59C98B28B7EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{7757FE35-6D4A-4F09-ADCC-9A27BA52EEFD}" = lport=6920 | protocol=17 | dir=in | name=league of legends launcher |
"{794A3C33-A9CD-46C5-9A55-97E6DE532E73}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher |
"{795D5D37-8A20-4DC1-9D9E-B318E7FDFAF9}" = lport=6940 | protocol=6 | dir=in | name=league of legends launcher |
"{7E654170-7387-4BA3-8433-D9D4CC1EFB02}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{813A9B45-D3B1-4A6D-9209-7C11318CA0FC}" = lport=6112 | protocol=17 | dir=in | name=starcraft |
"{81AEA6C0-B5FD-41CF-AEB7-532760B0F165}" = lport=6882 | protocol=6 | dir=in | name=league of legends launcher |
"{84B13428-C3D4-4E25-AC13-38EB091DC467}" = lport=6925 | protocol=6 | dir=in | name=league of legends launcher |
"{88BB4695-5A68-46E1-B73B-8224391DFD0B}" = lport=6915 | protocol=17 | dir=in | name=league of legends launcher |
"{88CAB7E9-7884-4CBC-8228-35A416D5C18E}" = lport=6924 | protocol=6 | dir=in | name=league of legends launcher |
"{8B9EC83C-5769-444B-9490-11A236CBE83F}" = lport=6965 | protocol=6 | dir=in | name=league of legends launcher |
"{8C52F557-3FD4-4059-82F1-7536A5CCF2E7}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{90FC84BB-9604-4FC6-AA58-42459DF24E7A}" = lport=6925 | protocol=17 | dir=in | name=league of legends launcher |
"{939E5701-E8C9-45AE-8100-68522DEE4C05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95BA6732-3EB9-43CD-AD2B-A92F4FFC53FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{97524C56-CFE7-46B8-AB10-E3E23FB9D9D9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{980DE2E7-4E66-4B2A-94C8-2B24FE521710}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher |
"{9BD81228-B8AF-4729-9D94-EC39F9023094}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9DF7D15E-EE1D-4110-B7C2-27F04EC67216}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher |
"{9E0C28F9-3D30-499F-88E7-B2C1F0191F80}" = lport=6940 | protocol=17 | dir=in | name=league of legends launcher |
"{9E601724-B8DE-4200-9545-90AAE42E57FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A024A2A9-4FD7-41B4-BB7F-1C9C1B68214B}" = lport=6939 | protocol=17 | dir=in | name=league of legends launcher |
"{A46800FC-E0BE-4F5D-B871-DA551E1C2347}" = lport=6884 | protocol=6 | dir=in | name=league of legends launcher |
"{A701BE5E-87CA-4036-BCDC-D769816FBACB}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher |
"{A8F32150-09E3-46D8-BA43-79F3579888DA}" = lport=6909 | protocol=6 | dir=in | name=league of legends launcher |
"{A97990D9-53FF-417B-A63E-97211678CC4E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AD4EB7DC-9E0D-4325-9DE9-5A55AB1D1421}" = lport=6952 | protocol=17 | dir=in | name=league of legends launcher |
"{AEAFFBFC-363D-46A0-969A-B74CE8B453F3}" = lport=6988 | protocol=6 | dir=in | name=league of legends launcher |
"{AF4206F9-4544-47B9-B0BB-7790FE40C970}" = lport=6952 | protocol=6 | dir=in | name=league of legends launcher |
"{B23BAECD-5057-4719-8BB1-183C92F69185}" = rport=139 | protocol=6 | dir=out | app=system |
"{B530D81E-D7C9-4D52-994E-05C33084E62A}" = lport=6963 | protocol=6 | dir=in | name=league of legends launcher |
"{B8538551-3AA1-4586-9C35-7EAEB1320A81}" = lport=6917 | protocol=6 | dir=in | name=league of legends launcher |
"{B89ADA89-D1A2-439D-A3C6-A0CC778561C7}" = lport=6889 | protocol=6 | dir=in | name=league of legends launcher |
"{BDBEC5EB-12D7-4B3C-AA0A-57615F40AE38}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher |
"{C232EB13-277F-4E64-B626-B753D100814A}" = lport=6889 | protocol=17 | dir=in | name=league of legends launcher |
"{C2AAA4EF-7AF5-44D4-9A0C-C3E1E18EB183}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{C386B2D5-2FDC-464C-9D9B-A265CB5C2539}" = lport=6962 | protocol=17 | dir=in | name=league of legends launcher |
"{C645F34C-FE6F-4E98-A287-A7F8BEFBB275}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{C90AA3F7-CF70-4F06-A8B4-B1F6BF1448A0}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
"{C90E1B62-6764-476C-ACC3-6ECD65439A3C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{CC60E6A5-737A-4906-8992-72378B712488}" = lport=6929 | protocol=6 | dir=in | name=league of legends launcher |
"{CEF3EE49-D9F1-4584-91BE-FC687498433F}" = lport=6977 | protocol=17 | dir=in | name=league of legends launcher |
"{D112D3C9-288E-420A-8A9F-345AD69C510F}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |
"{D1E551C1-A721-4EC1-AD8A-B8A552BE9C01}" = lport=6982 | protocol=17 | dir=in | name=league of legends launcher |
"{D1EDAD76-FE38-446A-BC62-25559DA8A20D}" = lport=6971 | protocol=17 | dir=in | name=league of legends launcher |
"{D23C8CF6-0E0D-4749-A41A-64577D550DA1}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{D449411C-E9EC-4B46-8117-827A1A749AD2}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher |
"{D45E0D78-74AB-4EC0-8671-F85C8A63413F}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{D503811E-A8E1-4AB9-903B-585CF3ADBDBC}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{D5725A21-5C09-44E4-82FA-DBC721203675}" = lport=6988 | protocol=17 | dir=in | name=league of legends launcher |
"{D5BFE526-02F8-4A57-B0C2-4B6B37496914}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher |
"{D617BB75-A207-4E46-9B16-E42AA65BB87D}" = lport=6950 | protocol=6 | dir=in | name=league of legends launcher |
"{D6912923-1DF6-458C-9A0D-788703D75DA7}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{D8899722-DC18-40CC-9750-8FF7A2488FC1}" = lport=6913 | protocol=17 | dir=in | name=league of legends launcher |
"{DCE1BA94-471A-4DA2-B712-2594A9A33A0E}" = lport=6920 | protocol=6 | dir=in | name=league of legends launcher |
"{DDBB8C43-3DC1-4362-98CF-1FDE043F399E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F041061E-5215-44DC-B6F5-474A3B39B4AC}" = lport=6950 | protocol=17 | dir=in | name=league of legends launcher |
"{F3C31069-07F5-4372-8089-EE0389E9964B}" = lport=139 | protocol=6 | dir=in | app=system |
"{F5815EFE-E650-43AE-9661-2038DADFC880}" = lport=6945 | protocol=17 | dir=in | name=league of legends launcher |
"{F7922FFB-CBC8-474D-ACAD-A2D7B688C550}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{F85C9794-5DB3-4418-A50C-7F6517C89C3C}" = lport=49335 | protocol=6 | dir=in | name=akamai netsession interface |
"{F867D1CC-715E-41F8-8DF7-D5BD70027605}" = lport=6926 | protocol=17 | dir=in | name=league of legends launcher |
"{FB9298C3-5001-466F-8FA3-9A1D8E76A0F7}" = lport=6887 | protocol=17 | dir=in | name=league of legends launcher |
"{FD8D6D24-47FF-493D-9084-B0C0CAA1D93F}" = lport=6921 | protocol=17 | dir=in | name=league of legends launcher |
"{FE7B498F-8E99-4CBD-9887-09897873901B}" = lport=6112 | protocol=6 | dir=in | name=starcraft |
"{FF6C43B0-DE05-4E5F-BED7-F1E6DB06CE42}" = lport=6960 | protocol=17 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03ECA16D-755D-4E9C-9832-9090EF6A7ADD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0C43F356-6C53-42D3-B0DA-287B59BF23B9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{107847FD-907A-4DE0-80C0-AD15D3A1BB9F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{11A645F6-16F6-4FA5-A44D-E1997D572104}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{15007A92-3C24-4E92-81C6-A5C8FC46B61A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29165D34-2BD2-45BE-BBAA-35D96A79FCA1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3092CD86-98D1-4233-8368-EE6CA0BB3748}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{3AD2F8EB-2A45-4961-B768-A49AB6A65927}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3B1BDAD6-EBA2-4832-A3D3-ED8CB66A8887}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{3E0F4B6B-4379-4625-8729-FD86039C3DB9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{42BE5386-FDD7-4223-9888-277DB3D3DBCE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{478BCCF8-FE7E-4E29-ACE0-E11DD4143109}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{488C3249-6CF3-4F75-B34F-A5C9E69D311D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4B42CC87-61D2-4799-90E4-0550499BBA32}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4CC85903-88C0-4BAD-A660-25A4836E50EA}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{533039FE-52B0-4B8F-8853-59451DCA2F72}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{56AD7F71-A53D-4DAE-A197-770223BA557B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{575A2FE7-D75B-4172-9F56-5B2248D776A0}" = protocol=6 | dir=in | app=c:\program files\socialribbons lp 1\troubleshooter.exe |
"{5870BD9C-BF07-44B2-B75B-0D3FDE4B9DB9}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe |
"{5CB28A0F-267F-4C0E-8238-74DBFC373500}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{5DB7E2B1-FBEA-4956-832A-45E082DFF3A7}" = protocol=6 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{6DA9C81F-C01F-4DB4-BBA8-60D91AF59EEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{737221E6-84BA-42A9-AFD1-3D8C549A3DA3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7C0A1EE6-5372-4F01-A657-BC4C00C23B3C}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{7E784AEE-9644-4F1B-88DA-BE8F8A1DC872}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8628E406-BDD7-4E8A-939F-76EDAF978B82}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{88BDD46D-46A4-4B4C-9FBD-5D65EA032BF4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{8B02DB57-3090-47D0-B382-692785A0D670}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8B1D4979-5756-4123-8183-D72AE6000E45}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{944845B5-F603-45FB-9311-A97335DF2BCC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{945F1F97-881E-498C-9657-EDC69FFA4882}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{9723D8EB-F55A-4038-BE41-8F773554ECA9}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{979DF4DF-58D1-4D46-9FF4-644373D6771A}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{9BE02B71-4EA7-4EAD-8B52-727B956E58D1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A2892120-330B-488F-B327-CC701287E30A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A4070725-CE07-4808-8BB5-02148A4F568D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AAF6FFF4-D180-4B51-BABE-C5A2FFC8705A}" = protocol=17 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{B2ABDD43-C8B8-4EBE-B810-3464ECE1D604}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B4F42550-EDF8-4B4F-A0A7-B94118EC95D4}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{BE34851B-CFC5-4DE8-9D5E-08DA11EF2C64}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{BE5B3715-C928-48EC-B8CE-B22C086D124C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{C2DA1FA0-A126-41B3-B593-777B34DD04F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C350AD24-59C6-4F46-90AB-BB18453273EE}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{C6EEE6A8-78C6-44A0-86FA-77D094F9A501}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CFFFFECB-85EE-4D02-BE1D-97D53EA659BA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D1055954-8A9E-490D-BC02-D56ADCE75698}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{D61E30C9-1A22-44F9-AF5A-521FDBF182C8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DB90B36E-1BC6-4F8D-998B-3E05652A1FE7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{E0D31C3B-985A-4C80-97D8-C355E83175CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E0F62584-5F8C-4B2D-A817-F2C19B2B4249}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe |
"{E5956A52-2F57-4A1F-A750-40F0D05943B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E7A3E060-F639-4D6A-95FE-C338DE43BF47}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{EE37BF2A-E961-4043-B1C8-D070172EBC24}" = protocol=17 | dir=in | app=c:\program files\socialribbons lp 1\troubleshooter.exe |
"{F1A90838-F1D7-4904-94B8-8513442E0C8B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{FADFB46C-298C-4081-8E14-1FD635714E89}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{FB915FAF-237F-42AE-AD1A-18C11A4AB4F8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{FD4F45A6-D41B-4767-B0C4-6D0602E365E8}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{FE14BABD-B1B1-4FD4-80A2-51D00DD8205E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FF5EFFFB-5F7C-4EB9-8D44-75444652CC58}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{0D83FA58-36B4-45B5-AA7F-C8CA485FD7A1}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{1416E23D-9E10-4C07-8EA4-6D4EFA9B3F57}I:\techwizard.exe" = protocol=6 | dir=in | app=i:\techwizard.exe |
"TCP Query User{8460E902-AEBD-4A36-AEC5-F4431D7B9549}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{AE553DD2-4BEE-48DD-85F4-D364E1120831}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{F7AF3BB6-586F-4F88-AAA2-F7F8E9B23B0D}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{41C33E99-5FA7-4260-80A2-D034DF4F8884}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{67C8C370-6DCB-4CB3-BB75-ECA5121E71FB}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{71950748-4285-4CC2-9457-956C98A52C84}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{9D513242-3561-4D05-9921-68E8C74B64C8}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{B75D48F9-4303-488E-9354-4B589B4BF954}I:\techwizard.exe" = protocol=17 | dir=in | app=i:\techwizard.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = AcronisĀ TrueĀ ImageĀ Home
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0B406B-DF08-49EF-8702-FA45752C135F}" = Verizon Download Manager
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skypeā„¢ 5.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.1
"AVG" = AVG 2011
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 3.1_is1" = AVS Video Editor 3.1.1.93
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.165
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"DemoApp" = Fast File Saw & Joiner V3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Hide Folder" = Free Hide Folder
"Free Video Dub_is1" = Free Video Dub version 1.8.11.426
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8
"Giraffic" = Giraffic Video Accelerator
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"iPod Access for Windows_is1" = iPod Access for Windows v4.4.1
"Keyword Search" = Keyword Search
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44
"RealPlayer 12.0" = RealPlayer
"Registry Repair Wizard_is1" = Registry Repair Wizard
"Revo Uninstaller" = Revo Uninstaller 1.92
"SocialRibbons LP 1" = SocialRibbons LP 1
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 7.0
"Starcraft" = Starcraft
"StartNow Toolbar" = StartNow Toolbar 2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB00982.TBSB00982Toolbar" = Ant.com Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The KMPlayer" = The KMPlayer (remove only)
"ToneThis" = ToneThis
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = ĀµTorrent
"Veoh Web Player Beta" = Veoh Web Player
"Verizon - AOL Toolbar" = Verizon - AOL Toolbar
"Verizon Help and Support" = Verizon Help and Support Tool
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.9
"Wisdom-soft ScreenHunter 5.1 Free" = Wisdom-soft ScreenHunter 5.1 Free

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2011 1:07:27 AM | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/30/2011 9:54:45 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2011 10:12:31 AM | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc000071b, fault offset 0x00088d15, process id 0x5dc, application
start time 0x01cc671c0135d2df.

Error - 8/30/2011 10:25:11 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2011 10:25:11 AM | Computer Name = Admin-PC | Source = EventSystem | ID = 4609
Description =

Error - 8/30/2011 10:55:22 AM | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description =

Error - 8/30/2011 11:50:50 AM | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/30/2011 11:52:04 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2011 12:14:48 PM | Computer Name = Admin-PC | Source = SPP | ID = 16387
Description =

Error - 8/30/2011 12:14:48 PM | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 11/29/2009 9:02:11 PM | Computer Name = Admin-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 8/30/2011 10:28:46 AM | Computer Name = Admin-PC | Source = DCOM | ID = 10005
Description =

Error - 8/30/2011 11:49:38 AM | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:08:26 AM on 8/30/2011 was unexpected.

Error - 8/30/2011 11:52:06 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/30/2011 11:52:06 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/30/2011 11:52:06 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/30/2011 11:52:06 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/30/2011 11:52:06 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/30/2011 11:52:42 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 8/30/2011 11:53:12 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 8/30/2011 11:53:12 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

descriptionWin32/Cryptor Virus- Plz Help Remove EmptyRe: Win32/Cryptor Virus- Plz Help Remove

more_horiz
Here is the aswMBR AND the Security Check checkup.txt
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-08-30 12:52:20
-----------------------------
12:52:20.820 OS Version: Windows 6.0.6002 Service Pack 2
12:52:20.820 Number of processors: 2 586 0x1706
12:52:20.821 ComputerName: ADMIN-PC UserName: Admin
12:52:44.412 Initialize success
12:54:53.855 AVAST engine defs: 11083001
12:56:36.168 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:56:36.171 Disk 0 Vendor: TOSHIBA_MK1246GSX LB213M Size: 114473MB BusType: 3
12:56:36.174 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000075
12:56:36.177 Disk 1 Vendor: ( Size: 114473MB BusType: 0
12:56:36.181 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000076
12:56:36.184 Disk 2 Vendor: ( Size: 114473MB BusType: 0
12:56:36.188 Disk 0 MBR read error 0
12:56:36.191 Disk 0 MBR scan
12:56:36.297 Disk 0 unknown MBR code
12:56:36.301 MBR BIOS signature not found 0
12:56:36.306 Disk 0 scanning sectors +234436545
12:56:36.441 Disk 0 scanning C:\Windows\system32\drivers
12:57:09.237 Service scanning
12:57:12.640 Service .avgldx86 \* **LOCKED** 123
12:57:13.117 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
12:57:13.770 Modules scanning
12:57:26.300 Disk 0 trace - called modules:
12:57:26.307 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll >>UNKNOWN [0x86c794c0]<<
12:57:26.314 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86752820]
12:57:26.323 3 CLASSPNP.SYS[8ab688b3] -> nt!IofCallDriver -> [0x8664f3b8]
12:57:26.329 5 PCTCore.sys[8273deae] -> nt!IofCallDriver -> [0x84d914f8]
12:57:26.334 7 acpi.sys[805c16bc] -> nt!IofCallDriver -> [0x84d916c0]
12:57:26.339 \Driver\atapi[0x86b59030] -> IRP_MJ_CREATE -> 0x86c794c0
12:57:29.242 AVAST engine scan C:\Windows
12:57:35.076 AVAST engine scan C:\Windows\system32
13:02:13.151 AVAST engine scan C:\Windows\system32\drivers
13:02:35.563 AVAST engine scan C:\Users\Admin
13:06:36.427 AVAST engine scan C:\ProgramData
13:16:05.032 Scan finished successfully
13:18:30.732 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
13:18:30.744 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

____________________________________________________________
Results of screen317's Security Check version 0.99.18
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 2011
AVG PC Tuneup 2011
AVG 2011
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Spyware Doctor 7.0
AVG PC Tuneup 2011
CCleaner
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
ThreatFire TFService.exe
``````````End of Log````````````

descriptionWin32/Cryptor Virus- Plz Help Remove EmptyRe: Win32/Cryptor Virus- Plz Help Remove

more_horiz
bump

descriptionWin32/Cryptor Virus- Plz Help Remove EmptyRe: Win32/Cryptor Virus- Plz Help Remove

more_horiz
Hi there jungwpark!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst IĀ“m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. IĀ“m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesnĀ“t mean it is clean yet!

====================

Before doing anything, you really need to uninstall some of your security software. All that stuff just gets into its way. Running two antivirus is a particularly bad idea. Your computer will slow down a lot and be instable because of it. I suggest you uninstall everything except for Avira.

====================

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:

:files
C:\Users\Admin\AppData\Local\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
C:\ProgramData\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
C:\Users\Admin\AppData\Local\15ho16v480qtjopuusb031qp2362v1q
C:\ProgramData\15ho16v480qtjopuusb031qp2362v1q
C:\Users\Admin\AppData\Local\734ic5kl480kc2nvg31
C:\ProgramData\734ic5kl480kc2nvg31
C:\Users\Admin\AppData\Local\wggl.exe
C:\ProgramData\rgdu.exe
C:\Users\Admin\AppData\Local\qerj.exe
C:\ProgramData\qdrn.exe
C:\Users\Admin\AppData\Local\klfm.exe
C:\ProgramData\jatr.exe
C:\Users\Admin\AppData\Local\fsfb.exe
C:\ProgramData\adeb.exe
C:\Users\Admin\AppData\Local\ytig.exe
C:\ProgramData\yfje.exe
C:\Users\Admin\AppData\Local\ujjt.exe
C:\Users\Admin\AppData\Local\runx.exe
C:\ProgramData\pbex.exe
C:\Users\Admin\AppData\Local\nsmp.exe
C:\ProgramData\epjr.exe
C:\ProgramData\bndp.exe
C:\Users\Admin\AppData\Local\brv.exe
C:\Users\Admin\AppData\Local\amo.exe

:otl

:commands
[reboot]

  • Then click the Run Fix button at the top (Not the Run Scan!).
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)


====================

You have a bunch of toolbars installed, some of them are not recommended (adware). I would uninstall all of them except for the ones you really like and use.

====================

Please download Malwarebytes' Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  • Click OK to either and let MBAM proceed with the disinfection process.
  • If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

descriptionWin32/Cryptor Virus- Plz Help Remove EmptyRe: Win32/Cryptor Virus- Plz Help Remove

more_horiz
Thank you for your response. Honestly, I wuz getting worried as to whether someone will actually take up this task of helping me xD.
So, I have uninstalled AVG 2011, and Spyware Doctor (the other 2 anti virus programs other than avira, respectively) and have run the OTL "run fix" and the MBAM. I will post the results here:

OTL Run Fix Results:
========== FILES ==========
C:\Users\Admin\AppData\Local\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la moved successfully.
C:\ProgramData\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la moved successfully.
C:\Users\Admin\AppData\Local\15ho16v480qtjopuusb031qp2362v1q moved successfully.
C:\ProgramData\15ho16v480qtjopuusb031qp2362v1q moved successfully.
C:\Users\Admin\AppData\Local\734ic5kl480kc2nvg31 moved successfully.
C:\ProgramData\734ic5kl480kc2nvg31 moved successfully.
C:\Users\Admin\AppData\Local\wggl.exe moved successfully.
C:\ProgramData\rgdu.exe moved successfully.
C:\Users\Admin\AppData\Local\qerj.exe moved successfully.
C:\ProgramData\qdrn.exe moved successfully.
C:\Users\Admin\AppData\Local\klfm.exe moved successfully.
C:\ProgramData\jatr.exe moved successfully.
C:\Users\Admin\AppData\Local\fsfb.exe moved successfully.
C:\ProgramData\adeb.exe moved successfully.
C:\Users\Admin\AppData\Local\ytig.exe moved successfully.
C:\ProgramData\yfje.exe moved successfully.
C:\Users\Admin\AppData\Local\ujjt.exe moved successfully.
C:\Users\Admin\AppData\Local\runx.exe moved successfully.
C:\ProgramData\pbex.exe moved successfully.
C:\Users\Admin\AppData\Local\nsmp.exe moved successfully.
C:\ProgramData\epjr.exe moved successfully.
C:\ProgramData\bndp.exe moved successfully.
File\Folder C:\Users\Admin\AppData\Local\brv.exe not found.
File\Folder C:\Users\Admin\AppData\Local\amo.exe not found.
========== OTL ==========
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.6 log created on 09042011_013459
___________________________________________________________

MBAM Log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7647

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/4/2011 2:22:12 AM
mbam-log-2011-09-04 (02-22-05).txt

Scan type: Quick scan
Objects scanned: 175324
Time elapsed: 7 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{610EBFCC-8014-4224-8789-FA7E8E705569} (Adware.Torangz) -> No action taken.
HKEY_CLASSES_ROOT\torangcomz.TorangBand (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\torangcomz.TorangBand.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\torangcomz.torangcomz (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\torangcomz.torangcomz.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\torangcomz.DLL (Adware.Torangz) -> No action taken.
HKEY_CURRENT_USER\Software\Keyword Search (Adware.Agent) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Admin\AppData\Local\amo.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Once again, thank you for your help and I eagerly wait for your response.
~jungwpark

descriptionWin32/Cryptor Virus- Plz Help Remove EmptyRe: Win32/Cryptor Virus- Plz Help Remove

more_horiz
OK, we cleaned up some stuff.
Malwarebytes found some things - you should allow malwarebytes to clean that up too.

  • Please run Malwarebytes' Anti-Malware
  • Click the Update tab and click Check for Updates.
  • After that, click the Scanner tab, select Perform Quick Scan and click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Post the contents of the MBAM log in your next reply, please.

descriptionWin32/Cryptor Virus- Plz Help Remove EmptyRe: Win32/Cryptor Virus- Plz Help Remove

more_horiz
Thank you for your fast response; it always feels good when others aid people in need of help with fervor ^-^.
So, I have run the MBAM and it found 2 more infections, which MBAM repaired. Here is the log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7649

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/4/2011 10:08:15 AM
mbam-log-2011-09-04 (10-08-15).txt

Scan type: Quick scan
Objects scanned: 175472
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Admin\AppData\Local\Temp\ms1cfg32.exe (Rootkit.0Access.XGen) -> Quarantined and deleted successfully.

Yours truly,
jungwpark

descriptionWin32/Cryptor Virus- Plz Help Remove EmptyRe: Win32/Cryptor Virus- Plz Help Remove

more_horiz
You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.
  • Go to Start > Control Panel
  • Double-click on Add or Remove Programs
  • Look for entries that say Java, Java RunTime Environment or J2SE.
  • Uninstall all of them that are not named Java (TM) 6 Update 27

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 27).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

You have UAC disabled. From security point of view, this is not recommended.

How is your computer running now?

descriptionWin32/Cryptor Virus- Plz Help Remove EmptyRe: Win32/Cryptor Virus- Plz Help Remove

more_horiz
Sorry for the very late reply. I was very busy with work and had no time to even check the computer at nights after work. Thank you for your dedication to helping me & my dilemma. The virus seems to be cleared now and the computer is running like it did before the virus hit. Your expertise in this field is envious from my point of view, and hope that u help others just as dedicated and sincere. Tyvm gabethebabe.

descriptionWin32/Cryptor Virus- Plz Help Remove EmptyRe: Win32/Cryptor Virus- Plz Help Remove

more_horiz
Time to uninstall used tools.

  • Double click OTL.exe to run it again and click the CleanUp button.
  • If we used any other tools and they still remain on your desktop, please delete them manually.

====================

Allright! Here follows my ALORTKYCC (Awesome List Of Recommendations To Keep Your Computer Clean):

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit http://windowsupdate.microsoft.com. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account, not an administrator account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware canĀ“t touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:
  • Panda Cloud Antivirus. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  • Ad-Aware Free Internet Security has received great reviews from leading security analysts.
  • Avast! is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:
  • Comodo Firewall. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  • Online Armor. A very smart and user friendly firewall.
  • Outpost Firewall is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:
  • Stay away from cracks and keygens (look here for the why). Get free software instead. Gizmo is an excellent source of freeware reviews.
  • Navigate safely. Google Chrome is the safest browser available. However, Mozilla Firefox can be made extremely safe with the NoScript addon. Internet Explorer (always use the last version) can be made a lot safer with Spywareblaster (manual here).
  • The WOT (Webs Of Trust) addon will help you to stay on reliable webpages.
  • WinPatrol alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  • Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? Help us back!

descriptionWin32/Cryptor Virus- Plz Help Remove EmptyRe: Win32/Cryptor Virus- Plz Help Remove

more_horiz
Thank you once again gabethebabe for your help. But I think I need help with one more issue. After the virus has been wiped, it seems that I cannot access some websites and get the message "unable to connect". Would you know how to fix this issue?

descriptionWin32/Cryptor Virus- Plz Help Remove EmptyRe: Win32/Cryptor Virus- Plz Help Remove

more_horiz
Does the following help:

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab -> Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

descriptionWin32/Cryptor Virus- Plz Help Remove EmptyRe: Win32/Cryptor Virus- Plz Help Remove

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum