1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Access Denied Host File

Discussion in 'Malware Removal Help' started by pack1977, Dec 2, 2009.

  1. pack1977

    pack1977 Junior Member

    Joined:
    Dec 2, 2009
    Messages:
    26
    I have a computer filled with malware, have run malware-bytes and spy-bot search. When I run spy-bot it finds infections but when it goes to clean them I get a message that says my etc file access denied. So it never fully cleans my computer.
     
  2. BeeCeeBee

    BeeCeeBee ADMINISTRATOR IN MEMORY

    Joined:
    Apr 20, 2009
    Messages:
    7,201
    Location:
    New Jersey "Stronger than the Storm"
    Operating System:
    Windows 7
    Welcome to Computer Help Forums Pack!

    What are the symptoms? You may want to take a look at http://computerhelpforums.net/malware-removal/46793-preparation-for-malware-removal-help.html posted by one of our malware removal experts. You indicate that you are experienced so I will leave it to you and any malware experts that reply as to whether you should start the process. If you do decide that is the way to go following these directions will speed up the process. If necessary this thread will be moved to the removal forum which has limited access for a better "one on one."
     
  3. pack1977

    pack1977 Junior Member

    Joined:
    Dec 2, 2009
    Messages:
    26
    Here are the reports you asked for. I did go through your preperation guide after I posted my problem. I will copy them to a post.
     
  4. Match

    Match Registered Members

    Joined:
    Apr 23, 2009
    Messages:
    4,175
    Location:
    Wolverhampton, UK.
    Computer Brand or Motherboard:
    Abit AN52
    CPU:
    AMD Athlon dual core 5000+
    Memory:
    4 Gig Corsair
    Hard Drive:
    160 Gb Hitachi 500 Gb Western Digital
    Graphics Card:
    Radion XFX 4650
    Power Supply:
    550W EZcool
    if you could copy and paste them into a thread in Malware removal I'm sure Starbuck will get to work on them ASAP
     
  5. pack1977

    pack1977 Junior Member

    Joined:
    Dec 2, 2009
    Messages:
    26
    Malwarebytes' Anti-Malware 1.41
    Database version: 3269
    Windows 5.1.2600 Service Pack 3

    12/1/2009 3:59:01 PM
    mbam-log-2009-12-01 (15-59-01).txt

    Scan type: Quick Scan
    Objects scanned: 145410
    Time elapsed: 9 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 753
    Registry Values Infected: 13
    Registry Data Items Infected: 5
    Folders Infected: 2
    Files Infected: 8

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7370f91f-6994-4595-9949-601fa2261c8d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-Trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiVirus.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusPlus (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusXP (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiVirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoTrace.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantiVirus-cnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hackTracersetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Securitysoldier.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Windows Police Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_Internet_secu_3.0_407.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_AntiSpyware2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procExplorerv1.0.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\save.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Spywarexpguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\System.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\System32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojantrap3.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TSC.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Virusmdpersonalfirewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Windows.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Enterprise Suite (Rogue.EnterpriseSuite) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdreinit.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdtkexec.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiscan.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrepl.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=241&q={searchTerms}) Good: (Google) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=241&q={searchTerms}) Good: (Google) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=241&q={searchTerms}) Good: (Google) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=241&q={searchTerms}) Good: (Google) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=241&q={searchTerms}) Good: (Google) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Documents and Settings\Luke\Application Data\Enterprise Suite (Rogue.EnterpriseSuite) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MIchelle\Application Data\Enterprise Suite (Rogue.EnterpriseSuite) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\MIchelle\Application Data\Enterprise Suite\Instructions.ini (Rogue.EnterpriseSuite) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MIchelle\Desktop\Enterprise Suite.lnk (Rogue.EnterpriseSuite) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MIchelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Enterprise Suite.lnk (Rogue.EnterpriseSuite) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Luke\Start Menu\Enterprise Suite.lnk (Rogue.EnterpriseSuite) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MIchelle\Start Menu\Enterprise Suite.lnk (Rogue.EnterpriseSuite) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Luke\Start Menu\Programs\Enterprise Suite.lnk (Rogue.EnterpriseSuite) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MIchelle\Start Menu\Programs\Enterprise Suite.lnk (Rogue.EnterpriseSuite) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\7e65e71\WE7e65.exe (Rogue.EnterpriseSuite) -> Quarantined and deleted successfully.
     
  6. pack1977

    pack1977 Junior Member

    Joined:
    Dec 2, 2009
    Messages:
    26
    OTL logfile created on: 12/2/2009 10:51:16 AM - Run 1
    OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Luke\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1013.11 Mb Total Physical Memory | 354.27 Mb Available Physical Memory | 34.97% Memory free
    2.38 Gb Paging File | 1.82 Gb Available in Paging File | 76.26% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 122.07 Gb Total Space | 75.42 Gb Free Space | 61.79% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    Drive G: | 107.41 Gb Total Space | 63.29 Gb Free Space | 58.92% Space Free | Partition Type: NTFS
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: COMPUTER-57F7CF
    Current User Name: Luke
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Luke\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
    PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\WINDOWS\system32\java.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    PRC - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
    PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
    PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
    PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
    PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
    PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
    PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
    PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
    PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
    PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
    PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Luke\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Documents and Settings\Luke\Local Settings\Temp\IadHide5.dll (BackWeb)


    ========== Win32 Services (SafeList) ==========

    SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (gupdate1c9beb396e4039e) Google Update Service (gupdate1c9beb396e4039e) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
    SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
    SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
    SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
    SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
    SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)


    ========== Driver Services (SafeList) ==========

    DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
    DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)
    DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)
    DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
    DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
    DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
    DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
    DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
    DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
    DRV - (sdcplh) -- C:\WINDOWS\system32\drivers\sdcplh.sys ()
    DRV - (DcCam) -- C:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company)
    DRV - (Exportit) -- C:\WINDOWS\system32\drivers\ExportIt.sys (Eastman Kodak Company)
    DRV - (DcPTP) -- C:\WINDOWS\system32\drivers\DcPtp.sys (Eastman Kodak Company)
    DRV - (DcLps) -- C:\WINDOWS\system32\drivers\DcLps.sys (Eastman Kodak Company)
    DRV - (DCFS2K) -- C:\WINDOWS\system32\drivers\DCFS2k.sys (Eastman Kodak Company)
    DRV - (DcFpoint) -- C:\WINDOWS\system32\drivers\DcFpoint.sys (Eastman Kodak Company)
    DRV - (cercsr6) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
    DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    O1 HOSTS File: (7427 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 74.125.45.100 4-open-davinci.com
    O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
    O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
    O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
    O1 - Hosts: 74.125.45.100 urs.microsoft.com
    O1 - Hosts: 74.125.45.100 Secured Home of securesoftwarebill.com
    O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
    O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
    O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    O1 - Hosts: 89.248.168.187 google.ae
    O1 - Hosts: 89.248.168.187 google.as
    O1 - Hosts: 89.248.168.187 google.at
    O1 - Hosts: 89.248.168.187 google.az
    O1 - Hosts: 89.248.168.187 google.ba
    O1 - Hosts: 89.248.168.187 google.be
    O1 - Hosts: 89.248.168.187 google.bg
    O1 - Hosts: 89.248.168.187 google.bs
    O1 - Hosts: 89.248.168.187 google.ca
    O1 - Hosts: 197 more lines...
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
    O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1308.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1308.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
    O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
    O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKLM..\RunOnceEx: [] File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
    O4 - Startup: C:\Documents and Settings\Luke\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Diner%20Dash%20-%20Hometown%20Hero/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://www.imgag.com/cp/install/Crusher.cab (Creative Toolbox Plug-in)
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.34.9/ttinst.cab (Toontown Installer ActiveX Control)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Diner%20Dash%20-%20Hometown%20Hero/Images/armhelper.ocx (ArmHelper Control)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O27 - HKLM IFEO\brastk.exe: Debugger - svchost.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/05/23 07:57:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{72f2c852-ac7f-11de-83a4-001d097c1a70}\Shell\AutoRun\command - "" = E:\system32\rundll.exe -- File not found
    O33 - MountPoints2\{72f2c852-ac7f-11de-83a4-001d097c1a70}\Shell\explore\command - "" = E:\system32\rundll.exe -- File not found
    O33 - MountPoints2\{72f2c852-ac7f-11de-83a4-001d097c1a70}\Shell\open\command - "" = E:\system32\rundll.exe -- File not found
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (*) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/12/02 10:21:40 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\TFC.exe
    [2009/12/02 10:21:39 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
    [2009/12/01 16:18:43 | 00,000,000 | -H-D | C] -- C:\$AVG
    [2009/12/01 16:18:15 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2009/12/01 16:18:15 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2009/12/01 16:18:15 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2009/12/01 16:18:14 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2009/12/01 16:17:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
    [2009/12/01 16:17:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/12/01 11:03:09 | 00,229,304 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
    [2009/12/01 11:03:07 | 00,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
    [2009/12/01 11:03:07 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
    [2009/12/01 11:03:03 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
    [2009/12/01 11:02:55 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
    [2009/12/01 11:02:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2009/12/01 11:02:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Application Data\PC Tools
    [2009/12/01 11:02:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2009/11/30 15:15:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Application Data\Malwarebytes
    [2009/11/30 09:56:19 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2009/11/30 09:56:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2009/11/30 09:54:31 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
    [2009/11/30 09:51:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Desktop\Applications
    [2009/11/24 14:01:35 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\WEEQYGTGUS
    [2009/11/24 14:00:21 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\7e65e71
    [2009/11/13 19:10:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luke\My Documents\Downloads
    [2009/11/13 19:06:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Tracing
    [2009/11/12 17:01:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2009/11/12 17:01:29 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
    [2009/11/12 16:56:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

    ========== Files - Modified Within 30 Days ==========

    [2009/12/02 10:52:46 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2009/12/02 10:48:58 | 13,725,696 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
    [2009/12/02 10:48:56 | 10,091,520 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
    [2009/12/02 10:48:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Luke\Desktop\settings.dat
    [2009/12/02 10:47:21 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2009/12/02 10:43:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/12/02 10:43:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/12/02 10:43:01 | 07,077,888 | -H-- | M] () -- C:\Documents and Settings\Luke\NTUSER.DAT
    [2009/12/02 10:43:01 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Luke\ntuser.ini
    [2009/12/02 10:39:36 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/12/02 10:16:24 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
    [2009/12/02 10:15:06 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\TFC.exe
    [2009/12/02 09:08:06 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2009/12/01 16:23:25 | 45,983,486 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2009/12/01 16:18:16 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2009/12/01 16:18:16 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
    [2009/12/01 16:18:15 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2009/12/01 16:18:15 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2009/12/01 16:18:15 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2009/12/01 16:18:14 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2009/12/01 16:17:57 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
    [2009/12/01 16:17:57 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
    [2009/12/01 16:17:57 | 00,088,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2009/12/01 16:02:28 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2009/12/01 10:12:40 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091201-111918.backup
    [2009/12/01 10:12:40 | 00,007,427 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2009/12/01 09:08:57 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091201-095448.backup
    [2009/11/30 09:37:31 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-124434.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111814.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111812.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111805.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111804.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111803.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111802.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111801.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111800.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111755.backup
    [2009/11/25 07:33:49 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2009/11/24 23:57:09 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\zgwxks.sys
    [2009/11/18 21:56:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2009/11/18 13:37:30 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Luke\Desktop\rkill.com
    [2009/11/16 19:08:53 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2009/11/14 06:33:58 | 00,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2009/12/02 10:48:13 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Luke\Desktop\settings.dat
    [2009/12/01 16:18:16 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2009/12/01 16:18:16 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
    [2009/12/01 16:17:57 | 45,983,486 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2009/12/01 16:17:57 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
    [2009/12/01 16:17:57 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
    [2009/12/01 16:17:57 | 00,088,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2009/12/01 11:03:09 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
    [2009/12/01 11:03:07 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
    [2009/12/01 11:03:07 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
    [2009/12/01 11:03:03 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
    [2009/11/30 09:52:05 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Luke\Desktop\rkill.com
    [2009/11/24 23:57:09 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\zgwxks.sys
    [2009/08/12 07:59:05 | 00,000,404 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2009/03/30 11:46:35 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
    [2009/03/07 13:36:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2008/12/27 14:06:38 | 00,000,282 | ---- | C] () -- C:\Documents and Settings\Luke\Application Data\wklnhst.dat
    [2008/12/11 21:54:05 | 00,000,363 | ---- | C] () -- C:\WINDOWS\Disney.ini
    [2008/12/11 21:20:29 | 00,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
    [2008/11/06 14:40:29 | 00,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
    [2008/10/22 15:58:54 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
    [2008/10/11 15:42:34 | 00,012,334 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2008/07/26 15:38:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
    [2008/06/04 10:38:00 | 00,000,046 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
    [2008/05/30 16:17:22 | 00,000,045 | ---- | C] () -- C:\WINDOWS\STORYMKR.INI
    [2008/05/27 10:24:17 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2008/05/27 10:18:20 | 00,002,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2008/05/26 21:05:54 | 00,000,072 | ---- | C] () -- C:\WINDOWS\iltwain.ini
    [2008/05/23 09:45:45 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
    [2006/11/07 20:19:10 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
    [2006/11/07 20:19:08 | 00,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
    [2006/11/07 20:19:08 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
    [2006/11/07 20:19:02 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2006/11/07 20:19:02 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
    [2001/07/07 02:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
    [1994/12/20 23:00:00 | 00,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL

    ========== LOP Check ==========

    [2009/11/24 14:02:25 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\7e65e71
    [2009/12/01 16:17:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/06/11 10:23:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2008/11/09 08:47:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
    [2008/10/04 14:06:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
    [2009/09/06 16:00:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2009/12/02 10:47:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/11/24 14:01:35 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\WEEQYGTGUS
    [2008/12/15 10:54:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Image Zone Express
    [2008/12/27 14:06:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Template

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E499B52
    @Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82591FF7
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88D32024
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    < End of report >
     
  7. pack1977

    pack1977 Junior Member

    Joined:
    Dec 2, 2009
    Messages:
    26
    OTL Extras logfile created on: 12/2/2009 10:51:16 AM - Run 1
    OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Luke\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1013.11 Mb Total Physical Memory | 354.27 Mb Available Physical Memory | 34.97% Memory free
    2.38 Gb Paging File | 1.82 Gb Available in Paging File | 76.26% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 122.07 Gb Total Space | 75.42 Gb Free Space | 61.79% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    Drive G: | 107.41 Gb Total Space | 63.29 Gb Free Space | 58.92% Space Free | Partition Type: NTFS
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: COMPUTER-57F7CF
    Current User Name: Luke
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
    "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
    "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe" = C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp -- ()
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
    "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
    "C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Documents and Settings\All Users\Application Data\7e65e71\WE7e65.exe" = C:\Documents and Settings\All Users\Application Data\7e65e71\WE7e65.exe:*:Enabled:Enterprise Suite -- File not found
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
    "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
    "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1D940D16-66F9-4BF1-99C6-3C26729C3E17}" = Print Perfect Platinum
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
    "{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
    "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
    "{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
    "{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
    "{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
    "{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
    "{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
    "{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6959A52E-2B55-4042-9DF7-0F31EBDEDA60}" = EZface ActiveX 210
    "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
    "{6C16AACD-F64B-B55D-617B-B60716068DD3}" = eBay Desktop
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{82A51429-57E5-4F83-B030-539EDE2464DB}" = MSN Toolbar
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine
    "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
    "{8BBA35B6-E1A9-4FE0-892B-8F7980584D52}" = NetZero Internet and Voice Offer
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
    "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
    "{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
    "{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
    "{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1362843-0E0E-4F74-8662-724CF101ADCE}" = Skype web features
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "am-dinerdash" = Diner Dash
    "Arcade Frenzy" = Disney's Arcade Frenzy
    "Arthur's 2nd Grade" = Arthur's 2nd Grade
    "Ask Toolbar_is1" = Ask Toolbar
    "AVG9Uninstall" = AVG Free 9.0
    "BFGC" = Big Fish Games Client
    "BFG-Cooking Dash - DinerTown Studios" = Cooking Dash: DinerTown Studios
    "BFG-Diner Dash - Hometown Hero" = Diner Dash: Hometown Hero
    "CAL" = Canon Camera Access Library
    "CameraUserGuide-PSA480" = Canon PowerShot A480 Camera User Guide
    "CameraWindowDC" = Canon Utilities CameraWindow DC
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
    "CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1" = eBay Desktop
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "Data Doctor Recovery Digital Pictures (Demo)" = Data Doctor Recovery Digital Pictures (Demo)
    "DBXTriever_is1" = DBXTriever 3.15
    "Diner Dash Flo On The Go_is1" = Diner Dash Flo On The Go
    "Diner Dash™" = Diner Dash™
    "dinerdash2restaurantrescue" = Diner Dash 2 - Restaurant Rescue
    "Disney's Toontown Online" = Disney's Toontown Online
    "Free Realms Installer" = Free Realms Installer
    "GameHouse" = GameHouse
    "GameSpy Arcade" = GameSpy Arcade
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "Greetings Workshop" = Greetings Workshop
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Indeo® software" = Indeo® software
    "InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
    "InterActual Player" = InterActual Player
    "Lemmings Revolution" = Lemmings Revolution
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "Musicnotes Player_is1" = Musicnotes Player V1.23.1
    "MyCamera" = Canon Utilities MyCamera
    "MyCameraDC" = Canon Utilities MyCamera DC
    "NASCAR Racing 1999 Edition" = NASCAR Racing 1999 Edition
    "Need For Speed II SE" = Need For Speed II SE
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NROS" = NROS
    "Personal Printing Guide" = Canon Personal Printing Guide
    "Photo Viewer S3.0_is1" = Photo Viewer S3.0
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Product_Name" = Minnesota Cuke
    "Reader Rabbit 2nd Grade(R) Mis-cheese-ious Dreamship Adventures(TM)" = Reader Rabbit 2nd Grade(R) Mis-cheese-ious Dreamship Adventures(TM)
    "RealArcade" = RealArcade
    "RealPlayer 6.0" = RealPlayer
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "Rhapsody" = Rhapsody
    "Sierra Utilities" = Sierra Utilities
    "SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
    "Spyware Doctor" = Spyware Doctor 7.0
    "SystemRequirementsLab" = System Requirements Lab
    "TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
    "The Weather Channel Desktop 6" = The Weather Channel Desktop 6
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Extras" = Yahoo! Browser Services
    "Yahoo! Mail" = Yahoo! Internet Mail
    "Yahoo! Messenger" = Yahoo! Messenger
    "YInstHelper" = Yahoo! Install Manager
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/26/2009 9:18:07 PM | Computer Name = COMPUTER-57F7CF | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/28/2009 9:37:01 AM | Computer Name = COMPUTER-57F7CF | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/28/2009 9:37:02 AM | Computer Name = COMPUTER-57F7CF | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/28/2009 7:43:32 PM | Computer Name = COMPUTER-57F7CF | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/30/2009 1:40:34 PM | Computer Name = COMPUTER-57F7CF | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/30/2009 1:40:56 PM | Computer Name = COMPUTER-57F7CF | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/30/2009 1:41:02 PM | Computer Name = COMPUTER-57F7CF | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/30/2009 1:41:05 PM | Computer Name = COMPUTER-57F7CF | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/30/2009 11:06:24 PM | Computer Name = COMPUTER-57F7CF | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/6/2009 9:00:26 PM | Computer Name = COMPUTER-57F7CF | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module flash10b.ocx, version 10.0.22.87, fault address 0x002247ca.

    [ System Events ]
    Error - 12/2/2009 12:39:51 PM | Computer Name = COMPUTER-57F7CF | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 12/2/2009 12:39:51 PM | Computer Name = COMPUTER-57F7CF | Source = Service Control Manager | ID = 7031
    Description = The AVG Free WatchDog service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 0 milliseconds:
    Restart the service.

    Error - 12/2/2009 12:39:52 PM | Computer Name = COMPUTER-57F7CF | Source = Service Control Manager | ID = 7034
    Description = The Bonjour Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 12/2/2009 12:39:52 PM | Computer Name = COMPUTER-57F7CF | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 12/2/2009 12:39:52 PM | Computer Name = COMPUTER-57F7CF | Source = Service Control Manager | ID = 7034
    Description = The Linksys Updater service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 12/2/2009 12:39:52 PM | Computer Name = COMPUTER-57F7CF | Source = Service Control Manager | ID = 7034
    Description = The AVG Free E-mail Scanner service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 12/2/2009 12:39:52 PM | Computer Name = COMPUTER-57F7CF | Source = Service Control Manager | ID = 7034
    Description = The Canon Camera Access Library 8 service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 12/2/2009 12:39:52 PM | Computer Name = COMPUTER-57F7CF | Source = Service Control Manager | ID = 7034
    Description = The Pure Networks Platform Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 12/2/2009 12:39:54 PM | Computer Name = COMPUTER-57F7CF | Source = Service Control Manager | ID = 7034
    Description = The iPod Service service terminated unexpectedly. It has done this
    1 time(s).

    Error - 12/2/2009 12:44:05 PM | Computer Name = COMPUTER-57F7CF | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2


    < End of report >
     
  8. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi pack1977

    Ok, that took some going through :)

    MBAM made a big dent in the rubbish, let's see if we can make an even bigger dent now.

    Step 1
    Double click on OTL.exe to run it.
    Copy the lines in the codebox below. (make sure you include the first lot of : )
    Code:
    :otl
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O4 - HKLM..\RunOnceEx: [] File not found
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_04)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O27 - HKLM IFEO\brastk.exe: Debugger - svchost.exe (Microsoft Corporation)
    O33 - MountPoints2\{72f2c852-ac7f-11de-83a4-001d097c1a70}\Shell\AutoRun\command - "" = E:\system32\rundll.exe -- File not found
    O33 - MountPoints2\{72f2c852-ac7f-11de-83a4-001d097c1a70}\Shell\explore\command - "" = E:\system32\rundll.exe -- File not found
    O33 - MountPoints2\{72f2c852-ac7f-11de-83a4-001d097c1a70}\Shell\open\command - "" = E:\system32\rundll.exe -- File not found
    [2009/11/24 14:01:35 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\WEEQYGTGUS
    [2009/11/24 14:00:21 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\7e65e71
    [2009/12/01 10:12:40 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091201-111918.backup
    [2009/12/01 09:08:57 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091201-095448.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-124434.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111814.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111812.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111805.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111804.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111803.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111802.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111801.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111800.backup
    [2009/11/25 14:25:20 | 00,007,427 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-111755.backup
    
    :files
    @C:\Documents and Settings\All Users\Application Data\TEMP:7E499B52
    @C:\Documents and Settings\All Users\Application Data\TEMP:82591FF7
    @C:\Documents and Settings\All Users\Application Data\TEMP:88D32024
    @C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
    @C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    
    :commands
    [emptytemp]
    [purity]
    [RESETHOSTS]
    
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      .
    • Click the red Run Fix button.
    • If OTListIt prompts for permission to reboot the computer, allow it to do so.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

    Copy and paste the contents of the OTL log in your next reply.

    Step 2
    Make sure that you can see hidden files.
    1. Click Start.
    2. Click My Computer.
    3. Select the Tools menu and click Folder Options.
    4. Select the View Tab.
    5. Under the Hidden files and folders heading select Show hidden files and folders.
    6. Uncheck the Hide protected operating system files (recommended) option.
    7. Click Yes to confirm.
    8. Uncheck the Hide file extensions for known file types.
    9. Click OK.

    Please click this link-->Jotti

    When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

    C:\WINDOWS\System32\drivers\zgwxks.sys

    Please post back the results of the scan in your next post.

    If Jotti is busy, try the same at Virustotal: VirusTotal - Free Online Virus and Malware Scan

    Step 3
    Click on start... settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:

    Java(TM) 6 Update 3
    Java(TM) 6 Update 4
    Java(TM) 6 Update 6
    Java(TM) 6 Update 7


    Reboot the system once they have been removed.

    In your next reply, please submit:
    OTL report (that comes up after the fix)
    Jotti scan report

    Thanks.
     
    Last edited by a moderator: Feb 2, 2014
  9. pack1977

    pack1977 Junior Member

    Joined:
    Dec 2, 2009
    Messages:
    26
    Here are the results of the scans:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
    Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
    C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    C:\Program Files\WebEx\ieatgpc.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\ deleted successfully.
    C:\WINDOWS\System32\svchost.exe moved successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72f2c852-ac7f-11de-83a4-001d097c1a70}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72f2c852-ac7f-11de-83a4-001d097c1a70}\ not found.
    File E:\system32\rundll.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72f2c852-ac7f-11de-83a4-001d097c1a70}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72f2c852-ac7f-11de-83a4-001d097c1a70}\ not found.
    File E:\system32\rundll.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72f2c852-ac7f-11de-83a4-001d097c1a70}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72f2c852-ac7f-11de-83a4-001d097c1a70}\ not found.
    File E:\system32\rundll.exe not found.
    C:\Documents and Settings\All Users\Application Data\WEEQYGTGUS folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\7e65e71\WESSys folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\7e65e71\Quarantine Items folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\7e65e71\BackUp folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\7e65e71 folder moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091201-111918.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091201-095448.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091130-124434.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091130-111814.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091130-111812.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091130-111805.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091130-111804.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091130-111803.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091130-111802.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091130-111801.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091130-111800.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20091130-111755.backup moved successfully.
    ========== FILES ==========
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E499B52 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:82591FF7 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:88D32024 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Luke
    ->Temp folder emptied: 981602 bytes
    ->Temporary Internet Files folder emptied: 6787182 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes

    User: MIchelle
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 7.44 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.1.11.4 log created on 12032009_084210

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Luke\Local Settings\Temp\IadHide5.dll moved successfully.

    Registry entries deleted on Reboot...


    Jotti's Scan Results:

    This file has been scanned before. The results for this previous scan are listed below.





    --------------------------------------------------------------------------------

    Filename: pvawr.sys
    Status: Scan finished. 3 out of 21 scanners reported malware.
    Scan taken on: Thu 26 Nov 2009 06:02:16 (CET) Permalink
     
  10. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi pack1977,

    Well, 'Google' didn't have anything on it.... and coupled with the fact that 3 scanners say it's bad.... i'll go with that.

    Let's get rid of it and then get another type of scan .... to check even deeper.

    Step 1
    Double click on OTL.exe to run it.
    Copy the lines in the codebox below. (make sure you include the first lot of : )
    Code:
    :Otl
    [2009/11/24 23:57:09 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\zgwxks.sys
    
    :commands
    [emptytemp]
    
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      .
    • Click the red Run Fix button.
    • If OTListIt prompts for permission to reboot the computer, allow it to do so.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

    Copy and paste the contents of the OTL log in your next reply.

    Step 2
    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2

    [​IMG]


    [​IMG]

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
      For more information read:
      How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

      Then:

      Double click on Combo-Fix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
      If running Vista, you may not see this screen
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    In your next reply, please submit:
    OTL report that comes up after the fix
    Combofix.txt

    Also let me know how things are running now.


    Thanks.
     
    Last edited by a moderator: Feb 2, 2014
  11. pack1977

    pack1977 Junior Member

    Joined:
    Dec 2, 2009
    Messages:
    26
    The machine is running fine. I tried to disable my AVG using services and the task manager. Didn't work so well, when I ran the combo fix it said it was still running. It also said that Enterprise Suite was running, this is the malware I can't seem to shake I guess. Anyways here are the scan reports:

    All processes killed
    ========== OTL ==========
    C:\WINDOWS\system32\drivers\zgwxks.sys moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Luke
    ->Temp folder emptied: 907615 bytes
    ->Temporary Internet Files folder emptied: 5622377 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes

    User: MIchelle
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 579168 bytes
    Windows Temp folder emptied: 16384 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 6.83 mb


    OTL by OldTimer - Version 3.1.11.4 log created on 12032009_153832

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    ComboFix 09-12-03.02 - Luke 12/03/2009 16:02.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.332 [GMT -6:00]
    Running from: c:\documents and settings\Luke\Desktop\Applications\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Enterprise Suite *On-access scanning enabled* (Updated) {F1C7A8F3-B848-4EAD-A596-88B0E3671695}
    FW: Enterprise Suite *enabled* {69C0295C-229F-4EAE-9CEF-239ACC472894}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\Luke\LOCALS~1\Temp\IadHide5.dll
    c:\documents and settings\Luke\Local Settings\Temp\IadHide5.dll
    c:\documents and settings\MIchelle\My Documents\ZbThumbnail.info
    c:\program files\SGPSA
    c:\windows\COUPON~1.OCX
    c:\windows\CouponPrinter.ocx
    c:\windows\system32\drivers\ndisrd.sys
    c:\windows\system32\ndisapi.dll

    Infected copy of c:\windows\system32\hid.dll was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\hid.dll

    Infected copy of c:\windows\system32\midimap.dll was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\midimap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MYWEBSEARCHSERVICE
    -------\Legacy_NDISRD
    -------\Service_NDISRD


    ((((((((((((((((((((((((( Files Created from 2009-11-03 to 2009-12-03 )))))))))))))))))))))))))))))))
    .

    2009-12-03 21:53 . 2009-12-01 22:17 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
    2009-12-03 21:53 . 2009-12-01 22:17 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2009-12-03 21:53 . 2009-12-01 22:17 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
    2009-12-03 21:53 . 2009-12-01 22:17 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2009-12-03 14:42 . 2009-12-03 14:42 -------- d-----w- C:\_OTL
    2009-12-01 22:18 . 2009-12-01 22:38 -------- d-----w- C:\$AVG
    2009-12-01 22:18 . 2009-12-01 22:18 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-12-01 22:18 . 2009-12-01 22:18 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-12-01 22:18 . 2009-12-01 22:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-12-01 22:18 . 2009-12-01 22:18 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-12-01 22:17 . 2009-12-03 21:52 -------- d-----w- c:\windows\system32\drivers\Avg
    2009-12-01 22:17 . 2009-12-01 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2009-11-30 21:15 . 2009-11-30 21:15 -------- d-----w- c:\documents and settings\Luke\Application Data\Malwarebytes
    2009-11-30 15:56 . 2009-11-30 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-11-30 15:56 . 2009-11-30 15:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-30 15:54 . 2009-11-30 15:54 -------- d-----w- c:\program files\AVG
    2009-11-14 01:06 . 2009-12-03 22:16 -------- d-----w- c:\documents and settings\Luke\Tracing
    2009-11-12 23:05 . 2009-12-01 16:12 -------- d-----w- c:\documents and settings\MIchelle\Tracing
    2009-11-12 23:01 . 2009-11-12 23:01 -------- d-----w- c:\program files\Microsoft
    2009-11-12 23:01 . 2009-11-12 23:01 -------- d-----w- c:\program files\Windows Live SkyDrive
    2009-11-12 22:56 . 2009-11-12 22:56 -------- d-----w- c:\program files\Common Files\Windows Live
    2009-11-11 21:51 . 2009-11-11 21:52 1408800 ----a-w- c:\documents and settings\MIchelle\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe
    2009-11-11 02:19 . 2009-11-11 02:19 79488 ----a-w- c:\documents and settings\Luke\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-03 22:16 . 2008-09-02 02:09 -------- d-----w- c:\documents and settings\Luke\Application Data\OpenOffice.org2
    2009-12-03 15:28 . 2008-11-09 15:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-12-03 15:07 . 2008-05-26 22:33 -------- d-----w- c:\program files\Java
    2009-12-02 18:07 . 2008-12-31 04:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-12-02 17:39 . 2009-04-16 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-12-01 16:46 . 2008-06-13 00:45 -------- d-----w- c:\documents and settings\MIchelle\Application Data\OpenOffice.org2
    2009-11-30 21:15 . 2009-07-28 22:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-24 23:55 . 2008-05-23 15:44 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-11-24 20:33 . 2008-06-13 00:46 1 ----a-w- c:\documents and settings\MIchelle\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
    2009-11-20 13:39 . 2008-06-05 02:21 11294 ----a-w- c:\documents and settings\MIchelle\Application Data\wklnhst.dat
    2009-11-16 00:10 . 2008-10-04 20:09 -------- d-----w- c:\program files\Musicnotes
    2009-11-12 23:05 . 2008-05-27 03:06 92232 ----a-w- c:\documents and settings\MIchelle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-12 23:00 . 2008-05-26 22:36 -------- d-----w- c:\program files\Windows Live
    2009-11-11 21:52 . 2009-05-06 20:30 127325 ----a-w- c:\documents and settings\MIchelle\Application Data\Move Networks\uninstall.exe
    2009-11-11 21:52 . 2008-06-03 18:04 -------- d-----w- c:\documents and settings\MIchelle\Application Data\Move Networks
    2009-11-11 21:52 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\MIchelle\Application Data\Move Networks\plugins\npqmp071505000011.dll
    2009-11-10 00:29 . 2008-07-07 17:33 -------- d-----w- c:\documents and settings\MIchelle\Application Data\Yahoo!
    2009-11-01 21:59 . 2009-10-28 02:19 -------- d-----w- c:\documents and settings\MIchelle\Application Data\ZoomBrowser EX
    2009-10-28 02:19 . 2009-10-28 02:11 -------- d-----w- c:\documents and settings\MIchelle\Application Data\CameraWindowDC
    2009-10-28 02:11 . 2009-10-28 02:11 -------- d-----w- c:\documents and settings\MIchelle\Application Data\CANON INC
    2009-10-28 01:56 . 2009-10-28 01:53 -------- d-----w- c:\program files\Canon
    2009-10-28 01:54 . 2009-10-28 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
    2009-10-28 01:53 . 2009-10-28 01:53 -------- d-----w- c:\program files\Common Files\Canon
    2009-10-26 01:00 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\MIchelle\Application Data\Move Networks\plugins\npqmp071505000010.dll
    2009-10-14 08:01 . 2008-06-05 02:16 -------- d-----w- c:\program files\Microsoft Works
    2009-10-12 12:39 . 2009-10-12 12:35 91648 ----a-w- c:\documents and settings\Luke\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-10 20:54 . 2009-07-28 22:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-10 20:53 . 2009-07-28 22:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-10 03:33 . 2009-08-30 03:34 181480 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-07-17 22:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-16 39408]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe " [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-17 142104]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-17 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-17 138008]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-11 185872]
    "LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-01 2020120]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-13 148888]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-26 16132608]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

    c:\documents and settings\MIchelle\Start Menu\Programs\Startup\
    Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1996-6-24 40448]
    OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

    c:\documents and settings\Luke\Start Menu\Programs\Startup\
    OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-7-22 151552]
    Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-12-01 22:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/1/2009 4:18 PM 333192]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/1/2009 4:18 PM 360584]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12/1/2009 4:17 PM 906520]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/1/2009 4:17 PM 285392]
    S2 gupdate1c9beb396e4039e;Google Update Service (gupdate1c9beb396e4039e);c:\program files\Google\Update\GoogleUpdate.exe [4/16/2009 10:51 AM 133104]
    S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 3:30 AM 204800]
    S3 papycpu;papycpu; [x]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

    2009-12-03 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-16 16:49]

    2009-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 16:51]

    2009-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 16:51]

    2009-12-03 c:\windows\Tasks\User_Feed_Synchronization-{154A219F-33B3-431F-857B-39403A20E1A9}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://msn.com/
    uInternet Settings,ProxyOverride = *.local
    IE: &Search - ?p=GRxdm016YYUS
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    AddRemove-am-dinerdash - c:\program files\RealArcade\Installer\bin\gameinstaller.exe c:\program files\RealArcade\Installer\installerMain.clf
    AddRemove-dinerdash2restaurantrescue - c:\program files\RealArcade\Installer\bin\gameinstaller.exe c:\program files\RealArcade\Installer\installerMain.clf
    AddRemove-GameHouse - c:\program files\RealArcade\Installer\bin\gameinstaller.exe c:\program files\RealArcade\Installer\installerMain.clf
    AddRemove-RealArcade - c:\program files\RealArcade\Installer\bin\gameinstaller.exe c:\program files\RealArcade\Installer\installerMain.clf
    AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    AddRemove-Sierra Utilities - c:\program files\Sierra On-Line\sutil32.exe uninstall



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2009-12-03 16:15
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3952)
    c:\windows\system32\WININET.dll
    c:\program files\Google\Quick Search Box\bin\1.2.1150.162\qsb.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\OpenOffice.org 2.4\program\soffice.exe
    c:\program files\OpenOffice.org 2.4\program\soffice.BIN
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    .
    **************************************************************************
    .
    Completion time: 2009-12-03 16:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-12-03 22:22

    Pre-Run: 80,989,659,136 bytes free
    Post-Run: 85,028,270,080 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" oexecute=optin /fastdetect

    - - End Of File - - 51A445DC68025D9DD879EE95F0BC53F5
     
  12. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi pack1977,

    CF turned up some more rubbish.
    It wouldn't hurt to check that the files/folders relating to Enterprise Suite didn't come back after MBAM removed them, let's get CF to check. (although i'm fairly sure that CF would have found them on the 1st run, but we'll still check)

    Then we'll get a fresh OTL report so that i can check the host file.

    Step 1
    Close any open browsers.
    Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

    Open Notepad - it must be Notepad, not Wordpad.
    Copy the text below in the code box by highlighting all the text and pressing Ctrl+C
    Code:
    Folder::
    C:\Documents and Settings\Luke\Application Data\Enterprise Suite
    C:\Documents and Settings\MIchelle\Application Data\Enterprise Suite
    
    File::
    C:\Documents and Settings\MIchelle\Desktop\Enterprise Suite.lnk
    C:\Documents and Settings\MIchelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Enterprise Suite.lnk
    C:\Documents and Settings\Luke\Start Menu\Enterprise Suite.lnk
    C:\Documents and Settings\MIchelle\Start Menu\Enterprise Suite.lnk
    C:\Documents and Settings\Luke\Start Menu\Programs\Enterprise Suite.lnk
    C:\Documents and Settings\MIchelle\Start Menu\Programs\Enterprise Suite.lnk
    C:\Documents and Settings\All Users\Application Data\7e65e71\WE7e65.exe
    
    Go to the Notepad window and click Edit >> Paste
    Then click File >> Save
    Name the file "CFScript.txt" (including the quotes)
    Save the file to your Desktop

    The main ComboFix.exe program should be on your Desktop
    Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
    as below.
    [​IMG]

    Now please wait for ComboFix to finish running.

    Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash

    Step 2
    Double click on OTL.exe to run it.
    • Under Extra Registry section, select Use SafeList.
    • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

    In your next reply, please submit:
    New Combofix.txt
    Both reports from OTL.


    Thanks.
     
  13. pack1977

    pack1977 Junior Member

    Joined:
    Dec 2, 2009
    Messages:
    26
    Here we go again, this Enterprise Suite is a real pain!!

    OTL logfile created on: 12/4/2009 8:45:18 AM - Run 2
    OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Luke\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1013.11 Mb Total Physical Memory | 276.52 Mb Available Physical Memory | 27.29% Memory free
    2.38 Gb Paging File | 1.78 Gb Available in Paging File | 74.67% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 122.07 Gb Total Space | 79.18 Gb Free Space | 64.86% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 989.27 Mb Total Space | 798.05 Mb Free Space | 80.67% Space Free | Partition Type: FAT
    F: Drive not present or media not loaded
    Drive G: | 107.41 Gb Total Space | 63.97 Gb Free Space | 59.56% Space Free | Partition Type: NTFS
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: COMPUTER-57F7CF
    Current User Name: Luke
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Luke\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
    PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
    PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
    PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
    PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
    PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
    PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
    PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
    PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
    PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Luke\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Documents and Settings\Luke\Local Settings\Temp\IadHide5.dll (BackWeb)


    ========== Win32 Services (SafeList) ==========

    SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (gupdate1c9beb396e4039e) Google Update Service (gupdate1c9beb396e4039e) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
    SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
    SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
    SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
    SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
    SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)


    ========== Driver Services (SafeList) ==========

    DRV - (catchme) -- File not found
    DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)
    DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)
    DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
    DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
    DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
    DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
    DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
    DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
    DRV - (sdcplh) -- C:\WINDOWS\system32\drivers\sdcplh.sys ()
    DRV - (DcCam) -- C:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company)
    DRV - (Exportit) -- C:\WINDOWS\system32\drivers\ExportIt.sys (Eastman Kodak Company)
    DRV - (DcPTP) -- C:\WINDOWS\system32\drivers\DcPtp.sys (Eastman Kodak Company)
    DRV - (DcLps) -- C:\WINDOWS\system32\drivers\DcLps.sys (Eastman Kodak Company)
    DRV - (DCFS2K) -- C:\WINDOWS\system32\drivers\DCFS2k.sys (Eastman Kodak Company)
    DRV - (DcFpoint) -- C:\WINDOWS\system32\drivers\DcFpoint.sys (Eastman Kodak Company)
    DRV - (cercsr6) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
    DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
    O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1308.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1308.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
    O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
    O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
    O4 - Startup: C:\Documents and Settings\Luke\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Diner%20Dash%20-%20Hometown%20Hero/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://www.imgag.com/cp/install/Crusher.cab (Creative Toolbox Plug-in)
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.34.9/ttinst.cab (Toontown Installer ActiveX Control)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Diner%20Dash%20-%20Hometown%20Hero/Images/armhelper.ocx (ArmHelper Control)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/05/23 07:57:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (*) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/12/03 16:26:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Application Data\AVG9
    [2009/12/03 15:58:22 | 00,000,000 | RHSD | C] -- C:\cmdcons
    [2009/12/03 15:54:15 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2009/12/03 15:54:15 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2009/12/03 15:54:15 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2009/12/03 15:54:15 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2009/12/03 15:50:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2009/12/03 15:49:39 | 00,000,000 | ---D | C] -- C:\Qoobox
    [2009/12/03 08:42:10 | 00,000,000 | ---D | C] -- C:\_OTL
    [2009/12/02 10:21:40 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\TFC.exe
    [2009/12/02 10:21:39 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
    [2009/12/01 16:18:43 | 00,000,000 | ---D | C] -- C:\$AVG
    [2009/12/01 16:18:15 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2009/12/01 16:18:15 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2009/12/01 16:18:15 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2009/12/01 16:18:14 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2009/12/01 16:17:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
    [2009/12/01 16:17:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/11/30 15:15:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Application Data\Malwarebytes
    [2009/11/30 09:56:19 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2009/11/30 09:56:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2009/11/30 09:54:31 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
    [2009/11/30 09:51:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Desktop\Applications
    [2009/11/13 19:10:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luke\My Documents\Downloads
    [2009/11/13 19:06:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Tracing
    [2009/11/12 17:01:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2009/11/12 17:01:29 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
    [2009/11/12 16:56:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

    ========== Files - Modified Within 30 Days ==========

    [2009/12/04 08:46:15 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2009/12/04 08:38:28 | 07,077,888 | -H-- | M] () -- C:\Documents and Settings\Luke\NTUSER.DAT
    [2009/12/04 08:28:40 | 13,725,696 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
    [2009/12/04 08:28:32 | 10,091,520 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
    [2009/12/04 08:27:42 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{154A219F-33B3-431F-857B-39403A20E1A9}.job
    [2009/12/04 08:25:43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2009/12/04 08:25:32 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2009/12/04 08:25:27 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2009/12/04 08:08:05 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2009/12/03 16:46:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/12/03 16:46:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/12/03 16:45:49 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Luke\ntuser.ini
    [2009/12/03 15:58:27 | 00,000,281 | RHS- | M] () -- C:\boot.ini
    [2009/12/03 15:52:25 | 46,116,079 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2009/12/03 15:51:48 | 00,111,946 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2009/12/03 15:51:30 | 03,577,438 | R--- | M] () -- C:\Documents and Settings\Luke\Desktop\ComboFix.exe
    [2009/12/03 09:28:51 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/12/02 21:56:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2009/12/02 10:48:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Luke\Desktop\settings.dat
    [2009/12/02 10:16:24 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
    [2009/12/02 10:15:06 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\TFC.exe
    [2009/12/01 16:18:16 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2009/12/01 16:18:16 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
    [2009/12/01 16:18:15 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2009/12/01 16:18:15 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2009/12/01 16:18:15 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2009/12/01 16:18:14 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2009/12/01 16:17:57 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
    [2009/12/01 16:17:57 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
    [2009/12/01 16:02:28 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2009/11/30 09:37:31 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/11/25 07:33:49 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2009/11/18 13:37:30 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Luke\Desktop\rkill.com
    [2009/11/16 19:08:53 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2009/11/14 06:33:58 | 00,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe

    ========== Files Created - No Company Name ==========

    [2009/12/04 08:38:25 | 03,577,438 | R--- | C] () -- C:\Documents and Settings\Luke\Desktop\ComboFix.exe
    [2009/12/03 15:58:27 | 00,000,211 | ---- | C] () -- C:\Boot.bak
    [2009/12/03 15:58:24 | 00,260,272 | ---- | C] () -- C:\cmldr
    [2009/12/03 15:54:15 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2009/12/03 15:54:15 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2009/12/03 15:54:15 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2009/12/03 15:54:15 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2009/12/03 15:54:15 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2009/12/03 08:38:10 | 00,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{154A219F-33B3-431F-857B-39403A20E1A9}.job
    [2009/12/02 10:48:13 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Luke\Desktop\settings.dat
    [2009/12/01 16:18:16 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2009/12/01 16:18:16 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
    [2009/12/01 16:17:57 | 46,116,079 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2009/12/01 16:17:57 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
    [2009/12/01 16:17:57 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
    [2009/12/01 16:17:57 | 00,111,946 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2009/11/30 09:52:05 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Luke\Desktop\rkill.com
    [2009/08/12 07:59:05 | 00,000,404 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2009/03/30 11:46:35 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
    [2009/03/07 13:36:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2008/12/27 14:06:38 | 00,000,282 | ---- | C] () -- C:\Documents and Settings\Luke\Application Data\wklnhst.dat
    [2008/12/11 21:54:05 | 00,000,363 | ---- | C] () -- C:\WINDOWS\Disney.ini
    [2008/12/11 21:20:29 | 00,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
    [2008/11/06 14:40:29 | 00,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
    [2008/10/22 15:58:54 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
    [2008/10/11 15:42:34 | 00,012,334 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2008/07/26 15:38:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
    [2008/06/04 10:38:00 | 00,000,046 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
    [2008/05/30 16:17:22 | 00,000,045 | ---- | C] () -- C:\WINDOWS\STORYMKR.INI
    [2008/05/27 10:24:17 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2008/05/27 10:18:20 | 00,002,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2008/05/26 21:05:54 | 00,000,072 | ---- | C] () -- C:\WINDOWS\iltwain.ini
    [2008/05/23 09:45:45 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
    [2006/11/07 20:19:10 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
    [2006/11/07 20:19:08 | 00,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
    [2006/11/07 20:19:08 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
    [2006/11/07 20:19:02 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2006/11/07 20:19:02 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
    [2001/07/07 02:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
    [1994/12/20 23:00:00 | 00,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    < End of report >

    OTL logfile created on: 12/4/2009 10:48:51 AM - Run 3
    OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Luke\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1013.11 Mb Total Physical Memory | 348.16 Mb Available Physical Memory | 34.37% Memory free
    2.38 Gb Paging File | 1.86 Gb Available in Paging File | 78.20% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 122.07 Gb Total Space | 79.10 Gb Free Space | 64.80% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 989.27 Mb Total Space | 798.30 Mb Free Space | 80.70% Space Free | Partition Type: FAT
    F: Drive not present or media not loaded
    Drive G: | 107.41 Gb Total Space | 63.97 Gb Free Space | 59.56% Space Free | Partition Type: NTFS
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: COMPUTER-57F7CF
    Current User Name: Luke
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Luke\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
    PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
    PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
    PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
    PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
    PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
    PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
    PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
    PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
    PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Luke\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Documents and Settings\Luke\Local Settings\Temp\IadHide5.dll (BackWeb)


    ========== Win32 Services (SafeList) ==========

    SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (gupdate1c9beb396e4039e) Google Update Service (gupdate1c9beb396e4039e) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
    SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
    SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
    SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
    SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
    SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)


    ========== Driver Services (SafeList) ==========

    DRV - (catchme) -- File not found
    DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)
    DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)
    DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
    DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
    DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
    DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
    DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
    DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
    DRV - (sdcplh) -- C:\WINDOWS\system32\drivers\sdcplh.sys ()
    DRV - (DcCam) -- C:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company)
    DRV - (Exportit) -- C:\WINDOWS\system32\drivers\ExportIt.sys (Eastman Kodak Company)
    DRV - (DcPTP) -- C:\WINDOWS\system32\drivers\DcPtp.sys (Eastman Kodak Company)
    DRV - (DcLps) -- C:\WINDOWS\system32\drivers\DcLps.sys (Eastman Kodak Company)
    DRV - (DCFS2K) -- C:\WINDOWS\system32\drivers\DCFS2k.sys (Eastman Kodak Company)
    DRV - (DcFpoint) -- C:\WINDOWS\system32\drivers\DcFpoint.sys (Eastman Kodak Company)
    DRV - (cercsr6) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
    DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
    O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1308.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1308.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
    O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
    O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
    O4 - Startup: C:\Documents and Settings\Luke\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Diner%20Dash%20-%20Hometown%20Hero/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://www.imgag.com/cp/install/Crusher.cab (Creative Toolbox Plug-in)
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.34.9/ttinst.cab (Toontown Installer ActiveX Control)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Diner%20Dash%20-%20Hometown%20Hero/Images/armhelper.ocx (ArmHelper Control)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/05/23 07:57:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (*) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/12/04 09:01:22 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2009/12/03 16:26:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Application Data\AVG9
    [2009/12/03 15:58:22 | 00,000,000 | RHSD | C] -- C:\cmdcons
    [2009/12/03 15:54:15 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2009/12/03 15:54:15 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2009/12/03 15:54:15 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2009/12/03 15:50:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2009/12/03 15:49:39 | 00,000,000 | ---D | C] -- C:\Qoobox
    [2009/12/03 08:42:10 | 00,000,000 | ---D | C] -- C:\_OTL
    [2009/12/02 10:21:40 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\TFC.exe
    [2009/12/02 10:21:39 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
    [2009/12/01 16:18:43 | 00,000,000 | ---D | C] -- C:\$AVG
    [2009/12/01 16:18:15 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2009/12/01 16:18:15 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2009/12/01 16:18:15 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2009/12/01 16:18:14 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2009/12/01 16:17:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
    [2009/12/01 16:17:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/11/30 15:15:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Application Data\Malwarebytes
    [2009/11/30 09:56:19 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2009/11/30 09:56:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2009/11/30 09:54:31 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
    [2009/11/30 09:51:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Desktop\Applications
    [2009/11/13 19:10:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luke\My Documents\Downloads
    [2009/11/13 19:06:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Tracing
    [2009/11/12 17:01:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2009/11/12 17:01:29 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
    [2009/11/12 16:56:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

    ========== Files - Modified Within 30 Days ==========

    [2009/12/04 10:44:18 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2009/12/04 10:34:49 | 13,725,696 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
    [2009/12/04 10:34:41 | 10,091,520 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
    [2009/12/04 10:31:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2009/12/04 10:31:34 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2009/12/04 10:31:29 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2009/12/04 10:30:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/12/04 10:30:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/12/04 10:29:19 | 07,077,888 | -H-- | M] () -- C:\Documents and Settings\Luke\NTUSER.DAT
    [2009/12/04 10:29:19 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Luke\ntuser.ini
    [2009/12/04 10:13:34 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/12/04 10:08:05 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2009/12/04 08:27:42 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{154A219F-33B3-431F-857B-39403A20E1A9}.job
    [2009/12/03 15:58:27 | 00,000,281 | RHS- | M] () -- C:\boot.ini
    [2009/12/03 15:52:25 | 46,116,079 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2009/12/03 15:51:48 | 00,111,946 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2009/12/03 15:51:30 | 03,577,438 | R--- | M] () -- C:\Documents and Settings\Luke\Desktop\ComboFix.exe
    [2009/12/02 21:56:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2009/12/02 10:48:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Luke\Desktop\settings.dat
    [2009/12/02 10:16:24 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
    [2009/12/02 10:15:06 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\TFC.exe
    [2009/12/01 16:18:16 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2009/12/01 16:18:16 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
    [2009/12/01 16:18:15 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2009/12/01 16:18:15 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2009/12/01 16:18:15 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2009/12/01 16:18:14 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2009/12/01 16:17:57 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
    [2009/12/01 16:17:57 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
    [2009/12/01 16:02:28 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2009/11/30 09:37:31 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/11/25 07:33:49 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2009/11/18 13:37:30 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Luke\Desktop\rkill.com
    [2009/11/16 19:08:53 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2009/11/14 06:33:58 | 00,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe

    ========== Files Created - No Company Name ==========

    [2009/12/04 08:38:25 | 03,577,438 | R--- | C] () -- C:\Documents and Settings\Luke\Desktop\ComboFix.exe
    [2009/12/03 15:58:27 | 00,000,211 | ---- | C] () -- C:\Boot.bak
    [2009/12/03 15:58:24 | 00,260,272 | ---- | C] () -- C:\cmldr
    [2009/12/03 15:54:15 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2009/12/03 15:54:15 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2009/12/03 15:54:15 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2009/12/03 15:54:15 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2009/12/03 15:54:15 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2009/12/03 08:38:10 | 00,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{154A219F-33B3-431F-857B-39403A20E1A9}.job
    [2009/12/02 10:48:13 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Luke\Desktop\settings.dat
    [2009/12/01 16:18:16 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2009/12/01 16:18:16 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
    [2009/12/01 16:17:57 | 46,116,079 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2009/12/01 16:17:57 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
    [2009/12/01 16:17:57 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
    [2009/12/01 16:17:57 | 00,111,946 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2009/11/30 09:52:05 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Luke\Desktop\rkill.com
    [2009/08/12 07:59:05 | 00,000,404 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2009/03/30 11:46:35 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
    [2009/03/07 13:36:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2008/12/27 14:06:38 | 00,000,282 | ---- | C] () -- C:\Documents and Settings\Luke\Application Data\wklnhst.dat
    [2008/12/11 21:54:05 | 00,000,363 | ---- | C] () -- C:\WINDOWS\Disney.ini
    [2008/12/11 21:20:29 | 00,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
    [2008/11/06 14:40:29 | 00,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
    [2008/10/22 15:58:54 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
    [2008/10/11 15:42:34 | 00,012,334 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2008/07/26 15:38:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
    [2008/06/04 10:38:00 | 00,000,046 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
    [2008/05/30 16:17:22 | 00,000,045 | ---- | C] () -- C:\WINDOWS\STORYMKR.INI
    [2008/05/27 10:24:17 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2008/05/27 10:18:20 | 00,002,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2008/05/26 21:05:54 | 00,000,072 | ---- | C] () -- C:\WINDOWS\iltwain.ini
    [2008/05/23 09:45:45 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
    [2006/11/07 20:19:10 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
    [2006/11/07 20:19:08 | 00,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
    [2006/11/07 20:19:08 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
    [2006/11/07 20:19:02 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2006/11/07 20:19:02 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
    [2001/07/07 02:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
    [1994/12/20 23:00:00 | 00,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    < End of report >


    OTL Extras logfile created on: 12/4/2009 10:48:51 AM - Run 3
    OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Luke\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1013.11 Mb Total Physical Memory | 348.16 Mb Available Physical Memory | 34.37% Memory free
    2.38 Gb Paging File | 1.86 Gb Available in Paging File | 78.20% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 122.07 Gb Total Space | 79.10 Gb Free Space | 64.80% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 989.27 Mb Total Space | 798.30 Mb Free Space | 80.70% Space Free | Partition Type: FAT
    F: Drive not present or media not loaded
    Drive G: | 107.41 Gb Total Space | 63.97 Gb Free Space | 59.56% Space Free | Partition Type: NTFS
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: COMPUTER-57F7CF
    Current User Name: Luke
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
    "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe" = C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp -- ()
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
    "C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
    "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1D940D16-66F9-4BF1-99C6-3C26729C3E17}" = Print Perfect Platinum
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
    "{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
    "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
    "{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
    "{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
    "{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
    "{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
    "{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
    "{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6959A52E-2B55-4042-9DF7-0F31EBDEDA60}" = EZface ActiveX 210
    "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
    "{6C16AACD-F64B-B55D-617B-B60716068DD3}" = eBay Desktop
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{82A51429-57E5-4F83-B030-539EDE2464DB}" = MSN Toolbar
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine
    "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
    "{8BBA35B6-E1A9-4FE0-892B-8F7980584D52}" = NetZero Internet and Voice Offer
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
    "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
    "{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
    "{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
    "{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1362843-0E0E-4F74-8662-724CF101ADCE}" = Skype web features
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Arcade Frenzy" = Disney's Arcade Frenzy
    "Arthur's 2nd Grade" = Arthur's 2nd Grade
    "Ask Toolbar_is1" = Ask Toolbar
    "AVG9Uninstall" = AVG Free 9.0
    "BFGC" = Big Fish Games Client
    "BFG-Cooking Dash - DinerTown Studios" = Cooking Dash: DinerTown Studios
    "BFG-Diner Dash - Hometown Hero" = Diner Dash: Hometown Hero
    "CAL" = Canon Camera Access Library
    "CameraUserGuide-PSA480" = Canon PowerShot A480 Camera User Guide
    "CameraWindowDC" = Canon Utilities CameraWindow DC
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
    "CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1" = eBay Desktop
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "Data Doctor Recovery Digital Pictures (Demo)" = Data Doctor Recovery Digital Pictures (Demo)
    "DBXTriever_is1" = DBXTriever 3.15
    "Diner Dash Flo On The Go_is1" = Diner Dash Flo On The Go
    "Diner Dash™" = Diner Dash™
    "Disney's Toontown Online" = Disney's Toontown Online
    "Free Realms Installer" = Free Realms Installer
    "GameSpy Arcade" = GameSpy Arcade
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "Greetings Workshop" = Greetings Workshop
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Indeo® software" = Indeo® software
    "InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
    "InterActual Player" = InterActual Player
    "Lemmings Revolution" = Lemmings Revolution
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "Musicnotes Player_is1" = Musicnotes Player V1.23.1
    "MyCamera" = Canon Utilities MyCamera
    "MyCameraDC" = Canon Utilities MyCamera DC
    "NASCAR Racing 1999 Edition" = NASCAR Racing 1999 Edition
    "Need For Speed II SE" = Need For Speed II SE
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NROS" = NROS
    "Personal Printing Guide" = Canon Personal Printing Guide
    "Photo Viewer S3.0_is1" = Photo Viewer S3.0
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Product_Name" = Minnesota Cuke
    "Reader Rabbit 2nd Grade(R) Mis-cheese-ious Dreamship Adventures(TM)" = Reader Rabbit 2nd Grade(R) Mis-cheese-ious Dreamship Adventures(TM)
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "Rhapsody" = Rhapsody
    "SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
    "SystemRequirementsLab" = System Requirements Lab
    "TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
    "The Weather Channel Desktop 6" = The Weather Channel Desktop 6
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Extras" = Yahoo! Browser Services
    "Yahoo! Mail" = Yahoo! Internet Mail
    "Yahoo! Messenger" = Yahoo! Messenger
    "YInstHelper" = Yahoo! Install Manager
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/4/2009 3:08:05 AM | Computer Name = COMPUTER-57F7CF | Source = Google Update | ID = 20
    Description =

    Error - 12/4/2009 4:08:05 AM | Computer Name = COMPUTER-57F7CF | Source = Google Update | ID = 20
    Description =

    Error - 12/4/2009 5:08:05 AM | Computer Name = COMPUTER-57F7CF | Source = Google Update | ID = 20
    Description =

    Error - 12/4/2009 6:08:05 AM | Computer Name = COMPUTER-57F7CF | Source = Google Update | ID = 20
    Description =

    Error - 12/4/2009 7:08:05 AM | Computer Name = COMPUTER-57F7CF | Source = Google Update | ID = 20
    Description =

    Error - 12/4/2009 8:08:05 AM | Computer Name = COMPUTER-57F7CF | Source = Google Update | ID = 20
    Description =

    Error - 12/4/2009 9:08:05 AM | Computer Name = COMPUTER-57F7CF | Source = Google Update | ID = 20
    Description =

    Error - 12/4/2009 10:08:05 AM | Computer Name = COMPUTER-57F7CF | Source = Google Update | ID = 20
    Description =

    Error - 12/4/2009 11:08:06 AM | Computer Name = COMPUTER-57F7CF | Source = Google Update | ID = 20
    Description =

    Error - 12/4/2009 12:08:05 PM | Computer Name = COMPUTER-57F7CF | Source = Google Update | ID = 20
    Description =

    [ System Events ]
    Error - 12/4/2009 11:18:46 AM | Computer Name = COMPUTER-57F7CF | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 12/4/2009 11:20:11 AM | Computer Name = COMPUTER-57F7CF | Source = Service Control Manager | ID = 7034
    Description = The Linksys Updater service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 12/4/2009 12:30:18 PM | Computer Name = COMPUTER-57F7CF | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 12/4/2009 12:31:45 PM | Computer Name = COMPUTER-57F7CF | Source = Service Control Manager | ID = 7034
    Description = The Linksys Updater service terminated unexpectedly. It has done
    this 1 time(s).


    < End of report >


    ComboFix 09-12-03.02 - Luke 12/04/2009 10:20.4.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.331 [GMT -6:00]
    Running from: c:\documents and settings\Luke\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Luke\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Enterprise Suite *On-access scanning enabled* (Updated) {F1C7A8F3-B848-4EAD-A596-88B0E3671695}
    FW: Enterprise Suite *enabled* {69C0295C-229F-4EAE-9CEF-239ACC472894}

    FILE ::
    "c:\documents and settings\All Users\Application Data\7e65e71\WE7e65.exe"
    "c:\documents and settings\Luke\Start Menu\Enterprise Suite.lnk"
    "c:\documents and settings\Luke\Start Menu\Programs\Enterprise Suite.lnk"
    "c:\documents and settings\MIchelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Enterprise Suite.lnk"
    "c:\documents and settings\MIchelle\Desktop\Enterprise Suite.lnk"
    "c:\documents and settings\MIchelle\Start Menu\Enterprise Suite.lnk"
    "c:\documents and settings\MIchelle\Start Menu\Programs\Enterprise Suite.lnk"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    Infected copy of c:\windows\system32\hid.dll was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\hid.dll

    Infected copy of c:\windows\system32\midimap.dll was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\midimap.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-11-04 to 2009-12-04 )))))))))))))))))))))))))))))))
    .

    2009-12-03 22:26 . 2009-12-03 22:26 -------- d-----w- c:\documents and settings\Luke\Application Data\AVG9
    2009-12-03 21:53 . 2009-12-01 22:17 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
    2009-12-03 21:53 . 2009-12-01 22:17 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2009-12-03 21:53 . 2009-12-01 22:17 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
    2009-12-03 21:53 . 2009-12-01 22:17 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2009-12-03 14:42 . 2009-12-03 14:42 -------- d-----w- C:\_OTL
    2009-12-01 22:18 . 2009-12-01 22:38 -------- d-----w- C:\$AVG
    2009-12-01 22:18 . 2009-12-01 22:18 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-12-01 22:18 . 2009-12-01 22:18 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-12-01 22:18 . 2009-12-01 22:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-12-01 22:18 . 2009-12-01 22:18 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-12-01 22:17 . 2009-12-03 21:52 -------- d-----w- c:\windows\system32\drivers\Avg
    2009-12-01 22:17 . 2009-12-01 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2009-11-30 21:15 . 2009-11-30 21:15 -------- d-----w- c:\documents and settings\Luke\Application Data\Malwarebytes
    2009-11-30 15:56 . 2009-11-30 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-11-30 15:56 . 2009-11-30 15:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-30 15:54 . 2009-11-30 15:54 -------- d-----w- c:\program files\AVG
    2009-11-14 01:06 . 2009-12-04 15:42 -------- d-----w- c:\documents and settings\Luke\Tracing
    2009-11-12 23:05 . 2009-12-01 16:12 -------- d-----w- c:\documents and settings\MIchelle\Tracing
    2009-11-12 23:01 . 2009-11-12 23:01 -------- d-----w- c:\program files\Microsoft
    2009-11-12 23:01 . 2009-11-12 23:01 -------- d-----w- c:\program files\Windows Live SkyDrive
    2009-11-12 22:56 . 2009-11-12 22:56 -------- d-----w- c:\program files\Common Files\Windows Live
    2009-11-11 21:51 . 2009-11-11 21:52 1408800 ----a-w- c:\documents and settings\MIchelle\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe
    2009-11-11 02:19 . 2009-11-11 02:19 79488 ----a-w- c:\documents and settings\Luke\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-04 16:33 . 2008-09-02 02:09 -------- d-----w- c:\documents and settings\Luke\Application Data\OpenOffice.org2
    2009-12-04 16:13 . 2008-11-09 15:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-12-03 15:07 . 2008-05-26 22:33 -------- d-----w- c:\program files\Java
    2009-12-02 18:07 . 2008-12-31 04:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-12-02 17:39 . 2009-04-16 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-12-01 16:46 . 2008-06-13 00:45 -------- d-----w- c:\documents and settings\MIchelle\Application Data\OpenOffice.org2
    2009-11-30 21:15 . 2009-07-28 22:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-24 23:55 . 2008-05-23 15:44 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-11-24 20:33 . 2008-06-13 00:46 1 ----a-w- c:\documents and settings\MIchelle\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
    2009-11-20 13:39 . 2008-06-05 02:21 11294 ----a-w- c:\documents and settings\MIchelle\Application Data\wklnhst.dat
    2009-11-16 00:10 . 2008-10-04 20:09 -------- d-----w- c:\program files\Musicnotes
    2009-11-12 23:05 . 2008-05-27 03:06 92232 ----a-w- c:\documents and settings\MIchelle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-12 23:00 . 2008-05-26 22:36 -------- d-----w- c:\program files\Windows Live
    2009-11-11 21:52 . 2009-05-06 20:30 127325 ----a-w- c:\documents and settings\MIchelle\Application Data\Move Networks\uninstall.exe
    2009-11-11 21:52 . 2008-06-03 18:04 -------- d-----w- c:\documents and settings\MIchelle\Application Data\Move Networks
    2009-11-11 21:52 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\MIchelle\Application Data\Move Networks\plugins\npqmp071505000011.dll
    2009-11-10 00:29 . 2008-07-07 17:33 -------- d-----w- c:\documents and settings\MIchelle\Application Data\Yahoo!
    2009-11-01 21:59 . 2009-10-28 02:19 -------- d-----w- c:\documents and settings\MIchelle\Application Data\ZoomBrowser EX
    2009-10-28 02:19 . 2009-10-28 02:11 -------- d-----w- c:\documents and settings\MIchelle\Application Data\CameraWindowDC
    2009-10-28 02:11 . 2009-10-28 02:11 -------- d-----w- c:\documents and settings\MIchelle\Application Data\CANON INC
    2009-10-28 01:56 . 2009-10-28 01:53 -------- d-----w- c:\program files\Canon
    2009-10-28 01:54 . 2009-10-28 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
    2009-10-28 01:53 . 2009-10-28 01:53 -------- d-----w- c:\program files\Common Files\Canon
    2009-10-26 01:00 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\MIchelle\Application Data\Move Networks\plugins\npqmp071505000010.dll
    2009-10-14 08:01 . 2008-06-05 02:16 -------- d-----w- c:\program files\Microsoft Works
    2009-10-12 12:39 . 2009-10-12 12:35 91648 ----a-w- c:\documents and settings\Luke\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-10 20:54 . 2009-07-28 22:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-10 20:53 . 2009-07-28 22:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-10 03:33 . 2009-08-30 03:34 181480 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-12-03_22.15.34 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-12-04 16:30 . 2009-12-04 16:30 16384 c:\windows\Temp\Perflib_Perfdata_76c.dat
    + 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
    + 2009-12-04 09:00 . 2009-12-04 09:00 195584 c:\windows\Installer\2320d55.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-07-17 22:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-16 39408]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe " [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-17 142104]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-17 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-17 138008]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-11 185872]
    "LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-01 2020120]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-13 148888]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-26 16132608]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

    c:\documents and settings\MIchelle\Start Menu\Programs\Startup\
    Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1996-6-24 40448]
    OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

    c:\documents and settings\Luke\Start Menu\Programs\Startup\
    OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-7-22 151552]
    Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-12-01 22:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/1/2009 4:18 PM 333192]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/1/2009 4:18 PM 360584]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12/1/2009 4:17 PM 906520]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/1/2009 4:17 PM 285392]
    S2 gupdate1c9beb396e4039e;Google Update Service (gupdate1c9beb396e4039e);c:\program files\Google\Update\GoogleUpdate.exe [4/16/2009 10:51 AM 133104]
    S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 3:30 AM 204800]
    S3 papycpu;papycpu; [x]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

    2009-12-04 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-16 16:49]

    2009-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 16:51]

    2009-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 16:51]

    2009-12-04 c:\windows\Tasks\User_Feed_Synchronization-{154A219F-33B3-431F-857B-39403A20E1A9}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://msn.com/
    uInternet Settings,ProxyOverride = *.local
    IE: &Search - ?p=GRxdm016YYUS
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2009-12-04 10:31
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(636)
    c:\windows\system32\WININET.dll
    c:\docume~1\Luke\LOCALS~1\Temp\IadHide5.dll
    c:\program files\Google\Quick Search Box\bin\1.2.1150.162\qsb.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\OpenOffice.org 2.4\program\soffice.exe
    c:\program files\OpenOffice.org 2.4\program\soffice.BIN
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    .
    **************************************************************************
    .
    Completion time: 2009-12-04 10:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-12-04 16:38
    ComboFix2.txt 2009-12-04 15:48
    ComboFix3.txt 2009-12-04 14:32
    ComboFix4.txt 2009-12-03 22:22

    Pre-Run: 84,953,174,016 bytes free
    Post-Run: 84,888,858,624 bytes free

    - - End Of File - - 518D80425C9DF00447AD10923B881E69
     
  14. pack1977

    pack1977 Junior Member

    Joined:
    Dec 2, 2009
    Messages:
    26
    It still says that F*****g software is running when if I run Combo Fix again.
     
  15. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi pack1977

    Host file looks good now. [​IMG]

    You keep posting and i'll keep you working [​IMG]

    It says it running, but CF didn't find those files!
    Notice the files were listed in the CF report, but nothing in the Deletions.
    Obviously some reg entries buried away that still think it's running.
    But we'll check if there's any files/folders anywhere.

    My concern at the moment is this:
    Seeing it once is ok, but to get it twice in a row!
    I need to check out something, so will give you instructions for this.

    A few little things to get rid of using OTl,
    I wanted to get rid of these before, but the board software obscured the full paths..... have found a way around this now.

    On to the instructions:

    Step 1
    Double click on OTL.exe to run it.
    Copy the lines in the codebox below. (make sure you include the first lot of : )
    Code:
    :OTL
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    :commands
    [emptytemp]
    
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      .
    • Click the red Run Fix button.
    • If OTListIt prompts for permission to reboot the computer, allow it to do so.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

    Copy and paste the contents of the OTL log in your next reply.

    Step 2
    Make sure that you can see hidden files.
    1. Click Start.
    2. Click My Computer.
    3. Select the Tools menu and click Folder Options.
    4. Select the View Tab.
    5. Under the Hidden files and folders heading select Show hidden files and folders.
    6. Uncheck the Hide protected operating system files (recommended) option.
    7. Click Yes to confirm.
    8. Uncheck the Hide file extensions for known file types.
    9. Click OK.

    Click Start >> Search
    In the box 'Search for files or folders named' ... type in
    Enterprise Suite
    then click on Search now.

    Let me know if it finds anything and the paths to any files/folders.

    Step 3
    Please save this file to your desktop. (don't click on the icon to run it)
    Click on Start->> Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

    "%userprofile%\desktop\win32kdiag.exe" -f -r

    When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

    In your next reply, please submit:
    OTL report that comes up after the fix.
    Any search results.
    Win32kDiag.txt


    Thanks.
     
    Last edited by a moderator: Feb 2, 2014
  16. pack1977

    pack1977 Junior Member

    Joined:
    Dec 2, 2009
    Messages:
    26
    Results:eek:

    Computer is still searching for Enterprise Suite files I will let you know if it finds anything. In the mean time happy reading:)

    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
    C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: Luke
    ->Temp folder emptied: 638758 bytes
    ->Temporary Internet Files folder emptied: 5972636 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes

    User: MIchelle
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 6.37 mb


    OTL by OldTimer - Version 3.1.11.4 log created on 12042009_130102

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    Running from: C:\Documents and Settings\Luke\desktop\win32kdiag.exe

    Log file at : C:\Documents and Settings\Luke\Desktop\Win32kDiag.txt

    Removing all found mount points.

    Attempting to reset file permissions.

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...





    Finished!
     
  17. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Actually, that's the shortest Win32kDiag.txt i've seen ...... something must be going right for us now :)

    Let me know if the search throws up anything.
     
  18. pack1977

    pack1977 Junior Member

    Joined:
    Dec 2, 2009
    Messages:
    26
    The search didn't come up with anything. I started a Combo Fix scan and it came up that it was running, any ideas....
     
  19. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    It may show that it's running, but i just can't see it.
    It must be down to a few registry entries that are still there.
    Give me some time to research this and i'll try to find what the registry entries are, then we'll see about removing them.
    I'll get back to you soon.
     
  20. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi pack1977,

    Let's go for broke on this 'Enterprise Suite'.
    I've researched all the processes, files and reg entries it installs.
    We'll discount everything that has been removed already and will go through the list..... that way we don't miss any thing.
    If anything has already been removed, the removal process will just skip that

    Don't worry, i'll make it easy for you. ;)

    Step 1
    Let's get a good backup before we start:

    Backup Your Registry

    The easiest way to do this is to use a program called ERUNT

    Please download ERUNT from Here
    and save it to your 'Desktop'.
    Click Erunt.exe and follow the prompts to backup your registry to a folder of your choice.

    Note:
    To restore your registry, go to the folder and start ERDNT.exe

    A full tutorial on how to set up and use Erunt can be found here:
    Erunt tutorial

    Step 2
    Press the 3 keys:
    Ctrl + Shift + ESC ( to access the 'Task Manager')

    click on the 'Processes' tab and look for these processes:
    Windows Enterprise Suite
    WinESuite.exe
    wee4a1.exe
    WE83b.exe
    cb.exe
    eb.exe
    ppal.exe
    energy.exe

    If any of them are running in the processes............ right-click them and select “End Process” .

    Don't reboot the system yet!

    Step 3
    Double click on OTL.exe to run it.
    Copy the lines in the codebox below. (make sure you include the first lot of : )
    Code:
    :Files
    c:\Documents and Settings\All Users\Application Data\61a60
    c:\Documents and Settings\All Users\Application Data\61a60\WES.ico
    c:\Documents and Settings\All Users\Application Data\61a60\WE83b.exe
    c:\Documents and Settings\All Users\Application Data\WESSys
    c:\Documents and Settings\All Users\Application Data\WESSys\wes.cfg
    c:\Documents and Settings\All Users\Application Data\WESSys\vd952342.bd
    %UserProfile%\Application Data\Windows Enterprise Suite
    %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Enterprise Suite.lnk
    %UserProfile%\Application Data\Windows Enterprise Suite\cookies.sqlite
    %UserProfile%\Application Data\Windows Enterprise Suite\47.mof
    %UserProfile%\Application Data\Windows Enterprise Suite\Instructions.ini
    %UserProfile%\Desktop\Windows Enterprise Suite.lnk
    %UserProfile%\Recent\ANTIGEN.sys
    %UserProfile%\Recent\cb.exe
    %UserProfile%\Recent\cid.dll
    %UserProfile%\Recent\CLSV.dll
    %UserProfile%\Recent\ddv.dll
    %UserProfile%\Recent\DBOLE.sys
    %UserProfile%\Recent\eb.exe
    %UserProfile%\Recent\eb.sys
    %UserProfile%\Recent\energy.exe
    %UserProfile%\Recent\exec.tmp
    %UserProfile%\Recent\kernel32.drv
    %UserProfile%\Recent\PE.drv
    %UserProfile%\Recent\PE.tmp
    %UserProfile%\Recent\ppal.exe
    %UserProfile%\Recent\SICKBOY.tmp
    %UserProfile%\Recent\sld.drv
    %UserProfile%\Recent\tjd.dll 
    %UserProfile%\Recent\tjd.sys
    %UserProfile%\Start Menu\Windows Enterprise Suite.lnk
    %UserProfile%\Start Menu\Programs\Windows Enterprise Suite.lnk
    c:\Program Files\Mozilla Firefox\searchplugins\search.xml 
    
    :Reg
    [-HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}]
    [-HKEY_CLASSES_ROOT\xp_ca0d5.DocHostUIHandler]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    “Windows Enterprise Suite”=-
    [-HKEY_CURRENT_USER\Software\Windows Enterprise Suite]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Enterprise Suite]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Windows Enterprise Suite]
    
    :commands
    [emptytemp]
    
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      .
    • Click the red Run Fix button.
    • If OTListIt prompts for permission to reboot the computer, allow it to do so.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

    Copy and paste the contents of the OTL log in your next reply.

    Step 4
    Please download and scan with SUPERAntiSpyware Free
    • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
    • In the Main Menu, click the Preferences... button.
    • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
    • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen and exit the program.
    • Do not run a scan just yet.
    Please reboot your computer in Safe Mode by doing the following :

    * Restart your computer
    * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    * Instead of Windows loading as normal, a menu with options should appear;
    You will need to use the 'keyboard arrow keys' to navigate on this menu.
    * Select the first option, to run Windows in Safe Mode, then press "Enter".
    * Then choose your usual account.

    Scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    In your next reply, please submit:
    OTL report (after the fix)
    SAS scan report


    Thanks.
     
    Last edited by a moderator: Feb 2, 2014

Share This Page