***Unable to remove AVG / Interfering with Combofix

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

***Unable to remove AVG / Interfering with Combofix6th December 2010, 12:56 pm

Hello,

I woke up this morning to find that I had malware on my computer and used my previous posts to go through the necessary steps. Except I was not able to run Combo Fix on my computer, because AVG was on it. I tried to uninstall AVG unsuccessfully and got this error...

Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005

Re: ***Unable to remove AVG / Interfering with Combofix6th December 2010, 8:55 pm

Hello.

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

Re: ***Unable to remove AVG / Interfering with Combofix7th December 2010, 2:47 am

Okay thanks, here's the OTL Log...

OTL logfile created on: 12/6/2010 9:28:06 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Ann\Desktop\Anti-Virus Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 5000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 9.76 Gb Free Space | 5.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANN-A26CF12946F
Current User Name: Ann
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/18 02:32:15 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/06/29 06:40:17 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/18 22:16:57 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/06/15 21:11:24 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ann\Desktop\Anti-Virus Programs\OTL.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/29 07:29:04 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/18 07:34:57 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/18 07:34:52 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/18 07:34:45 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/01/12 19:20:14 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/21 17:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/06/15 21:11:24 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ann\Desktop\Anti-Virus Programs\OTL.exe
MOD - [2008/04/14 07:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WmiApSrv)
SRV - [2010/06/29 06:40:17 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/18 07:34:52 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/18 07:34:45 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/01/12 19:20:14 | 001,245,064 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/05 11:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/02/21 17:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/22 03:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV - [2010/06/05 06:46:17 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/11 15:53:40 | 000,016,512 | ---- | M] (SHAPE Services GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mobiolavs.sys -- (mobiolavs)
DRV - [2009/09/08 20:06:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/08 20:06:37 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/18 07:34:57 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/18 07:34:57 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/16 09:01:28 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/02/25 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/25 04:00:00 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/02/19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 11:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 11:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/02/19 04:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090412.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/02/19 04:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090412.020\NAVENG.SYS -- (NAVENG)
DRV - [2009/02/09 17:59:18 | 000,251,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090406.001\SymIDSco.sys -- (SYMIDSCO)
DRV - [2009/01/16 05:30:47 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/12/02 06:05:34 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/10/29 20:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/09/05 14:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/06/19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/04/13 17:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/01/31 20:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/01/31 20:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/01/31 20:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/08/08 19:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/23 14:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/29 15:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/13 21:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001/01/18 21:22:12 | 000,006,852 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Vcs.sys -- (Vcs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/04 20:21:23 | 000,000,000 | ---D | M]

[2010/07/23 12:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Mozilla\Extensions
[2010/07/23 12:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\k5ai1jrq.default\extensions
[2010/07/23 12:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\k5ai1jrq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/23 12:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\k5ai1jrq.default\extensions\staged-xpis
[2010/08/11 21:01:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/15 05:32:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Ann\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Ann\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O4 - Startup: C:\Documents and Settings\Ann\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230603683843 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Ann\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ann\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/29 21:05:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 07:46:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/12/06 07:06:39 | 000,181,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Ann\Desktop\TDSSKiller.exe
[2010/12/05 20:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Desktop\More Xmas!
[2010/12/05 19:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Desktop\Rankin Bass Movies - Need music extracted
[2010/12/04 12:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Application Data\PriceGong
[2010/12/02 14:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Application Data\CEZEO software
[2010/12/02 14:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\CEZEO software
[2010/12/02 13:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Local Settings\Application Data\Kjs.AppLife.Update
[2010/12/02 13:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Local Settings\Application Data\MariusSoft
[2010/12/02 13:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\MariusSoft
[2010/12/02 13:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Desktop\Misc
[2010/11/20 06:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Desktop\New Folder
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/06 21:18:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-515967899-1801674531-1003UA.job
[2010/12/06 20:40:30 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\npawusw.sys
[2010/12/06 20:37:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/06 08:33:59 | 000,014,517 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Sales & Sales Management Job Fair.docx
[2010/12/06 08:18:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-515967899-1801674531-1003Core.job
[2010/12/06 07:45:57 | 068,569,954 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/06 07:41:45 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/06 07:41:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/12/06 07:41:40 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/06 07:41:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/06 07:40:21 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\Ann\NTUSER.DAT
[2010/12/06 07:40:21 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ann\ntuser.ini
[2010/12/06 07:40:17 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\Ann\Local Settings\Application Data\IconCache.db
[2010/12/06 07:14:44 | 003,985,074 | R--- | M] () -- C:\Documents and Settings\Ann\Desktop\ComboFix.exe
[2010/12/06 07:02:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/04 08:21:31 | 000,282,644 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\yamato.jpeg
[2010/12/04 08:19:39 | 000,926,638 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Screen-shot-2010-11-02-at-1_17_55-AM.png
[2010/12/04 08:19:22 | 000,164,768 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\1.jpg
[2010/12/04 08:17:41 | 000,021,932 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\SBYamato_Live_Action_Design.jpg
[2010/12/04 08:01:41 | 000,502,803 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\magilla_gorilla_wallpaper_1024.jpg
[2010/12/03 12:08:19 | 000,013,427 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Bronze Lady.PNG
[2010/12/03 09:36:07 | 011,923,854 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Allied Barton - HR Affidavitt.bmp
[2010/12/03 08:07:31 | 000,019,621 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Joker - Earth 3 with flower final.PNG
[2010/12/03 07:56:12 | 000,019,628 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Joker - Earth 3.PNG
[2010/12/03 07:52:38 | 000,018,154 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Joker - Earth 3 without jacket.PNG
[2010/12/03 07:46:27 | 000,026,599 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Aquaman - Torpedo.PNG
[2010/12/03 06:38:30 | 000,018,009 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Fontaine Updated Resume 2010.doc.docx
[2010/12/02 14:14:51 | 000,012,422 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Wells Fargo Retirement Solutions Letter.docx
[2010/12/02 14:09:25 | 000,011,628 | ---- | M] () -- C:\Documents and Settings\Ann\My Documents\Letter to Mike Qwest.docx
[2010/12/02 08:34:11 | 000,725,204 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Black Orchid Tattoo.PNG
[2010/12/02 08:27:06 | 000,017,652 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Black Orchid-2.PNG
[2010/12/02 08:21:52 | 000,013,834 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Black Orchid.PNG
[2010/12/02 08:11:43 | 000,023,743 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Lunatic.PNG
[2010/12/02 08:03:56 | 000,026,529 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Pascal - Final.PNG
[2010/12/02 08:03:30 | 000,026,656 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Pascal.PNG
[2010/12/01 15:14:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/01 14:22:33 | 001,814,270 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Mike ID.PNG
[2010/12/01 11:41:41 | 000,017,957 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Fontaine Resume 2010.docx
[2010/11/30 15:41:08 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/30 15:41:08 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/30 15:41:07 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/11/30 14:31:09 | 000,071,658 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Shingles Shots.jpg
[2010/11/30 13:57:46 | 004,639,325 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Allied Barton - Drug Testing receipt from Quest Diagnostics.PNG
[2010/11/30 06:50:34 | 000,016,562 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Level 3 - Contract Project Manager Description.docx
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/28 21:43:26 | 000,027,658 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Blockbuster II.PNG
[2010/11/28 21:32:10 | 000,025,609 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Crossbow.PNG
[2010/11/28 21:16:59 | 000,028,873 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Living Laser.PNG
[2010/11/28 16:53:54 | 000,059,123 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Doctor Menace the return-2.PNG
[2010/11/28 16:50:26 | 000,057,457 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Doctor Menace the return-1.PNG
[2010/11/27 09:52:41 | 000,025,808 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Knight Raven - Possessed!.PNG
[2010/11/27 07:56:49 | 000,016,634 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Fontaine Resume 2010.doc.docx
[2010/11/27 05:20:20 | 000,064,665 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Haunted House with Poem.PNG
[2010/11/26 15:48:52 | 004,415,782 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Qwest 401K.PNG
[2010/11/26 15:46:11 | 003,948,174 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Level 3 401K.PNG
[2010/11/24 21:16:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/21 16:09:32 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\FrostWire 4.21.1.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\biwinemo
[2010/12/06 20:40:30 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\npawusw.sys
[2010/12/06 08:33:59 | 000,014,517 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Sales & Sales Management Job Fair.docx
[2010/12/04 08:21:34 | 000,282,644 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\yamato.jpeg
[2010/12/04 08:19:45 | 000,926,638 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Screen-shot-2010-11-02-at-1_17_55-AM.png
[2010/12/04 08:19:28 | 000,164,768 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\1.jpg
[2010/12/04 08:17:44 | 000,021,932 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\SBYamato_Live_Action_Design.jpg
[2010/12/04 08:01:43 | 000,502,803 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\magilla_gorilla_wallpaper_1024.jpg
[2010/12/03 12:08:19 | 000,013,427 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Bronze Lady.PNG
[2010/12/03 09:36:05 | 011,923,854 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Allied Barton - HR Affidavitt.bmp
[2010/12/03 08:07:31 | 000,019,621 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Joker - Earth 3 with flower final.PNG
[2010/12/03 07:52:38 | 000,018,154 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Joker - Earth 3 without jacket.PNG
[2010/12/03 07:52:09 | 000,019,628 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Joker - Earth 3.PNG
[2010/12/03 07:46:27 | 000,026,599 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Aquaman - Torpedo.PNG
[2010/12/03 06:38:31 | 000,018,009 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Fontaine Updated Resume 2010.doc.docx
[2010/12/02 14:11:26 | 000,012,422 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Wells Fargo Retirement Solutions Letter.docx
[2010/12/02 14:09:24 | 000,011,628 | ---- | C] () -- C:\Documents and Settings\Ann\My Documents\Letter to Mike Qwest.docx
[2010/12/02 08:34:11 | 000,725,204 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Black Orchid Tattoo.PNG
[2010/12/02 08:27:06 | 000,017,652 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Black Orchid-2.PNG
[2010/12/02 08:21:52 | 000,013,834 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Black Orchid.PNG
[2010/12/02 08:11:43 | 000,023,743 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Lunatic.PNG
[2010/12/02 08:03:56 | 000,026,529 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Pascal - Final.PNG
[2010/12/02 08:03:30 | 000,026,656 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Pascal.PNG
[2010/12/01 14:22:32 | 001,814,270 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Mike ID.PNG
[2010/11/30 14:31:24 | 000,071,658 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Shingles Shots.jpg
[2010/11/30 13:57:45 | 004,639,325 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Allied Barton - Drug Testing receipt from Quest Diagnostics.PNG
[2010/11/30 06:50:33 | 000,016,562 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Level 3 - Contract Project Manager Description.docx
[2010/11/29 08:39:51 | 000,017,957 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Fontaine Resume 2010.docx
[2010/11/28 21:43:26 | 000,027,658 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Blockbuster II.PNG
[2010/11/28 21:32:09 | 000,025,609 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Crossbow.PNG
[2010/11/28 21:16:59 | 000,028,873 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Living Laser.PNG
[2010/11/28 16:53:17 | 000,059,123 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Doctor Menace the return-2.PNG
[2010/11/28 16:50:26 | 000,057,457 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Doctor Menace the return-1.PNG
[2010/11/27 09:52:41 | 000,025,808 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Knight Raven - Possessed!.PNG
[2010/11/27 07:56:50 | 000,016,634 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Fontaine Resume 2010.doc.docx
[2010/11/27 05:20:20 | 000,064,665 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Haunted House with Poem.PNG
[2010/11/26 15:48:51 | 004,415,782 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Qwest 401K.PNG
[2010/11/26 15:46:10 | 003,948,174 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\Level 3 401K.PNG
[2010/11/24 21:16:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/21 16:09:31 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Ann\Desktop\FrostWire 4.21.1.lnk
[2010/07/18 13:44:35 | 000,075,776 | RHS- | C] () -- C:\WINDOWS\System32\ipxroutes.dll
[2010/07/03 21:55:44 | 000,006,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vcs.sys
[2010/03/14 10:26:22 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/22 20:33:47 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/03/22 20:33:35 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/03/22 20:29:56 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2009/03/22 18:38:16 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/03/22 18:37:26 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2009/03/22 18:22:32 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/03/14 08:08:17 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/03/14 08:08:15 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/03/04 16:31:38 | 000,508,200 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008/12/30 21:37:54 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/29 22:02:42 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C918AC7F
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Re: ***Unable to remove AVG / Interfering with Combofix7th December 2010, 2:47 am

and here is the Extras log...

OTL Extras logfile created on: 12/6/2010 9:28:06 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Ann\Desktop\Anti-Virus Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 5000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 9.76 Gb Free Space | 5.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANN-A26CF12946F
Current User Name: Ann
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE" = C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE:*:Enabled:ccSvcHst -- (Symantec Corporation)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{083A7AA2-8871-42B0-8513-7428F44DFC38}" = MariusSoft Disk Scrubber
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15
"{28A5BF3F-3EE3-4724-8AF5-4D008F7624A3}" = PC SpeedScan Pro
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{49501340-21F1-4EA3-82DF-E2D7F1B66472}" = Vz In Home Agent
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{80F24F31-F641-4349-83F3-59E335976D16}" = PC SpeedScan Pro
"{82C96A65-AF5E-438B-900F-259869219BA0}" = ATI Catalyst Control Center
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8EBE1DB0-8687-43A7-8781-6445E62CAFA5}" = Nitro PDF Professional
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1BD3F4E-60CD-4EAF-A82A-74041FFABF87}" = SymNet
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.5
"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BitZipper_is1" = BitZipper 2010
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Chuzzle Deluxe" = Chuzzle Deluxe (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DiskRedactor_is1" = DiskRedactor
"DVD Audio Extractor_is1" = DVD Audio Extractor 4.5.0
"Elf Bowling Collection" = Elf Bowling Collection
"FrostWire" = FrostWire 4.21.1
"GoldWave v5.23" = GoldWave v5.23
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"I was an Atomic Mutant" = I was an Atomic Mutant
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobiola Web Camera for BlackBerry_is1" = Mobiola Web Camera for BlackBerry 3.2.7.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RAR Password Recovery" = RAR Password Recovery 5.0
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.303
"Signature Creator_is1" = Signature Creator 1.12
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"Verizon Help and Support" = Verizon Help and Support Tool
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/5/2010 3:58:39 PM | Computer Name = ANN-A26CF12946F | Source = Application Hang | ID = 1002
Description = Hanging application pevxgcqaffm.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/6/2010 7:58:18 AM | Computer Name = ANN-A26CF12946F | Source = Application Error | ID = 1000
Description = Faulting application nitropdfprintermonitor.exe, version 5.5.1.3,
faulting module msvcr80.dll, version 8.0.50727.4053, fault address 0x000046b4.

Error - 12/6/2010 7:59:41 AM | Computer Name = ANN-A26CF12946F | Source = MsiInstaller | ID = 11706
Description = Product: ccCommon -- Error 1706. No valid source could be found for
product ccCommon. Windows Installer cannot continue.

Error - 12/6/2010 7:59:59 AM | Computer Name = ANN-A26CF12946F | Source = MsiInstaller | ID = 11706
Description = Product: ccCommon -- Error 1706. No valid source could be found for
product ccCommon. Windows Installer cannot continue.

Error - 12/6/2010 8:00:02 AM | Computer Name = ANN-A26CF12946F | Source = MsiInstaller | ID = 11719
Description = Product: ccCommon -- Error 1719. The Windows Installer Service could
not be accessed. This can occur if you are running Windows in safe mode, or if
the Windows Installer is not correctly installed. Contact your support personnel
for assistance.

Error - 12/6/2010 8:41:58 AM | Computer Name = ANN-A26CF12946F | Source = Application Error | ID = 1000
Description = Faulting application nitropdfprintermonitor.exe, version 5.5.1.3,
faulting module msvcr80.dll, version 8.0.50727.4053, fault address 0x000046b4.

Error - 12/6/2010 8:42:55 AM | Computer Name = ANN-A26CF12946F | Source = MsiInstaller | ID = 11706
Description = Product: ccCommon -- Error 1706. No valid source could be found for
product ccCommon. Windows Installer cannot continue.

Error - 12/6/2010 8:43:30 AM | Computer Name = ANN-A26CF12946F | Source = MsiInstaller | ID = 11706
Description = Product: ccCommon -- Error 1706. No valid source could be found for
product ccCommon. Windows Installer cannot continue.

Error - 12/6/2010 8:44:11 AM | Computer Name = ANN-A26CF12946F | Source = MsiInstaller | ID = 11706
Description = Product: ccCommon -- Error 1706. No valid source could be found for
product ccCommon. Windows Installer cannot continue.

Error - 12/6/2010 10:31:43 AM | Computer Name = ANN-A26CF12946F | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 12/5/2010 3:58:39 PM | Computer Name = ANN-A26CF12946F | Source = Application Hang | ID = 1002
Description = Hanging application pevxgcqaffm.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/6/2010 7:58:18 AM | Computer Name = ANN-A26CF12946F | Source = Application Error | ID = 1000
Description = Faulting application nitropdfprintermonitor.exe, version 5.5.1.3,
faulting module msvcr80.dll, version 8.0.50727.4053, fault address 0x000046b4.

Error - 12/6/2010 7:59:41 AM | Computer Name = ANN-A26CF12946F | Source = MsiInstaller | ID = 11706
Description = Product: ccCommon -- Error 1706. No valid source could be found for
product ccCommon. Windows Installer cannot continue.

Error - 12/6/2010 7:59:59 AM | Computer Name = ANN-A26CF12946F | Source = MsiInstaller | ID = 11706
Description = Product: ccCommon -- Error 1706. No valid source could be found for
product ccCommon. Windows Installer cannot continue.

Error - 12/6/2010 8:00:02 AM | Computer Name = ANN-A26CF12946F | Source = MsiInstaller | ID = 11719
Description = Product: ccCommon -- Error 1719. The Windows Installer Service could
not be accessed. This can occur if you are running Windows in safe mode, or if
the Windows Installer is not correctly installed. Contact your support personnel
for assistance.

Error - 12/6/2010 8:41:58 AM | Computer Name = ANN-A26CF12946F | Source = Application Error | ID = 1000
Description = Faulting application nitropdfprintermonitor.exe, version 5.5.1.3,
faulting module msvcr80.dll, version 8.0.50727.4053, fault address 0x000046b4.

Error - 12/6/2010 8:42:55 AM | Computer Name = ANN-A26CF12946F | Source = MsiInstaller | ID = 11706
Description = Product: ccCommon -- Error 1706. No valid source could be found for
product ccCommon. Windows Installer cannot continue.

Error - 12/6/2010 8:43:30 AM | Computer Name = ANN-A26CF12946F | Source = MsiInstaller | ID = 11706
Description = Product: ccCommon -- Error 1706. No valid source could be found for
product ccCommon. Windows Installer cannot continue.

Error - 12/6/2010 8:44:11 AM | Computer Name = ANN-A26CF12946F | Source = MsiInstaller | ID = 11706
Description = Product: ccCommon -- Error 1706. No valid source could be found for
product ccCommon. Windows Installer cannot continue.

Error - 12/6/2010 10:31:43 AM | Computer Name = ANN-A26CF12946F | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/6/2010 8:02:13 AM | Computer Name = ANN-A26CF12946F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/6/2010 8:08:37 AM | Computer Name = ANN-A26CF12946F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/6/2010 8:08:37 AM | Computer Name = ANN-A26CF12946F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/6/2010 8:09:46 AM | Computer Name = ANN-A26CF12946F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/6/2010 8:19:58 AM | Computer Name = ANN-A26CF12946F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/6/2010 8:40:19 AM | Computer Name = ANN-A26CF12946F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/6/2010 8:42:02 AM | Computer Name = ANN-A26CF12946F | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126

Error - 12/6/2010 8:42:05 AM | Computer Name = ANN-A26CF12946F | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 12/6/2010 8:42:13 AM | Computer Name = ANN-A26CF12946F | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {BA76F912-936B-4CFC-B3FF-F208012F648F}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 12/6/2010 8:49:07 AM | Computer Name = ANN-A26CF12946F | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

Re: ***Unable to remove AVG / Interfering with Combofix8th December 2010, 11:27 am

What do I need to do now?

Re: ***Unable to remove AVG / Interfering with Combofix8th December 2010, 11:52 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: ***Unable to remove AVG / Interfering with Combofix9th December 2010, 9:01 am

Okay here's the MBAM log...

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5275

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/8/2010 10:32:55 PM
mbam-log-2010-12-08 (22-32-55).txt

Scan type: Full scan (C:\|)
Objects scanned: 296261
Time elapsed: 1 hour(s), 8 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: ***Unable to remove AVG / Interfering with Combofix10th December 2010, 12:39 am

Hello.

Completely Uninstall AVG software

Download and run avgremover.exe

For 32-Bit, Download: avgremover.exe

IS AVG removed now?

Re: ***Unable to remove AVG / Interfering with Combofix10th December 2010, 2:18 am

Belahzur wrote:

IS AVG removed now?

Yes, that seems to have worked.

I just noticed that there was a log, but its too big to paste in here and for some reason I can't attach the text file here.

Last edited by Misteretc on 10th December 2010, 2:32 am; edited 1 time in total (Reason for editing : log was too big to paste here.)

Re: ***Unable to remove AVG / Interfering with Combofix11th December 2010, 12:49 am

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: ***Unable to remove AVG / Interfering with Combofix11th December 2010, 2:11 am

Okay I downloaded it and ran it successfully. I wasn't able to post the log below because it said it was too big, even when I tried to break it down into parts so I attached the text box with the results.

Re: ***Unable to remove AVG / Interfering with Combofix11th December 2010, 5:21 pm

A short time ago I was reading news on MSN and this program downloaded itself onto my computer...

System Tool 2011

It's some kind of new virus program.

Re: ***Unable to remove AVG / Interfering with Combofix11th December 2010, 5:44 pm

Hello.

Don't install system tool. Can you upload the log to www.rapidshare.com and post the share URL back here please?

Re: ***Unable to remove AVG / Interfering with Combofix12th December 2010, 9:57 am

Sure can, in the meantime, here's the log from Mbam that I ran last night after System Tool 2011 downloaded itself to my computer...

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5296

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

12/12/2010 4:54:40 AM
mbam-log-2010-12-12 (04-54-40).txt

Scan type: Full scan (C:\|)
Objects scanned: 298129
Time elapsed: 44 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Ann\Desktop\system tool 2011.lnk (Rogue.SystemTool) -> Quarantined and deleted successfully.

Re: ***Unable to remove AVG / Interfering with Combofix12th December 2010, 10:28 am

Belahzur wrote:

Hello.

Don't install system tool. Can you upload the log to www.rapidshare.com and post the share URL back here please?

I tried, but had problems with creating an account at rapidshare. Here's the log below (for some reason, now I am able to fit it here)...

ComboFix 10-12-11.03 - Ann 12/12/2010 5:03.16.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2494.2026 [GMT -5]
Running from: c:\documents and settings\Ann\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4}
AV: Norton 360 *Enabled/Updated* {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *Disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
FW: Norton 360 *Enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\aElAl06301
c:\documents and settings\All Users\Application Data\aElAl06301\aElAl06301
c:\documents and settings\All Users\Application Data\aElAl06301\aElAl06301.exe
c:\documents and settings\Ann\Start Menu\Programs\System Tool
c:\documents and settings\Ann\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\windows\system32\drivers\sukqtref.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_qqukkfws

((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.

2010-12-11 17:11 . 2010-12-11 17:11 36488 ----a-w- c:\windows\system32\drivers\klmd.sys
2010-12-02 19:19 . 2010-12-02 19:19 -------- d-----w- c:\documents and settings\Ann\Application Data\CEZEO software
2010-12-02 19:19 . 2010-12-02 19:19 -------- d-----w- c:\program files\CEZEO software
2010-12-02 18:54 . 2010-12-02 18:54 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Kjs.AppLife.Update
2010-12-02 18:53 . 2010-12-02 18:53 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\MariusSoft
2010-12-02 18:53 . 2010-12-02 18:53 -------- d-----w- c:\program files\MariusSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-03-31 02:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-03-31 02:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-18 16:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
.

Code:

<pre>
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\Norton 360\oscheck .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-23 136176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-03-29 2012912]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-06-19 864112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-03-04 209216]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\Ann\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\CCSVCHST.EXE"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/20/2009 5:21 PM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/20/2009 4:17 PM 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352832]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 2:37 PM 149352]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [7/3/2010 9:55 PM 6852]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/27/2009 12:55 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2009 7:11 PM 101936]
R3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [8/28/2010 4:51 PM 16512]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2009 8:54 AM 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 9:32 PM 23888]
S3 klmd21;klmd21;c:\windows\system32\drivers\klmd.sys [12/11/2010 12:11 PM 36488]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
[N/A]
.
Contents of the 'Scheduled Tasks' folder

2010-12-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 03:17]

2010-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-515967899-1801674531-1003Core.job
- c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-23 17:08]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-515967899-1801674531-1003UA.job
- c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-23 17:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:43902
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmd21.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 05:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}]
@DACL=(02 0000)
@="Group Policy Environment"
"ProcessGroupPolicy"="ProcessGroupPolicyEnviron"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyEnviron"
"ProcessGroupPolicyEx 0"=""
"EventSources"="(Group Policy Environment,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-1"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}]
@DACL=(02 0000)
@="Group Policy Local Users and Groups"
"ProcessGroupPolicy"="ProcessGroupPolicyLocUsAndGroups"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyLocUsAndGroups"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExLocUsAndGroups"
"EventSources"="(Group Policy Local Users and Groups,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-2"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}]
@DACL=(02 0000)
@="Group Policy Device Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyDevices"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDevices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDevices"
"EventSources"="(Group Policy Device Settings,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-3"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}]
@DACL=(02 0000)
@="Group Policy Network Options"
"ProcessGroupPolicy"="ProcessGroupPolicyNetworkOptions"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyNetworkOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetworkOptions"
"EventSources"="(Group Policy Network Options,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-4"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}]
@DACL=(02 0000)
@="Group Policy Drive Maps"
"ProcessGroupPolicy"="ProcessGroupPolicyDrives"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDrives"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDrives"
"EventSources"="(Group Policy Drive Maps,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-5"
"PerUserLocalSettings"=dword:00000001
"NoBackgroundPolicy"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}]
@DACL=(02 0000)
@="Group Policy Folders"
"ProcessGroupPolicy"="ProcessGroupPolicyFolders"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFolders"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolders"
"EventSources"="(Group Policy Folders,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-6"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}]
@DACL=(02 0000)
@="Group Policy Network Shares"
"ProcessGroupPolicy"="ProcessGroupPolicyNetShares"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyNetShares"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetShares"
"EventSources"="(Group Policy Network Shares,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-7"
"NoUserPolicy"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}]
@DACL=(02 0000)
@="Group Policy Files"
"ProcessGroupPolicy"="ProcessGroupPolicyFiles"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFiles"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFiles"
"EventSources"="(Group Policy Files,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-8"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}]
@DACL=(02 0000)
@="Group Policy Data Sources"
"ProcessGroupPolicy"="ProcessGroupPolicyDataSources"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDataSources"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDataSources"
"EventSources"="(Group Policy Data Sources,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-9"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}]
@DACL=(02 0000)
@="Group Policy Ini Files"
"ProcessGroupPolicy"="ProcessGroupPolicyIniFile"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyIniFile"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExIniFile"
"EventSources"="(Group Policy Ini Files,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-10"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}]
@DACL=(02 0000)
@="Group Policy Services"
"ProcessGroupPolicy"="ProcessGroupPolicyServices"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyServices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExServices"
"EventSources"="(Group Policy Services,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-11"
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}]
@DACL=(02 0000)
@="Group Policy Folder Options"
"ProcessGroupPolicy"="ProcessGroupPolicyFolderOptions"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFolderOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolderOptions"
"EventSources"="(Group Policy Folder Options,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-12"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}]
@DACL=(02 0000)
@="Group Policy Scheduled Tasks"
"ProcessGroupPolicy"="ProcessGroupPolicySchedTasks"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicySchedTasks"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExSchedTasks"
"EventSources"="(Group Policy Scheduled Tasks,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-13"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}]
@DACL=(02 0000)
@="Group Policy Registry"
"ProcessGroupPolicy"="ProcessGroupPolicyRegistry"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyRegistry"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegistry"
"EventSources"="(Group Policy Registry,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-14"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}]
@DACL=(02 0000)
@="Group Policy Printers"
"ProcessGroupPolicy"="ProcessGroupPolicyPrinters"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyPrinters"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPrinters"
"EventSources"="(Group Policy Printers,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-16"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}]
@DACL=(02 0000)
@="Group Policy Shortcuts"
"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyShortcuts"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExShortcuts"
"EventSources"="(Group Policy Shortcuts,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-17"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}]
@DACL=(02 0000)
@="Group Policy Internet Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyInternet"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExInternet"
"EventSources"="(Group Policy Internet Settings,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-18"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}]
@DACL=(02 0000)
@="Group Policy Start Menu Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyStartMenu"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyStartMenu"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExStartMenu"
"EventSources"="(Group Policy Start Menu Settings,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-19"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}]
@DACL=(02 0000)
@="Group Policy Regional Options"
"ProcessGroupPolicy"="ProcessGroupPolicyRegionOptions"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyRegionOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegionOptions"
"EventSources"="(Group Policy Regional Options,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-20"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}]
@DACL=(02 0000)
@="Group Policy Power Options"
"ProcessGroupPolicy"="ProcessGroupPolicyPowerOptions"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyPowerOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPowerOptions"
"EventSources"="(Group Policy Power Options,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-21"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}]
@DACL=(02 0000)
@="Group Policy Applications"
"ProcessGroupPolicy"="ProcessGroupPolicyApplications"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyApplications"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExApplications"
"EventSources"="(Group Policy Applications,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-15"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3656)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\netdde.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2010-12-12 05:18:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-12 10:17
ComboFix2.txt 2010-12-11 02:09
ComboFix3.txt 2010-08-15 10:37
ComboFix4.txt 2010-07-21 02:13
ComboFix5.txt 2010-12-12 09:58

Pre-Run: 12,548,513,792 bytes free
Post-Run: 11,598,372,864 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F46C4F5702391D5C921F7451A9A35FDC

Re: ***Unable to remove AVG / Interfering with Combofix12th December 2010, 10:15 pm

Hello.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
RenV:: c:\program files\Common Files\Symantec Shared\ccapp .exe c:\program files\Norton 360\oscheck .exe SecCenter:: {17DDD097-36FF-435F-9E1B-52D74245D6BF} Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"=- DDS:: uInternet Settings,ProxyServer = http=127.0.0.1:43902 uInternet Settings,ProxyOverride =
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: ***Unable to remove AVG / Interfering with Combofix13th December 2010, 3:50 am

Thanks! It ran okay and here's the log...

ComboFix 10-12-11.06 - Ann 12/12/2010 22:34:32.17.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2494.1854 [GMT -5:00]
Running from: c:\documents and settings\Ann\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ann\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *Disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\jKlHc06301
c:\documents and settings\All Users\Application Data\jKlHc06301\jKlHc06301
c:\documents and settings\All Users\Application Data\jKlHc06301\jKlHc06301.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))
.

2010-12-11 17:11 . 2010-12-11 17:11 36488 ----a-w- c:\windows\system32\drivers\klmd.sys
2010-12-02 19:19 . 2010-12-02 19:19 -------- d-----w- c:\documents and settings\Ann\Application Data\CEZEO software
2010-12-02 19:19 . 2010-12-02 19:19 -------- d-----w- c:\program files\CEZEO software
2010-12-02 18:54 . 2010-12-02 18:54 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Kjs.AppLife.Update
2010-12-02 18:53 . 2010-12-02 18:53 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\MariusSoft
2010-12-02 18:53 . 2010-12-02 18:53 -------- d-----w- c:\program files\MariusSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-03-31 02:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-03-31 02:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-18 16:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
.

Code:

<pre>
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\Norton 360\oscheck .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-23 136176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-03-29 2012912]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-06-19 864112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-03-04 209216]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\Ann\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\CCSVCHST.EXE"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/20/2009 5:21 PM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/20/2009 4:17 PM 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352832]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 2:37 PM 149352]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [7/3/2010 9:55 PM 6852]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/27/2009 12:55 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2009 7:11 PM 101936]
R3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [8/28/2010 4:51 PM 16512]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2009 8:54 AM 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 9:32 PM 23888]
S3 klmd21;klmd21;c:\windows\system32\drivers\klmd.sys [12/11/2010 12:11 PM 36488]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
[N/A]
.
Contents of the 'Scheduled Tasks' folder

2010-12-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 03:17]

2010-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-515967899-1801674531-1003Core.job
- c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-23 17:08]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-515967899-1801674531-1003UA.job
- c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-23 17:08]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 22:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}]
@DACL=(02 0000)
@="Group Policy Environment"
"ProcessGroupPolicy"="ProcessGroupPolicyEnviron"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyEnviron"
"ProcessGroupPolicyEx 0"=""
"EventSources"="(Group Policy Environment,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-1"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}]
@DACL=(02 0000)
@="Group Policy Local Users and Groups"
"ProcessGroupPolicy"="ProcessGroupPolicyLocUsAndGroups"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyLocUsAndGroups"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExLocUsAndGroups"
"EventSources"="(Group Policy Local Users and Groups,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-2"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}]
@DACL=(02 0000)
@="Group Policy Device Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyDevices"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDevices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDevices"
"EventSources"="(Group Policy Device Settings,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-3"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}]
@DACL=(02 0000)
@="Group Policy Network Options"
"ProcessGroupPolicy"="ProcessGroupPolicyNetworkOptions"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyNetworkOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetworkOptions"
"EventSources"="(Group Policy Network Options,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-4"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}]
@DACL=(02 0000)
@="Group Policy Drive Maps"
"ProcessGroupPolicy"="ProcessGroupPolicyDrives"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDrives"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDrives"
"EventSources"="(Group Policy Drive Maps,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-5"
"PerUserLocalSettings"=dword:00000001
"NoBackgroundPolicy"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}]
@DACL=(02 0000)
@="Group Policy Folders"
"ProcessGroupPolicy"="ProcessGroupPolicyFolders"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFolders"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolders"
"EventSources"="(Group Policy Folders,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-6"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}]
@DACL=(02 0000)
@="Group Policy Network Shares"
"ProcessGroupPolicy"="ProcessGroupPolicyNetShares"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyNetShares"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetShares"
"EventSources"="(Group Policy Network Shares,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-7"
"NoUserPolicy"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}]
@DACL=(02 0000)
@="Group Policy Files"
"ProcessGroupPolicy"="ProcessGroupPolicyFiles"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFiles"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFiles"
"EventSources"="(Group Policy Files,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-8"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}]
@DACL=(02 0000)
@="Group Policy Data Sources"
"ProcessGroupPolicy"="ProcessGroupPolicyDataSources"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyDataSources"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDataSources"
"EventSources"="(Group Policy Data Sources,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-9"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}]
@DACL=(02 0000)
@="Group Policy Ini Files"
"ProcessGroupPolicy"="ProcessGroupPolicyIniFile"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyIniFile"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExIniFile"
"EventSources"="(Group Policy Ini Files,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-10"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}]
@DACL=(02 0000)
@="Group Policy Services"
"ProcessGroupPolicy"="ProcessGroupPolicyServices"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyServices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExServices"
"EventSources"="(Group Policy Services,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-11"
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}]
@DACL=(02 0000)
@="Group Policy Folder Options"
"ProcessGroupPolicy"="ProcessGroupPolicyFolderOptions"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyFolderOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolderOptions"
"EventSources"="(Group Policy Folder Options,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-12"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}]
@DACL=(02 0000)
@="Group Policy Scheduled Tasks"
"ProcessGroupPolicy"="ProcessGroupPolicySchedTasks"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicySchedTasks"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExSchedTasks"
"EventSources"="(Group Policy Scheduled Tasks,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-13"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}]
@DACL=(02 0000)
@="Group Policy Registry"
"ProcessGroupPolicy"="ProcessGroupPolicyRegistry"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyRegistry"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegistry"
"EventSources"="(Group Policy Registry,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-14"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}]
@DACL=(02 0000)
@="Group Policy Printers"
"ProcessGroupPolicy"="ProcessGroupPolicyPrinters"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyPrinters"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPrinters"
"EventSources"="(Group Policy Printers,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-16"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}]
@DACL=(02 0000)
@="Group Policy Shortcuts"
"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyShortcuts"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExShortcuts"
"EventSources"="(Group Policy Shortcuts,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-17"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}]
@DACL=(02 0000)
@="Group Policy Internet Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyInternet"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExInternet"
"EventSources"="(Group Policy Internet Settings,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-18"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}]
@DACL=(02 0000)
@="Group Policy Start Menu Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyStartMenu"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyStartMenu"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExStartMenu"
"EventSources"="(Group Policy Start Menu Settings,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-19"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}]
@DACL=(02 0000)
@="Group Policy Regional Options"
"ProcessGroupPolicy"="ProcessGroupPolicyRegionOptions"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyRegionOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegionOptions"
"EventSources"="(Group Policy Regional Options,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-20"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}]
@DACL=(02 0000)
@="Group Policy Power Options"
"ProcessGroupPolicy"="ProcessGroupPolicyPowerOptions"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyPowerOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPowerOptions"
"EventSources"="(Group Policy Power Options,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-21"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}]
@DACL=(02 0000)
@="Group Policy Applications"
"ProcessGroupPolicy"="ProcessGroupPolicyApplications"
"DllName"=expand:"gpprefcl.dll"
"GenerateGroupPolicy"="GenerateGroupPolicyApplications"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExApplications"
"EventSources"="(Group Policy Applications,Application)"
"DisplayName"=expand:"@gpprefcl.dll,-15"
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2780)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\windows\system32\netdde.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\HPZipm12.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-12 22:47:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-13 03:47
ComboFix2.txt 2010-12-12 10:18
ComboFix3.txt 2010-12-11 02:09
ComboFix4.txt 2010-08-15 10:37
ComboFix5.txt 2010-12-13 03:22

Pre-Run: 11,568,705,536 bytes free
Post-Run: 11,562,471,424 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 94CC17897999BD55A8C8A70A179A13D5

Re: ***Unable to remove AVG / Interfering with Combofix13th December 2010, 11:42 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Re: ***Unable to remove AVG / Interfering with Combofix14th December 2010, 5:32 pm

Thanks! Here is the log below...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=f36567a16cc78148b486ee3eb746938b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-14 02:41:52
# local_time=2010-12-14 09:41:52 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1026 16777214 0 2 0 0 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=168798
# found=10
# cleaned=10
# scan_time=6227
C:\Documents and Settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ann\Application Data\Sun\Java\Deployment\cache\6.0\13\d1e278d-156399f1 Java/Mugademel.A trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ann\Application Data\Sun\Java\Deployment\cache\6.0\18\319a4952-22148ad5 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ann\Application Data\Sun\Java\Deployment\cache\6.0\21\2ac5d895-7e26ad96 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ann\Application Data\Sun\Java\Deployment\cache\6.0\25\591ffc59-35df65e9 a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ann\Application Data\Sun\Java\Deployment\cache\6.0\61\15f4a3fd-517cf6dd a variant of Java/Exploit.Agent.NAC trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ann\Desktop\Music\BSINSTALL.exe probably a variant of Win32/Agent.HNJSBPX trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ann\Desktop\My Art\Games\GAY.exe Win32/Joke.Flash.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ann\Desktop\My Tunes\Downloaded Music\Diana Vickers - Hallelujah.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ann\Desktop\My Tunes\Twilight\Twilight Soundtrack robert pattinson -never think.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C

Re: ***Unable to remove AVG / Interfering with Combofix14th December 2010, 11:27 pm

Hello.

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:files
C:\Documents and Settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: ***Unable to remove AVG / Interfering with Combofix15th December 2010, 11:19 am

Okay I did that and here is the log...

========== FILES ==========
C:\Documents and Settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4 folder moved successfully.

OTL by OldTimer - Version 3.2.6.0 log created on 12152010_061922

Re: ***Unable to remove AVG / Interfering with Combofix15th December 2010, 10:58 pm

I'm having some very strange problems. Now, my Internet Explorer is acting up. I'm not able to copy and paste anything without an error happening with Internet Explorer. So for example if I try to open a new window and copy/paste anything into my Google search, my system freezes up for a second and then says that there is an error with Internet explorer and makes it shut down. I tried to reset Internet Explorer and also disable the add-ons but this did not help. What do I do now?

PS: I have Internet Explorer 8

Re: ***Unable to remove AVG / Interfering with Combofix15th December 2010, 11:40 pm

Disable the add-ons manually or did you use Internet Explorer without add-ons option?

Re: ***Unable to remove AVG / Interfering with Combofix16th December 2010, 12:36 am

I did it manually. However, I now have new information. I decided to run MBAM and found that there is a "Trojan.Dropper" on my computer. My system won't allow me to copy and paste the log here, but it apparently did not remove it.

Re: ***Unable to remove AVG / Interfering with Combofix16th December 2010, 1:26 am

Try this for IE.
Right click the IE icon > Run without add-ons.

Where did MBAM detect the threat?

Re: ***Unable to remove AVG / Interfering with Combofix16th December 2010, 11:45 am

Here's the MBAM log..

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5324

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/15/2010 7:27:53 PM
mbam-log-2010-12-15 (19-27-53).txt

Scan type: Full scan (C:\|)
Objects scanned: 294276
Time elapsed: 1 hour(s), 2 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Ann\local settings\temp\0.6793691432041693.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Re: ***Unable to remove AVG / Interfering with Combofix16th December 2010, 11:41 pm

Hello.

TFC(Temp File Cleaner):

Please download TFC to your desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

MBAM shouldn't detect that threat anymore, but run a new scan, and post the new log when done.

Re: ***Unable to remove AVG / Interfering with Combofix17th December 2010, 4:04 pm

Here's the Log...

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5339

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

12/17/2010 11:03:38 AM
mbam-log-2010-12-17 (11-03-38).txt

Scan type: Full scan (C:\|)
Objects scanned: 283493
Time elapsed: 53 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: ***Unable to remove AVG / Interfering with Combofix17th December 2010, 4:06 pm

I'm having a problem though. My computer keeps going through the reboot sequence without getting to my Windows Desktop. The only way, is for me to hit F8 and go into "Safe Mode with Networking". Now what do I do?

Yikes

Re: ***Unable to remove AVG / Interfering with Combofix17th December 2010, 11:24 pm

Hello.
Is their a lot of data on this machine? a quick way would be to format, but if you don't have anything much worth losing, then a format maybe an option.

Re: ***Unable to remove AVG / Interfering with Combofix18th December 2010, 2:36 am

Belahzur wrote:

Hello.
Is their a lot of data on this machine? a quick way would be to format, but if you don't have anything much worth losing, then a format maybe an option.

I have alot of stuff on this computer that I need. Its weird, its works in Safe Mode, why not in regular?

Re: ***Unable to remove AVG / Interfering with Combofix18th December 2010, 3:29 am

Here's what I did, when I rebooted, I used F8 and selected an option for the computer not to reboot if it encountered an error. I was able to get in just fine and everything seems to work fine, except for Internet explorer. It's having problems just like before. Otherwise, everything else seems to work okay.

Re: ***Unable to remove AVG / Interfering with Combofix18th December 2010, 11:37 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

C:\Program Files\Internet Explorer\iexplore.exe" -extoff

Does that open explorer correctly? if so, try using it, see if you encounter any problems now.

Re: ***Unable to remove AVG / Interfering with Combofix19th December 2010, 3:37 am

Belahzur wrote:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

C:\Program Files\Internet Explorer\iexplore.exe" -extoff

Does that open explorer correctly? if so, try using it, see if you encounter any problems now.

There is no difference. (Except the problem does not exist while my computer is running in "Safe Mode"...

1). Copy and try to paste.
2). Computer locks up for a minute and does not allow me to paste
3). The computer then says that Dr Watson is trying to debug the webpage (or if I'm not using Internet explorer, Dr Watson is trying to debug the application.

***Note: Sometimes after Internet explorer comes up, it says that my security settings are not correct and offers to correct them if I allow it.

Re: ***Unable to remove AVG / Interfering with Combofix21st December 2010, 1:56 am

What can I do to fix this problem?

Re: ***Unable to remove AVG / Interfering with Combofix22nd December 2010, 12:21 am

It's only IE that has this issue yes? IE should be dumped as a usable browser really and move onto Chromium based browsers, like Chrome or Iron.

Re: ***Unable to remove AVG / Interfering with Combofix22nd December 2010, 12:21 pm

Belahzur wrote:

It's only IE that has this issue yes? IE should be dumped as a usable browser really and move onto Chromium based browsers, like Chrome or Iron.

Well, I think its more than that. I was experimenting and found that even with IE closed, it seems that I have major problems being able to "copy and paste". It's very strange.

***Unable to remove AVG / Interfering with Combofix

description***Unable to remove AVG / Interfering with Combofix6th December 2010, 12:56 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix6th December 2010, 8:55 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix7th December 2010, 2:47 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix7th December 2010, 2:47 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix8th December 2010, 11:27 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix8th December 2010, 11:52 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix9th December 2010, 9:01 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix10th December 2010, 12:39 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix10th December 2010, 2:18 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix11th December 2010, 12:49 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix11th December 2010, 2:11 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix11th December 2010, 5:21 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix11th December 2010, 5:44 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix12th December 2010, 9:57 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix12th December 2010, 10:28 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix12th December 2010, 10:15 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix13th December 2010, 3:50 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix13th December 2010, 11:42 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix14th December 2010, 5:32 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix14th December 2010, 11:27 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix15th December 2010, 11:19 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix15th December 2010, 10:58 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix15th December 2010, 11:40 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix16th December 2010, 12:36 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix16th December 2010, 1:26 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix16th December 2010, 11:45 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix16th December 2010, 11:41 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix17th December 2010, 4:04 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix17th December 2010, 4:06 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix17th December 2010, 11:24 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix18th December 2010, 2:36 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix18th December 2010, 3:29 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix18th December 2010, 11:37 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix19th December 2010, 3:37 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix21st December 2010, 1:56 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix22nd December 2010, 12:21 am

descriptionRe: ***Unable to remove AVG / Interfering with Combofix22nd December 2010, 12:21 pm

descriptionRe: ***Unable to remove AVG / Interfering with Combofix