Author Topic: MS2011Helper.DLL (Read 1862 times)

Seng · « **on:** June 05, 2011, 12:24:23 PM »

Hello,

AVG Free has been having a bunch of viruses pop up on my computer, with one of them being this MS2011Helpder.DLL. For some reason, when I move that one to the Virus Vault, my internet will stop working. I've moved all the viruses back out of the vault to produce the following Hijackthis file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:19:57 PM, on 6/5/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Seng Goo\Application Data\Microsoft\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\CloudManager\CloudManager.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ooVoo\oovoo.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Seng Goo\Application Data\dwm.exe
C:\DOCUME~1\SENGGO~1\LOCALS~1\Temp\csrss.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

F3 - REG:win.ini: load=C:\DOCUME~1\SENGGO~1\LOCALS~1\Temp\csrss.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [conhost] C:\Documents and Settings\Seng Goo\Application Data\Microsoft\conhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DISKER] rundll32.exe C:\DOCUME~1\SENGGO~1\LOCALS~1\Temp\MS2011Helper.DLL,z
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1123561945-854245398-725345543-1004\..\Run: [ooVoo] C\ooVoo.exe /minimized (User 'UpdatusUser')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {90B508F3-F928-4D14-BF4E-9D0D732573E4} (LimeUSA WebCtrl 1) - http://www.limeusa.com/files/application/LimeusaControl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CloudManager - Unknown owner - C:\Program Files\CloudManager\CloudManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MicroCloudEngine - Unknown owner - C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8933 bytes

Any help would be much appreciated. Thank you.

guestolo · « **Reply #1 on:** June 05, 2011, 12:55:36 PM »

Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and double click on OTL.exe to run it
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

Seng · « **Reply #2 on:** June 05, 2011, 01:14:44 PM »

[quote name='guestolo' timestamp='1307296536' post='479712']
Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and double click on OTL.exe to run it
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

[/quote]

I do not know what's going on, but the downloaded file is 0 bytes and I cannot seem to run it.

guestolo · « **Reply #3 on:** June 05, 2011, 01:32:17 PM »

I'm going to try renaming OTL.exe to Seng.com, can you download that copy from Mediafire to your desktop and run it with previous instructions please
http://www.mediafire.com/file/lq3b51xkkp7j6sr/seng.com

Seng · « **Reply #4 on:** June 05, 2011, 02:05:23 PM »

[quote name='guestolo' timestamp='1307298737' post='479714']
I'm going to try renaming OTL.exe to Seng.com, can you download that copy from Mediafire to your desktop and run it with previous instructions please
http://www.mediafire...p7j6sr/seng.com
[/quote]

Here you go; OTL.txt, Extras.txt:

OTL logfile created on: 6/5/2011 2:56:14 PM - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Documents and Settings\Seng Goo\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 75.64% Memory free
6.75 Gb Paging File | 6.16 Gb Available in Paging File | 91.32% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 82.89 Gb Free Space | 44.49% Space Free | Partition Type: NTFS

Computer Name: SENGSPC | User Name: Seng Goo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 14:54:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Seng Goo\My Documents\Downloads\seng.com
PRC - [2011/06/05 10:22:15 | 000,188,416 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Application Data\DWM.EXE
PRC - [2011/06/04 21:38:58 | 000,195,584 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Local Settings\Temp\CSRSS.EXE
PRC - [2011/06/04 21:37:42 | 000,178,688 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Application Data\Microsoft\CONHOST.EXE
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/04/08 01:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/11/24 04:29:06 | 001,179,800 | ---- | M] () -- C:\Program Files\CloudManager\CloudManager.exe
PRC - [2010/11/19 02:56:36 | 001,917,088 | ---- | M] () -- C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe
PRC - [2010/11/16 14:08:38 | 000,094,280 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\LCore.exe
PRC - [2010/11/09 16:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 19:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2005/07/19 18:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 16:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 15:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/06/05 14:54:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Seng Goo\My Documents\Downloads\seng.com
MOD - [2004/08/04 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/04/08 01:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/24 04:29:06 | 001,179,800 | ---- | M] () [Auto | Running] -- C:\Program Files\CloudManager\CloudManager.exe -- (CloudManager)
SRV - [2010/11/19 02:56:36 | 001,917,088 | ---- | M] () [On_Demand | Running] -- C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe -- (MicroCloudEngine)
SRV - [2010/10/28 06:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/13 17:58:20 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2011/01/13 17:58:20 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/08/24 13:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 13:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 13:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 13:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2007/06/15 11:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/08/12 17:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/29 20:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 20:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/05/27 10:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/10 19:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 19:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/04 06:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61192

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61192
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/03 14:43:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 16:20:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 16:19:58 | 000,000,000 | ---D | M]

[2011/01/13 17:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Seng Goo\Application Data\Mozilla\Extensions
[2011/05/06 14:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Seng Goo\Application Data\Mozilla\Firefox\Profiles\gqcy7sfk.default\extensions
[2011/05/06 14:18:20 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\Seng Goo\Application Data\Mozilla\Firefox\Profiles\gqcy7sfk.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/05/06 14:18:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Seng Goo\Application Data\Mozilla\Firefox\Profiles\gqcy7sfk.default\extensions\[email protected]
[2011/04/30 16:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/17 22:42:35 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/06/03 14:43:36 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/04 22:33:58 | 000,434,784 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 14965 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Seng Goo\Application Data\Microsoft\CONHOST.EXE ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [DISKER] C:\Documents and Settings\Seng Goo\Local Settings\Temp\MS2011Helper.DLL ()
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
F3 - HKCU WinNT: Load - (C:\DOCUME~1\SENGGO~1\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Seng Goo\Local Settings\Temp\CSRSS.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {90B508F3-F928-4D14-BF4E-9D0D732573E4} http://www.limeusa.com/files/application/LimeusaControl.CAB (LimeUSA WebCtrl 1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Seng Goo\Application Data\dwm.exe) - C:\Documents and Settings\Seng Goo\Application Data\DWM.EXE ()
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Seng Goo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Seng Goo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/13 16:47:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 13:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/05 13:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Start Menu\Programs\HiJackThis
[2011/06/04 23:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2011/06/04 23:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Local Settings\Application Data\Apps
[2011/06/04 23:40:18 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/06/04 23:39:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/06/04 23:37:52 | 000,062,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2011/06/04 23:37:51 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2011/06/04 23:37:51 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll
[2011/06/04 23:37:51 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2011/06/04 23:37:51 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll
[2011/06/04 22:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/04 22:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/04 22:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/04 21:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Desktop\Modern Family
[2011/06/04 21:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/06/04 19:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Application Data\Apple Computer
[2011/06/04 19:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/04 19:45:23 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/06/04 19:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/04 19:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/04 19:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/04 19:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/04 19:43:13 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/06/04 19:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/04 16:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\NTFS Undelete
[2011/06/04 16:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eSupport.com
[2011/05/31 23:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Desktop\Kaleidoscope
[2011/05/31 15:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/05/31 15:13:08 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220140.dll
[2011/05/31 15:13:08 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322060.dll
[2011/05/17 22:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/17 22:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/17 22:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/14 17:43:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Seng Goo\Desktop\Elements of Life
[2011/05/14 17:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Desktop\club life
[2011/05/14 17:18:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Seng Goo\Desktop\Kaleidoscope Remixed
[2011/05/14 12:12:30 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/05/14 12:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Application Data\AVG10
[2011/05/14 12:10:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/14 12:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/14 12:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/14 12:08:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/05/14 12:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/05/14 12:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2002/04/11 10:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/05 14:12:59 | 000,007,916 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Application Data\5572.9C5
[2011/06/05 13:12:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/05 13:11:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/05 10:25:59 | 117,270,103 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/05 10:24:03 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A72003C9-4D6E-4215-B8CD-42D5055AF2CA}.job
[2011/06/05 10:22:15 | 000,188,416 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Application Data\DWM.EXE
[2011/06/04 23:42:01 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/04 23:42:01 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/04 22:55:05 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011/06/04 22:33:58 | 000,434,784 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/04 19:43:31 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/04 16:00:43 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/03 14:43:36 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/02 22:57:19 | 000,151,078 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/05/31 15:13:36 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/31 15:13:36 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/31 15:13:34 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/31 15:09:33 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/05/18 15:58:01 | 003,213,163 | ---- | M] () -- C:\Documents and Settings\Seng Goo\My Documents\random stuff.mp3
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/05 10:25:59 | 117,270,103 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/05 10:22:15 | 000,188,416 | ---- | C] () -- C:\Documents and Settings\Seng Goo\Application Data\DWM.EXE
[2011/06/04 21:37:45 | 000,007,916 | ---- | C] () -- C:\Documents and Settings\Seng Goo\Application Data\5572.9C5
[2011/06/04 19:43:30 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/02 22:57:18 | 000,151,078 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/05/17 22:43:38 | 003,213,163 | ---- | C] () -- C:\Documents and Settings\Seng Goo\My Documents\random stuff.mp3
[2011/05/14 12:09:56 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/20 01:06:30 | 000,076,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/06 00:18:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/18 00:50:09 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Seng Goo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/17 23:00:44 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2011/01/17 23:00:39 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2011/01/17 23:00:39 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/01/17 22:57:43 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/01/13 17:45:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/13 17:38:12 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini
[2011/01/13 17:38:12 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/01/13 17:16:52 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/13 17:16:50 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/13 17:16:50 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/13 17:16:43 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/13 16:51:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/13 16:49:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/13 16:44:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/13 11:36:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/13 11:34:33 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,395,200 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,059,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/02 19:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

< End of report >

--------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 6/5/2011 2:56:14 PM - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Documents and Settings\Seng Goo\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 75.64% Memory free
6.75 Gb Paging File | 6.16 Gb Available in Paging File | 91.32% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 82.89 Gb Free Space | 44.49% Space Free | Partition Type: NTFS

Computer Name: SENGSPC | User Name: Seng Goo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57179:TCP" = 57179:TCP:*:Enabled:Pando Media Booster
"57179:UDP" = 57179:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"57179:TCP" = 57179:TCP:*:Enabled:Pando Media Booster
"57179:UDP" = 57179:UDP:*:Enabled:Pando Media Booster
"8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
"8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher
"8382:TCP" = 8382:TCP:*:Enabled:League of Legends Launcher
"8382:UDP" = 8382:UDP:*:Enabled:League of Legends Launcher
"8383:TCP" = 8383:TCP:*:Enabled:League of Legends Launcher
"8383:UDP" = 8383:UDP:*:Enabled:League of Legends Launcher
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
"6987:TCP" = 6987:TCP:*:Enabled:League of Legends Launcher
"6987:UDP" = 6987:UDP:*:Enabled:League of Legends Launcher
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\LimeUSA\limeusa_download.exe" = C:\Program Files\LimeUSA\limeusa_download.exe:*:Enabled:LimeUSA
"C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe" = C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe:*:Enabled:MicroCloudEngine -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Riot Games\League of Legends\lol.launcher.exe" = C:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- ()
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{93FF055C-7E0B-4E26-AAFB-2C4333E2D7D0}" = Logitech Gaming Software 7.00
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC40FA96-9445-4EF4-8DDB-5DADF5F01BA8}" = AVG 2011
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"CloudManager" = CloudManager
"Device Control" = Device Control
"DtsFilter" = DTS+AC3 Filter
"EAXSet" = Creative EAX Settings
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GOM Player" = GOM Player
"GomTV Launcher Plugin" = GOMTV Plug-in
"ie8" = Windows Internet Explorer 8
"MicroCloudEngine" = MicroCloudEngine
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"NTFS Undelete_is1" = NTFS Undelete 3.0.2.406
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"QcDrv" = Logitech(r) Camera 드라이버
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"sp6" = Logitech SetPoint 6.20
"SPEAKER" = Creative Speaker Settings
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/3/2011 7:22:51 PM | Computer Name = SENGSPC | Source = Application Hang | ID = 1002
Description = Hanging application GOM.exe, version 2.1.30.5051, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/14/2011 3:13:16 PM | Computer Name = SENGSPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/24/2011 11:38:52 AM | Computer Name = SENGSPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/25/2011 3:11:46 PM | Computer Name = SENGSPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/2/2011 10:10:02 AM | Computer Name = SENGSPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/2/2011 10:11:20 AM | Computer Name = SENGSPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/3/2011 12:08:11 AM | Computer Name = SENGSPC | Source = BugSplat | ID = 1
Description =

Error - 6/4/2011 9:41:20 PM | Computer Name = SENGSPC | Source = Application Hang | ID = 1002
Description = Hanging application Unerase.exe, version 4.8.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/4/2011 11:35:23 PM | Computer Name = SENGSPC | Source = MsiInstaller | ID = 10005
Description = Product: Windows 7 USB/DVD Download Tool -- This application requires
.NET Framework 2.0 and the Image Mastering API v2. Please install the prerequisites
then run this installer again.

Error - 6/4/2011 11:37:42 PM | Computer Name = SENGSPC | Source = MsiInstaller | ID = 10005
Description = Product: Windows 7 USB/DVD Download Tool -- This application requires
.NET Framework 2.0 and the Image Mastering API v2. Please install the prerequisites
then run this installer again.

[ System Events ]
Error - 3/20/2011 12:00:26 AM | Computer Name = SENGSPC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.104 for the Network Card with network
address 0040CA931746 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/20/2011 12:00:27 AM | Computer Name = SENGSPC | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 3/21/2011 7:31:09 PM | Computer Name = SENGSPC | Source = Service Control Manager | ID = 7034
Description = The MicroCloudEngine service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/21/2011 7:31:11 PM | Computer Name = SENGSPC | Source = Service Control Manager | ID = 7034
Description = The CloudManager service terminated unexpectedly. It has done this
1 time(s).

Error - 3/21/2011 7:31:18 PM | Computer Name = SENGSPC | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 3/21/2011 7:31:18 PM | Computer Name = SENGSPC | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/26/2011 2:11:05 AM | Computer Name = SENGSPC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.103 for the Network Card with network
address 0040CA931746 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/31/2011 1:49:05 PM | Computer Name = SENGSPC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 0040CA931746 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/4/2011 1:07:03 AM | Computer Name = SENGSPC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 0040CA931746 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/7/2011 2:12:15 AM | Computer Name = SENGSPC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.104 for the Network Card with network
address 0040CA931746 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

< End of report >

guestolo · « **Reply #5 on:** June 05, 2011, 02:51:24 PM »

Not a big problem at this point, but in the future, if I ask that you run a tool from your desktop, can you please move it there
I realize the default download location of Firefox is in the Downloads folder
As eg... C:\Documents and Settings\Seng Goo\My Documents\Downloads\seng.com
But you can easily right click on the file and copy/paste it to your desktop, can you move it now please

Then do the following
I suggest that you print the rest of these instructions, or save them to a text file on desktop

Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot
Reboot the computer to ensure the change is set

Double click on OTL.exe and Run it

Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Quote
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61192
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61192
FF - prefs.js..network.proxy.type: 1
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Seng Goo\Application Data\Microsoft\CONHOST.EXE ()
O4 - HKCU..\Run: [DISKER] C:\Documents and Settings\Seng Goo\Local Settings\Temp\MS2011Helper.DLL ()
F3 - HKCU WinNT: Load - (C:\DOCUME~1\SENGGO~1\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Seng Goo\Local Settings\Temp\CSRSS.EXE ()
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Seng Goo\Application Data\dwm.exe) - C:\Documents and Settings\Seng Goo\Application Data\DWM.EXE ()
:Reg
:Files
ipconfig /flushdns /c
:Commands
[EmptyTemp]
[EmptyFlash]
Then click the [color="#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

In addition:
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Let me know how things are now running please

NOTE: If you have no internet connection after the above fixes with OTL or MBAM
Please do the following
In Firefox: Go to TOOLS>>OPTIONS>>ADVANCED>>NETWORK>>SETTINGS under Connections
Select "Use system proxy settings"
OK out of there and restart Firefox

In IE: Click on TOOLS>>Internet Options>>Connections tab>>LAN Settings
Untick all boxes in the new windows, especially ensure that "Use a proxy server......"
is NOT ticked, OK and Apply out of there
Restart IE

Seng · « **Reply #6 on:** June 05, 2011, 06:29:40 PM »

Hello,

I've attempted to do the latter OTL Run Fix scan twice now, but I keep getting an error. It goes to the blue screen with white text stating some file has gone missing and disallows the pc to continue. I did get through the first OTL run. I'm posting a log of that below. I did not get an Extras log this time.

OTL logfile created on: 6/5/2011 7:18:50 PM - Run 3
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Documents and Settings\Seng Goo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 78.95% Memory free
6.75 Gb Paging File | 6.27 Gb Available in Paging File | 92.86% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 82.89 Gb Free Space | 44.49% Space Free | Partition Type: NTFS

Computer Name: SENGSPC | User Name: Seng Goo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 19:13:57 | 000,178,688 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Application Data\Microsoft\conhost.exe
PRC - [2011/06/05 14:54:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Seng Goo\Desktop\seng.com
PRC - [2011/06/05 10:22:15 | 000,188,416 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Application Data\DWM.EXE
PRC - [2011/06/04 21:38:58 | 000,195,584 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Local Settings\Temp\CSRSS.EXE
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/04/08 01:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/11/24 04:29:06 | 001,179,800 | ---- | M] () -- C:\Program Files\CloudManager\CloudManager.exe
PRC - [2010/11/19 02:56:36 | 001,917,088 | ---- | M] () -- C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe
PRC - [2010/11/16 14:08:38 | 000,094,280 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\LCore.exe
PRC - [2005/07/19 18:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 16:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 15:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 06:00:00 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe

========== Modules (SafeList) ==========

MOD - [2011/06/05 14:54:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Seng Goo\Desktop\seng.com
MOD - [2004/08/04 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/04/08 01:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/24 04:29:06 | 001,179,800 | ---- | M] () [Auto | Running] -- C:\Program Files\CloudManager\CloudManager.exe -- (CloudManager)
SRV - [2010/11/19 02:56:36 | 001,917,088 | ---- | M] () [On_Demand | Running] -- C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe -- (MicroCloudEngine)
SRV - [2010/10/28 06:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/13 17:58:20 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2011/01/13 17:58:20 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/08/24 13:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 13:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 13:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 13:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2007/06/15 11:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/08/12 17:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/29 20:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 20:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/05/27 10:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/10 19:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 19:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/04 06:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61192

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61192
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/03 14:43:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 16:20:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 16:19:58 | 000,000,000 | ---D | M]

[2011/01/13 17:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Seng Goo\Application Data\Mozilla\Extensions
[2011/05/06 14:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Seng Goo\Application Data\Mozilla\Firefox\Profiles\gqcy7sfk.default\extensions
[2011/05/06 14:18:20 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\Seng Goo\Application Data\Mozilla\Firefox\Profiles\gqcy7sfk.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/05/06 14:18:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Seng Goo\Application Data\Mozilla\Firefox\Profiles\gqcy7sfk.default\extensions\[email protected]
[2011/04/30 16:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/17 22:42:35 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/06/03 14:43:36 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/04 22:33:58 | 000,434,784 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 14965 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Seng Goo\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [DISKER] C:\Documents and Settings\Seng Goo\Local Settings\Temp\MS2011Helper.DLL ()
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
F3 - HKCU WinNT: Load - (C:\DOCUME~1\SENGGO~1\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Seng Goo\Local Settings\Temp\CSRSS.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {90B508F3-F928-4D14-BF4E-9D0D732573E4} http://www.limeusa.com/files/application/LimeusaControl.CAB (LimeUSA WebCtrl 1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Seng Goo\Application Data\dwm.exe) - C:\Documents and Settings\Seng Goo\Application Data\DWM.EXE ()
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Seng Goo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Seng Goo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/13 16:47:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 16:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Desktop\index.php_files
[2011/06/05 14:54:15 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Seng Goo\Desktop\seng.com
[2011/06/05 13:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/05 13:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Start Menu\Programs\HiJackThis
[2011/06/04 23:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2011/06/04 23:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Local Settings\Application Data\Apps
[2011/06/04 23:40:18 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/06/04 23:39:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/06/04 23:37:52 | 000,062,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2011/06/04 23:37:51 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2011/06/04 23:37:51 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll
[2011/06/04 23:37:51 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2011/06/04 23:37:51 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll
[2011/06/04 22:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/04 22:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/04 22:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/04 21:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Desktop\Modern Family
[2011/06/04 21:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/06/04 19:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Application Data\Apple Computer
[2011/06/04 19:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/04 19:45:23 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/06/04 19:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/04 19:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/04 19:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/04 19:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/04 19:43:13 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/06/04 19:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/04 16:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\NTFS Undelete
[2011/06/04 16:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eSupport.com
[2011/05/31 23:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Desktop\Kaleidoscope
[2011/05/31 15:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/05/31 15:13:08 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220140.dll
[2011/05/31 15:13:08 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322060.dll
[2011/05/17 22:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/17 22:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/17 22:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/14 17:43:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Seng Goo\Desktop\Elements of Life
[2011/05/14 17:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Desktop\club life
[2011/05/14 17:18:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Seng Goo\Desktop\Kaleidoscope Remixed
[2011/05/14 12:12:30 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/05/14 12:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Application Data\AVG10
[2011/05/14 12:10:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/14 12:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/14 12:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/14 12:08:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/05/14 12:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/05/14 12:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2002/04/11 10:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/05 19:13:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/05 19:13:36 | 000,008,312 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Application Data\5572.9C5
[2011/06/05 19:13:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/05 18:55:15 | 117,308,668 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/05 18:03:55 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A72003C9-4D6E-4215-B8CD-42D5055AF2CA}.job
[2011/06/05 16:34:36 | 000,261,655 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Desktop\index.php.htm
[2011/06/05 14:54:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Seng Goo\Desktop\seng.com
[2011/06/05 10:22:15 | 000,188,416 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Application Data\DWM.EXE
[2011/06/04 23:42:01 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/04 23:42:01 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/04 22:55:05 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011/06/04 22:33:58 | 000,434,784 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/04 19:43:31 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/04 16:00:43 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/03 14:43:36 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/02 22:57:19 | 000,151,078 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/05/31 15:13:36 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/31 15:13:36 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/31 15:13:34 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/31 15:09:33 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/05/18 15:58:01 | 003,213,163 | ---- | M] () -- C:\Documents and Settings\Seng Goo\My Documents\random stuff.mp3
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/05 18:55:15 | 117,308,668 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/05 16:34:34 | 000,261,655 | ---- | C] () -- C:\Documents and Settings\Seng Goo\Desktop\index.php.htm
[2011/06/05 10:22:15 | 000,188,416 | ---- | C] () -- C:\Documents and Settings\Seng Goo\Application Data\DWM.EXE
[2011/06/04 21:37:45 | 000,008,312 | ---- | C] () -- C:\Documents and Settings\Seng Goo\Application Data\5572.9C5
[2011/06/04 19:43:30 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/02 22:57:18 | 000,151,078 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/05/17 22:43:38 | 003,213,163 | ---- | C] () -- C:\Documents and Settings\Seng Goo\My Documents\random stuff.mp3
[2011/05/14 12:09:56 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/20 01:06:30 | 000,076,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/06 00:18:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/18 00:50:09 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Seng Goo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/17 23:00:44 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2011/01/17 23:00:39 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2011/01/17 23:00:39 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/01/17 22:57:43 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/01/13 17:45:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/13 17:38:12 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini
[2011/01/13 17:38:12 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/01/13 17:16:52 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/13 17:16:50 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/13 17:16:50 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/13 17:16:43 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/13 16:51:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/13 16:49:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/13 16:44:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/13 11:36:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/13 11:34:33 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,395,200 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,059,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/02 19:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

< End of report >

guestolo · « **Reply #7 on:** June 05, 2011, 08:20:27 PM »

Quote

I've attempted to do the latter OTL Run Fix scan twice now, but I keep getting an error. It goes to the blue screen with white text stating some file has gone missing and disallows the pc to continue.

Can you be more specific please, what error?
What file has gone missing?

Seng · « **Reply #8 on:** June 05, 2011, 09:29:01 PM »

[quote name='guestolo' timestamp='1307323227' post='479719']
Can you be more specific please, what error?
What file has gone missing?
[/quote]

Hello,

This is the message I am getting:

Quote

[color="#1C2837"][size="2"]A problem has been detected and windows has been shut down to prevent damage to your computer.[/size][/color][color="#1C2837"][size="2"]
A process or thread crucial to your system operation has unexpectedly exited or been terminated.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or software manufacturer for any Windows [/size]updates you might need.

If problems continue disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select advanced start up options and then select Safe Mode.

Technical information:

***Stop: 0x000000F4 (0x00000003, 0x82930C6E8, 0x8930C85C, 0x805C874A)

[/color][size="2"]Beginning dump of physical memory.[/size]

guestolo · « **Reply #9 on:** June 05, 2011, 10:02:29 PM »

I would like you to run a certain fix, but unfortunately it does not play well with AVG
Can I have you uninstall AVG 2011
Afterwards, reboot the computer, back in Windows

Download ComboFix from the following location

[color="#0000FF"]Link 1[/color]
Save it ONLY to your Desktop

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color="#2e8b57"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Note: Remember how to reestablish Internet connection if you lose connection
That is ONLY if you have no Internet connection AFTER the fix, during the Fix it is not unusual for ComboFix to
Disconnect you from Internet
In Firefox: Go to TOOLS>>OPTIONS>>ADVANCED>>NETWORK>>SETTINGS under Connections
Select "Use system proxy settings"
OK out of there and restart Firefox

In IE: Click on TOOLS>>Internet Options>>Connections tab>>LAN Settings
Untick all boxes in the new windows, especially ensure that "Use a proxy server......"
is NOT ticked, OK and Apply out of there
Restart IE

Seng · « **Reply #10 on:** June 05, 2011, 11:27:08 PM »

Hello,

Here is the log:

Quote

ComboFix 11-06-05.06 - Seng Goo 6/2011 Mon 0:13.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.3070.2563 [GMT -4:00]
Running from: c:\documents and settings\Seng Goo\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\SENGGO~1\LOCALS~1\Temp\MS2011Helper.DLL
c:\documents and settings\Seng Goo\Application Data\DWM.EXE
c:\documents and settings\Seng Goo\Application Data\Microsoft\conhost.exe
c:\documents and settings\Seng Goo\Application Data\MultiDownload
c:\documents and settings\Seng Goo\Local Settings\Temp\MS2011Helper.DLL
C:\install.exe
c:\program files\Steam\steam.exe
c:\windows\settings.reg
c:\windows\system32\Data
.
.
((((((((((((((((((((((((( Files Created from 2011-05-06 to 2011-06-06 )))))))))))))))))))))))))))))))
.
.
2011-06-06 02:21 . 2011-06-06 02:21   --------   d-----w-   C:\_OTL
2011-06-05 17:16 . 2011-06-05 17:16   388096   ----a-r-   c:\documents and settings\Seng Goo\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-05 17:16 . 2011-06-05 17:16   --------   d-----w-   c:\program files\Trend Micro
2011-06-05 03:42 . 2011-06-05 03:42   119808   ----a-r-   c:\documents and settings\Seng Goo\Application Data\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2011-06-05 03:42 . 2011-06-05 03:42   --------   d-----w-   c:\documents and settings\Seng Goo\Local Settings\Application Data\Apps
2011-06-05 03:37 . 2008-05-02 09:05   62592   -c----w-   c:\windows\system32\dllcache\cdrom.sys
2011-06-05 03:37 . 2008-05-02 13:30   464384   -c----w-   c:\windows\system32\dllcache\imapi2fs.dll
2011-06-05 03:37 . 2008-05-02 13:30   464384   ------w-   c:\windows\system32\imapi2fs.dll
2011-06-05 03:37 . 2008-05-02 13:30   317952   -c----w-   c:\windows\system32\dllcache\imapi2.dll
2011-06-05 03:37 . 2008-05-02 13:30   317952   ------w-   c:\windows\system32\imapi2.dll
2011-06-05 02:25 . 2011-06-05 14:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-06-05 02:25 . 2011-06-05 02:26   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2011-06-05 01:02 . 2011-06-05 01:02   --------   d-----w-   c:\documents and settings\LocalService\Application Data\Apple Computer
2011-06-04 23:46 . 2011-06-05 01:03   --------   d-----w-   c:\documents and settings\Seng Goo\Application Data\Apple Computer
2011-06-04 23:45 . 2009-05-18 17:17   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-04 23:45 . 2008-04-17 16:12   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2011-06-04 23:44 . 2011-06-04 23:44   --------   d-----w-   c:\program files\iPod
2011-06-04 23:44 . 2011-06-04 23:45   --------   d-----w-   c:\program files\iTunes
2011-06-04 23:44 . 2011-06-04 23:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-06-04 23:43 . 2011-06-04 23:43   --------   d-----w-   c:\program files\Apple Software Update
2011-06-04 23:43 . 2011-02-18 20:36   41984   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2011-06-04 23:43 . 2011-02-18 20:36   4184352   ----a-w-   c:\windows\system32\usbaaplrc.dll
2011-06-04 23:42 . 2011-06-04 23:42   --------   d-----w-   c:\program files\Bonjour
2011-06-04 20:01 . 2011-06-04 20:01   --------   d-----w-   c:\program files\NTFS Undelete
2011-05-31 19:14 . 2011-05-31 19:14   --------   d-----w-   c:\documents and settings\UpdatusUser
2011-05-31 19:14 . 2011-05-31 19:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\NVIDIA
2011-05-31 19:13 . 2011-04-08 05:14   944232   ----a-w-   c:\windows\system32\nvdispco3220140.dll
2011-05-31 19:13 . 2011-04-08 05:14   855656   ----a-w-   c:\windows\system32\nvgenco322060.dll
2011-05-18 02:42 . 2011-06-02 20:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype Extras
2011-05-18 02:42 . 2011-05-18 02:42   --------   d-----w-   c:\program files\Common Files\Skype
2011-05-14 16:11 . 2011-05-14 16:11   --------   d-----w-   c:\documents and settings\Seng Goo\Application Data\AVG10
2011-05-14 16:10 . 2011-05-14 16:10   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
2011-05-14 16:08 . 2011-06-06 04:05   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG10
2011-05-14 16:08 . 2011-05-14 16:08   --------   d-----w-   c:\program files\AVG
2011-05-14 16:01 . 2011-06-06 04:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-08 05:14 . 2011-01-13 21:16   61440   ----a-w-   c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2011-01-13 21:16   5210112   ----a-w-   c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2011-01-13 21:16   2770536   ----a-w-   c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2011-01-13 21:16   2074216   ----a-w-   c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2011-01-13 21:16   14856192   ----a-w-   c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2011-01-13 21:16   4111232   ----a-w-   c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2011-01-13 21:16   2027008   ----a-w-   c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2011-01-13 21:16   13000704   ----a-w-   c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2011-01-13 21:16   12501600   ----a-w-   c:\windows\system32\drivers\nv4_mini.sys
2011-04-08 02:15 . 2011-04-08 02:15   81920   ----a-w-   c:\windows\system32\nvwddi.dll
2011-04-08 02:15 . 2011-04-08 02:15   580200   ----a-w-   c:\windows\system32\easyUpdatusAPIU.dll
2011-04-08 02:15 . 2011-04-08 02:15   277608   ----a-w-   c:\windows\system32\nvmccs.dll
2011-04-08 02:15 . 2011-04-08 02:15   13891176   ----a-w-   c:\windows\system32\nvcpl.dll
2011-04-08 02:15 . 2011-04-08 02:15   111208   ----a-w-   c:\windows\system32\nvmctray.dll
2011-04-08 02:15 . 2011-04-08 02:15   155752   ----a-w-   c:\windows\system32\nvsvc32.exe
2011-04-08 02:15 . 2011-04-08 02:15   145000   ----a-w-   c:\windows\system32\nvcolor.exe
2011-04-06 20:20 . 2011-04-06 20:20   91424   ----a-w-   c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20   75040   ----a-w-   c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2011-04-14 16:26 . 2011-04-30 20:20   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-01-25 22504120]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2005-05-04 64512]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 94280]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-11-29 421888]
"NvMediaCenter"="NvMCTray.dll" [2011-04-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-08 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13   64592   ----a-w-   c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\MicroCloudEngine\\MicroCloudEngine.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"57179:TCP"= 57179:TCP:Pando Media Booster
"57179:UDP"= 57179:UDP:Pando Media Booster
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6987:TCP"= 6987:TCP:League of Legends Launcher
"6987:UDP"= 6987:UDP:League of Legends Launcher
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
.
R2 CloudManager;CloudManager;c:\program files\CloudManager\CloudManager.exe [11/24/2010 4:29 AM 1179800]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/13/2011 6:02 PM 10448]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [5/31/2011 3:14 PM 2218600]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [1/13/2011 5:58 PM 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [1/13/2011 5:58 PM 14856]
R3 MicroCloudEngine;MicroCloudEngine;c:\program files\MicroCloudEngine\MicroCloudEngine.exe [11/19/2010 2:56 AM 1917088]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-06-06 c:\windows\Tasks\User_Feed_Synchronization-{A72003C9-4D6E-4215-B8CD-42D5055AF2CA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:61192
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: {90B508F3-F928-4D14-BF4E-9D0D732573E4} - hxxp://www.limeusa.com/files/application/LimeusaControl.CAB
FF - ProfilePath - c:\documents and settings\Seng Goo\Application Data\Mozilla\Firefox\Profiles\gqcy7sfk.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61192
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Steam - c:\program files\Steam\steam.exe
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-06 00:18
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-854245398-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6710C92D-4506-F40A-644C-C998DE5A3303}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"haolfchonmlkekpj"=hex:6f,61,6c,6b,6b,62,6f,66,6b,70,68,64,66,66,67,68,69,65,
66,68,6b,6d,6c,67,6a,69,64,6c,65,70,00,77
"janlgcdhihooibalombk"=hex:64,62,6e,66,68,69,65,6c,6e,6c,6c,6c,6c,6a,69,6f,70,
6d,63,6c,6a,67,67,65,68,6e,70,6c,64,69,62,63,62,64,70,6b,6c,70,67,68,00,e6
.
[HKEY_USERS\S-1-5-21-1123561945-854245398-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F633957C-F434-A07D-B301-D974C9170E76}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3356)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-06-06 00:23:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-06 04:23
.
Pre-Run: 92,001,746,944 bytes free
Post-Run: 92,032,651,264 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - F67F8F8E42917A5358541CEBD9590B5C

guestolo · « **Reply #11 on:** June 05, 2011, 11:33:36 PM »

Please do the following and let me know if you still have internet connection
In Firefox: Go to TOOLS>>OPTIONS>>ADVANCED>>NETWORK>>SETTINGS under Connections
Select "Use system proxy settings"
OK out of there and restart Firefox

In IE: Click on TOOLS>>Internet Options>>Connections tab>>LAN Settings
Untick all boxes in the new windows, especially ensure that "Use a proxy server......"
is NOT ticked, OK and Apply out of there
Restart IE

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

In addition: Reopen OTL.exe, run a Quick Scan>>Post the log that opens when done

Let me know how things are now running please

Seng · « **Reply #12 on:** June 06, 2011, 12:50:35 AM »

Hello,

Here are the two posts. Things seem to be running smoother now. I have internet access through both browsers. Should I install AVG back now (or another Anti-Virus that you would recommend). Again, thank you for everything so far. You're incredible.

Quote

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6784

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/6/2011 1:45:11 AM
mbam-log-2011-06-06 (01-45-11).txt

Scan type: Quick scan
Objects scanned: 154996
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Quote

OTL logfile created on: 6/6/2011 1:46:26 AM - Run 5
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Documents and Settings\Seng Goo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 71.94% Memory free
6.75 Gb Paging File | 6.11 Gb Available in Paging File | 90.56% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 85.13 Gb Free Space | 45.70% Space Free | Partition Type: NTFS

Computer Name: SENGSPC | User Name: Seng Goo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color="#E56717"]========== Processes (SafeList) ==========[/color]

PRC - [2011/06/05 14:54:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Seng Goo\Desktop\seng.com
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/08 01:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/11/24 04:29:06 | 001,179,800 | ---- | M] () -- C:\Program Files\CloudManager\CloudManager.exe
PRC - [2010/11/19 02:56:36 | 001,917,088 | ---- | M] () -- C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe
PRC - [2010/11/16 14:08:38 | 000,094,280 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\LCore.exe
PRC - [2010/11/09 16:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 19:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2005/07/19 18:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 16:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 15:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[color="#E56717"]========== Modules (SafeList) ==========[/color]

MOD - [2011/06/05 14:54:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Seng Goo\Desktop\seng.com
MOD - [2004/08/04 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[color="#E56717"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/08 01:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/24 04:29:06 | 001,179,800 | ---- | M] () [Auto | Running] -- C:\Program Files\CloudManager\CloudManager.exe -- (CloudManager)
SRV - [2010/11/19 02:56:36 | 001,917,088 | ---- | M] () [On_Demand | Running] -- C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe -- (MicroCloudEngine)
SRV - [2010/10/28 06:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

[color="#E56717"]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/01/13 17:58:20 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2011/01/13 17:58:20 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2010/08/24 13:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 13:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 13:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 13:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2007/06/15 11:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/08/12 17:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/29 20:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 20:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/05/27 10:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/10 19:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 19:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/04 06:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)

[color="#E56717"]========== Standard Registry (SafeList) ==========[/color]

[color="#E56717"]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61192

[color="#E56717"]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61192

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 16:20:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 16:19:58 | 000,000,000 | ---D | M]

[2011/01/13 17:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Seng Goo\Application Data\Mozilla\Extensions
[2011/05/06 14:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Seng Goo\Application Data\Mozilla\Firefox\Profiles\gqcy7sfk.default\extensions
[2011/05/06 14:18:20 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\Seng Goo\Application Data\Mozilla\Firefox\Profiles\gqcy7sfk.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/05/06 14:18:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Seng Goo\Application Data\Mozilla\Firefox\Profiles\gqcy7sfk.default\extensions\[email protected]
[2011/04/30 16:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/17 22:42:35 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/06 00:18:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {90B508F3-F928-4D14-BF4E-9D0D732573E4} http://www.limeusa.c...eusaControl.CAB (LimeUSA WebCtrl 1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Seng Goo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Seng Goo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/13 16:47:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color="#E56717"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/06/06 01:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Application Data\Malwarebytes
[2011/06/06 01:41:44 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/06 01:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/06 01:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/06 01:41:40 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/06 01:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/06 01:40:58 | 009,435,312 | ---- | C] (Malwarebytes Corporation     ) -- C:\Documents and Settings\Seng Goo\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/06 00:49:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/06 00:47:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/06/06 00:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/06/06 00:46:55 | 000,000,000 | ---D | C] -- C:\4e5478cd5bbf9be9324bbcf0e57578
[2011/06/06 00:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/06/06 00:23:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/06 00:11:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/06 00:09:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/06 00:09:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/06 00:09:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/06 00:09:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/06 00:09:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/06 00:09:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/06 00:09:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Seng Goo\My Documents\My Videos
[2011/06/06 00:09:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Seng Goo\Start Menu\Programs\Administrative Tools
[2011/06/06 00:01:17 | 004,113,725 | R--- | C] (Swearware) -- C:\Documents and Settings\Seng Goo\Desktop\ComboFix.exe
[2011/06/05 22:21:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/05 14:54:15 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Seng Goo\Desktop\seng.com
[2011/06/05 13:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/05 13:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Start Menu\Programs\HiJackThis
[2011/06/04 23:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2011/06/04 23:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Local Settings\Application Data\Apps
[2011/06/04 23:40:18 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/06/04 23:39:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/06/04 22:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/04 22:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/04 22:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/04 21:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Desktop\Modern Family
[2011/06/04 21:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/06/04 19:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Application Data\Apple Computer
[2011/06/04 19:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/04 19:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/04 19:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/04 19:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/04 19:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/04 19:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/04 16:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\NTFS Undelete
[2011/06/04 16:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eSupport.com
[2011/05/31 23:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Desktop\Kaleidoscope
[2011/05/31 15:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/05/17 22:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/17 22:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/17 22:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/14 17:43:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Seng Goo\Desktop\Elements of Life
[2011/05/14 17:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Desktop\club life
[2011/05/14 17:18:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Seng Goo\Desktop\Kaleidoscope Remixed
[2011/05/14 12:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Application Data\AVG10
[2011/05/14 12:10:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/14 12:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/14 12:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/05/14 12:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2002/04/11 10:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color="#E56717"]========== Files - Modified Within 30 Days ==========[/color]

[2011/06/06 01:41:05 | 009,435,312 | ---- | M] (Malwarebytes Corporation     ) -- C:\Documents and Settings\Seng Goo\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/06 01:37:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/06 01:37:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/06 01:36:58 | 000,333,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/06 00:50:08 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/06 00:50:08 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/06 00:34:27 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A72003C9-4D6E-4215-B8CD-42D5055AF2CA}.job
[2011/06/06 00:18:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/06 00:11:38 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2011/06/06 00:01:20 | 004,113,725 | R--- | M] (Swearware) -- C:\Documents and Settings\Seng Goo\Desktop\ComboFix.exe
[2011/06/05 22:48:29 | 000,082,432 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/05 19:13:36 | 000,008,312 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Application Data\5572.9C5
[2011/06/05 14:54:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Seng Goo\Desktop\seng.com
[2011/06/04 23:38:44 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/04 22:55:05 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2011/06/04 19:43:31 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/31 15:13:36 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/31 15:13:36 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/31 15:13:34 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/31 15:09:33 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/18 15:58:01 | 003,213,163 | ---- | M] () -- C:\Documents and Settings\Seng Goo\My Documents\random stuff.mp3
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color="#E56717"]========== Files Created - No Company Name ==========[/color]

[2011/06/06 00:11:37 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2011/06/06 00:11:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/06 00:09:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/06 00:09:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/06 00:09:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/06 00:09:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/06 00:09:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/04 21:37:45 | 000,008,312 | ---- | C] () -- C:\Documents and Settings\Seng Goo\Application Data\5572.9C5
[2011/06/04 19:43:30 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/17 22:43:38 | 003,213,163 | ---- | C] () -- C:\Documents and Settings\Seng Goo\My Documents\random stuff.mp3
[2011/04/20 01:06:30 | 000,076,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/06 00:18:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/18 00:50:09 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\Seng Goo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/17 23:00:44 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2011/01/17 23:00:39 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2011/01/17 23:00:39 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/01/17 22:57:43 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/01/13 17:45:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/13 17:38:12 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini
[2011/01/13 17:38:12 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/01/13 17:16:52 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/13 17:16:50 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/13 17:16:50 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/13 17:16:43 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/13 16:51:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/13 16:49:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/13 16:44:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/13 11:36:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/13 11:34:33 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/02 19:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[color="#E56717"]========== LOP Check ==========[/color]

[2011/06/06 00:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/14 12:10:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/06 00:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/25 11:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MicroBinData
[2011/06/05 01:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/02/25 12:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xOcean
[2011/06/04 19:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/14 12:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seng Goo\Application Data\AVG10
[2011/06/04 21:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seng Goo\Application Data\Azureus
[2011/01/13 18:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seng Goo\Application Data\Leadertech
[2011/03/21 21:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seng Goo\Application Data\LolClient
[2011/02/05 21:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seng Goo\Application Data\ooVoo Details
[2011/05/07 23:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seng Goo\Application Data\RIFT
[2011/06/06 00:34:27 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A72003C9-4D6E-4215-B8CD-42D5055AF2CA}.job

[color="#E56717"]========== Purity Check ==========[/color]

< End of report >

guestolo · « **Reply #13 on:** June 06, 2011, 11:57:53 PM »

Quote

I have internet access through both browsers. Should I install AVG back now

Sorry for the delay, yes go ahead and reinstall AVG now and do a complete system scan when done
Afterwards
Can you do the following
In IE: Click on TOOLS>>Internet Options>>Connections tab>>LAN Settings
Tick "Use Proxy Server" >>highlight and delete anything to do with a proxy server, especially the following address
http=127.0.0.1:61192>>everything should be blank, then go back and UNTICK "Use Proxy Server", OK out of there

In Firefox>>Go to TOOLS>>OPTIONS>>ADVANCED>>NETWORK>>SETTINGS under Connections
Select "Manual Proxy configuration"
Highlight and delete all settings
OK it then
Select "Use system proxy settings"
Resstart Firefox

Again, can you then reopen OTL.exe and run a Quick Scan and post the new log

In addition:

Download [color="#0000FF"]TDSSKiller[/color] and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Seng · « **Reply #14 on:** June 08, 2011, 05:19:31 PM »

Hello,

I have reinstalled AVG and did a scan. Nothing detected. I am posting your requested logs below. When I try to watch YouTube videos, my pc goes to the blue screen mentioned way earlier in this thread.

Quote

OTL logfile created on: 6/8/2011 6:03:21 PM - Run 6
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Documents and Settings\Seng Goo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 71.81% Memory free
6.75 Gb Paging File | 6.10 Gb Available in Paging File | 90.38% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 82.99 Gb Free Space | 44.55% Space Free | Partition Type: NTFS

Computer Name: SENGSPC | User Name: Seng Goo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color="#E56717"]========== Processes (SafeList) ==========[/color]

PRC - [2011/06/05 14:54:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Seng Goo\Desktop\seng.com
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/08 01:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/11/24 04:29:06 | 001,179,800 | ---- | M] () -- C:\Program Files\CloudManager\CloudManager.exe
PRC - [2010/11/19 02:56:36 | 001,917,088 | ---- | M] () -- C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe
PRC - [2010/11/16 14:08:38 | 000,094,280 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\LCore.exe
PRC - [2010/11/09 16:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 19:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2005/07/19 18:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 16:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 15:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[color="#E56717"]========== Modules (SafeList) ==========[/color]

MOD - [2011/06/05 14:54:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Seng Goo\Desktop\seng.com
MOD - [2004/08/04 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[color="#E56717"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/04/08 01:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/24 04:29:06 | 001,179,800 | ---- | M] () [Auto | Running] -- C:\Program Files\CloudManager\CloudManager.exe -- (CloudManager)
SRV - [2010/11/19 02:56:36 | 001,917,088 | ---- | M] () [On_Demand | Running] -- C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe -- (MicroCloudEngine)
SRV - [2010/10/28 06:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

[color="#E56717"]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/13 17:58:20 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2011/01/13 17:58:20 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/08/24 13:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 13:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 13:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 13:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2007/06/15 11:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/08/12 17:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/29 20:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 20:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/05/27 10:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/10 19:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 19:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/04 06:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)

[color="#E56717"]========== Standard Registry (SafeList) ==========[/color]

[color="#E56717"]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61192

[color="#E56717"]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..network.proxy.no_proxies_on: ""

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 16:20:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/07 23:01:11 | 000,000,000 | ---D | M]

[2011/01/13 17:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Seng Goo\Application Data\Mozilla\Extensions
[2011/05/06 14:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Seng Goo\Application Data\Mozilla\Firefox\Profiles\gqcy7sfk.default\extensions
[2011/05/06 14:18:20 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\Seng Goo\Application Data\Mozilla\Firefox\Profiles\gqcy7sfk.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/05/06 14:18:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Seng Goo\Application Data\Mozilla\Firefox\Profiles\gqcy7sfk.default\extensions\[email protected]
[2011/04/30 16:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/17 22:42:35 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/06/07 00:11:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/06 00:18:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {90B508F3-F928-4D14-BF4E-9D0D732573E4} http://www.limeusa.c...eusaControl.CAB (LimeUSA WebCtrl 1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Seng Goo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Seng Goo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/13 16:47:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color="#E56717"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/06/08 17:42:04 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/06/08 17:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/06/08 17:08:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/06/08 17:07:21 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Seng Goo\Desktop\TDSSKiller.exe
[2011/06/07 23:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/06/06 17:38:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/06 01:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Application Data\Malwarebytes
[2011/06/06 01:41:44 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/06 01:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/06 01:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/06 01:41:40 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/06 01:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/06 01:40:58 | 009,435,312 | ---- | C] (Malwarebytes Corporation     ) -- C:\Documents and Settings\Seng Goo\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/06 00:47:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/06/06 00:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/06/06 00:46:55 | 000,000,000 | ---D | C] -- C:\4e5478cd5bbf9be9324bbcf0e57578
[2011/06/06 00:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/06/06 00:23:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/06 00:11:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/06 00:09:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/06 00:09:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/06 00:09:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/06 00:09:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/06 00:09:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/06 00:09:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/06 00:09:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Seng Goo\My Documents\My Videos
[2011/06/06 00:09:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Seng Goo\Start Menu\Programs\Administrative Tools
[2011/06/06 00:01:17 | 004,113,725 | R--- | C] (Swearware) -- C:\Documents and Settings\Seng Goo\Desktop\ComboFix.exe
[2011/06/05 22:21:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/05 14:54:15 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Seng Goo\Desktop\seng.com
[2011/06/05 13:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/05 13:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Start Menu\Programs\HiJackThis
[2011/06/04 23:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2011/06/04 23:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Local Settings\Application Data\Apps
[2011/06/04 23:40:18 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/06/04 23:39:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/06/04 22:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/04 22:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/04 22:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/04 21:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Desktop\Modern Family
[2011/06/04 21:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/06/04 19:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Application Data\Apple Computer
[2011/06/04 19:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/04 19:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/04 19:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/04 19:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/04 19:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/04 19:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/04 16:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\NTFS Undelete
[2011/06/04 16:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eSupport.com
[2011/05/31 23:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Desktop\Kaleidoscope
[2011/05/31 15:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/05/17 22:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/17 22:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/17 22:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/14 17:43:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Seng Goo\Desktop\Elements of Life
[2011/05/14 17:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Desktop\club life
[2011/05/14 17:18:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Seng Goo\Desktop\Kaleidoscope Remixed
[2011/05/14 12:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seng Goo\Application Data\AVG10
[2011/05/14 12:10:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/14 12:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/14 12:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/05/14 12:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2002/04/11 10:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color="#E56717"]========== Files - Modified Within 30 Days ==========[/color]

[2011/06/08 18:00:10 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A72003C9-4D6E-4215-B8CD-42D5055AF2CA}.job
[2011/06/08 17:11:54 | 117,705,661 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/08 17:09:59 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/08 16:12:26 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/06/08 12:48:48 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/08 10:08:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/08 10:08:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/07 23:25:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Seng Goo\Desktop\TDSSKiller.exe
[2011/06/07 00:16:30 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/07 00:16:30 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/07 00:11:31 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/06 01:41:05 | 009,435,312 | ---- | M] (Malwarebytes Corporation     ) -- C:\Documents and Settings\Seng Goo\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/06 01:36:58 | 000,333,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/06 00:18:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/06 00:11:38 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2011/06/06 00:01:20 | 004,113,725 | R--- | M] (Swearware) -- C:\Documents and Settings\Seng Goo\Desktop\ComboFix.exe
[2011/06/05 19:13:36 | 000,008,312 | ---- | M] () -- C:\Documents and Settings\Seng Goo\Application Data\5572.9C5
[2011/06/05 14:54:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Seng Goo\Desktop\seng.com
[2011/06/04 22:55:05 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2011/05/31 15:13:36 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/31 15:13:36 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/31 15:13:34 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/18 15:58:01 | 003,213,163 | ---- | M] () -- C:\Documents and Settings\Seng Goo\My Documents\random stuff.mp3
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color="#E56717"]========== Files Created - No Company Name ==========[/color]

[2011/06/08 17:11:54 | 117,705,661 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/08 17:09:59 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/06 00:11:37 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2011/06/06 00:11:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/06 00:09:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/06 00:09:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/06 00:09:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/06 00:09:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/06 00:09:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/04 21:37:45 | 000,008,312 | ---- | C] () -- C:\Documents and Settings\Seng Goo\Application Data\5572.9C5
[2011/06/04 19:43:30 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/17 22:43:38 | 003,213,163 | ---- | C] () -- C:\Documents and Settings\Seng Goo\My Documents\random stuff.mp3
[2011/04/20 01:06:30 | 000,076,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/06 00:18:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/18 00:50:09 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Seng Goo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/17 23:00:44 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2011/01/17 23:00:39 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2011/01/17 23:00:39 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/01/17 22:57:43 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/01/13 17:45:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/13 17:38:12 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini
[2011/01/13 17:38:12 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/01/13 17:16:52 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/13 17:16:50 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/13 17:16:50 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/13 17:16:43 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/13 16:51:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/13 16:49:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/13 16:44:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/13 11:36:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/13 11:34:33 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/02 19:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[color="#E56717"]========== LOP Check ==========[/color]

[2011/06/08 17:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/14 12:10:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/08 17:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/25 11:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MicroBinData
[2011/06/08 11:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/02/25 12:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xOcean
[2011/06/04 19:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/14 12:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seng Goo\Application Data\AVG10
[2011/06/06 18:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seng Goo\Application Data\Azureus
[2011/01/13 18:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seng Goo\Application Data\Leadertech
[2011/03/21 21:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seng Goo\Application Data\LolClient
[2011/02/05 21:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seng Goo\Application Data\ooVoo Details
[2011/05/07 23:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seng Goo\Application Data\RIFT
[2011/06/08 18:00:10 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A72003C9-4D6E-4215-B8CD-42D5055AF2CA}.job

[color="#E56717"]========== Purity Check ==========[/color]

< End of report >

Quote

2011/06/08 18:16:14.0843 2108   TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/08 18:16:15.0171 2108   ================================================================================
2011/06/08 18:16:15.0171 2108   SystemInfo:
2011/06/08 18:16:15.0171 2108
2011/06/08 18:16:15.0171 2108   OS Version: 5.1.2600 ServicePack: 2.0
2011/06/08 18:16:15.0171 2108   Product type: Workstation
2011/06/08 18:16:15.0171 2108   ComputerName: SENGSPC
2011/06/08 18:16:15.0171 2108   UserName: Seng Goo
2011/06/08 18:16:15.0171 2108   Windows directory: C:\WINDOWS
2011/06/08 18:16:15.0171 2108   System windows directory: C:\WINDOWS
2011/06/08 18:16:15.0171 2108   Processor architecture: Intel x86
2011/06/08 18:16:15.0171 2108   Number of processors: 1
2011/06/08 18:16:15.0171 2108   Page size: 0x1000
2011/06/08 18:16:15.0171 2108   Boot type: Normal boot
2011/06/08 18:16:15.0171 2108   ================================================================================
2011/06/08 18:16:17.0703 2108   Initialize success
2011/06/08 18:16:26.0593 3320   ================================================================================
2011/06/08 18:16:26.0593 3320   Scan started
2011/06/08 18:16:26.0593 3320   Mode: Manual;
2011/06/08 18:16:26.0593 3320   ================================================================================
2011/06/08 18:16:28.0375 3320   ACPI     (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/08 18:16:28.0421 3320   ACPIEC     (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/08 18:16:28.0515 3320   aec       (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/06/08 18:16:28.0578 3320   AFD       (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/06/08 18:16:28.0765 3320   Arp1394       (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/08 18:16:28.0906 3320   AsyncMac     (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/08 18:16:29.0031 3320   atapi       (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/08 18:16:29.0187 3320   Atmarpc       (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/08 18:16:29.0265 3320   audstub       (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/08 18:16:29.0343 3320   AVGIDSDriver   (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/08 18:16:29.0390 3320   AVGIDSEH     (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/06/08 18:16:29.0421 3320   AVGIDSFilter   (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/08 18:16:29.0437 3320   AVGIDSShim     (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/06/08 18:16:29.0500 3320   Avgldx86     (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/06/08 18:16:29.0546 3320   Avgmfx86     (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/06/08 18:16:29.0578 3320   Avgrkx86     (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/06/08 18:16:29.0640 3320   Beep     (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/08 18:16:29.0750 3320   cbidf2k       (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/08 18:16:29.0890 3320   CCDECODE     (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/08 18:16:30.0031 3320   Cdaudio       (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/08 18:16:30.0156 3320   Cdfs     (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/08 18:16:30.0265 3320   Cdrom       (882b4257e5a5adfb6b5c03e8a02d4bf1) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/08 18:16:30.0375 3320   cercsr6       (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/06/08 18:16:30.0640 3320   ctsfm2k       (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/06/08 18:16:30.0859 3320   Disk     (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/08 18:16:31.0125 3320   dmboot     (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/08 18:16:31.0546 3320   dmio     (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/08 18:16:31.0859 3320   dmload     (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/08 18:16:32.0109 3320   DMusic     (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/08 18:16:32.0515 3320   drmkaud       (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/08 18:16:32.0812 3320   Fastfat       (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/08 18:16:33.0078 3320   Fdc       (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/08 18:16:33.0156 3320   Fips     (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/08 18:16:33.0171 3320   Flpydisk     (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/08 18:16:33.0234 3320   FltMgr     (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/08 18:16:33.0312 3320   FsVga       (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
2011/06/08 18:16:33.0375 3320   Fs_Rec     (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/08 18:16:33.0390 3320   Ftdisk     (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/08 18:16:33.0453 3320   GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/08 18:16:33.0500 3320   Gpc       (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/08 18:16:33.0578 3320   hidusb     (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/08 18:16:33.0656 3320   HTTP     (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/08 18:16:33.0890 3320   i8042prt     (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/06/08 18:16:33.0953 3320   Imapi       (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/08 18:16:34.0046 3320   Ip6Fw       (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/08 18:16:34.0109 3320   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/08 18:16:34.0125 3320   IpInIp     (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/08 18:16:34.0156 3320   IpNat       (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/08 18:16:34.0187 3320   IPSec       (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/08 18:16:34.0234 3320   IRENUM     (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/08 18:16:34.0296 3320   isapnp     (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/08 18:16:34.0359 3320   Kbdclass     (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/08 18:16:34.0390 3320   kbdhid     (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/08 18:16:34.0453 3320   kmixer     (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/08 18:16:34.0515 3320   KSecDD     (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/08 18:16:34.0609 3320   LBeepKE       (c99ba72106a858cb8b521bb4c02c93ed) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/06/08 18:16:34.0671 3320   LGBusEnum    (170e7093a77ad586f3a012a3db651d94) C:\WINDOWS\system32\drivers\LGBusEnum.sys
2011/06/08 18:16:34.0718 3320   LGVirHid     (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\WINDOWS\system32\drivers\LGVirHid.sys
2011/06/08 18:16:34.0750 3320   LHidFilt     (318b3d608fbec44b7e0c23bf759dced5) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/06/08 18:16:34.0781 3320   LMouFilt     (84af069d219df3c43dc6792b2bbd7bed) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/06/08 18:16:34.0843 3320   LUsbFilt     (81642f134929946ab4b9572c4c17298c) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2011/06/08 18:16:34.0906 3320   LVUSBSta     (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/06/08 18:16:34.0953 3320   MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/06/08 18:16:35.0031 3320   mnmdd       (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/08 18:16:35.0109 3320   Modem       (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/08 18:16:35.0156 3320   Mouclass     (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/08 18:16:35.0187 3320   mouhid     (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/08 18:16:35.0250 3320   MountMgr     (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/08 18:16:35.0312 3320   MRxDAV     (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/08 18:16:35.0390 3320   MRxSmb     (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/08 18:16:35.0421 3320   Msfs     (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/08 18:16:35.0484 3320   MSKSSRV       (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/08 18:16:35.0500 3320   MSPCLOCK     (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/08 18:16:35.0593 3320   MSPQM       (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/08 18:16:35.0718 3320   mssmbios     (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/08 18:16:35.0796 3320   MSTEE       (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/08 18:16:35.0843 3320   Mup       (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/08 18:16:35.0859 3320   NABTSFEC     (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/08 18:16:35.0906 3320   NDIS     (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/08 18:16:35.0921 3320   NdisIP     (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/08 18:16:35.0984 3320   NdisTapi     (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/08 18:16:36.0000 3320   Ndisuio       (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/08 18:16:36.0031 3320   NdisWan       (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/08 18:16:36.0125 3320   NDProxy       (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/08 18:16:36.0156 3320   NetBIOS       (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/08 18:16:36.0187 3320   NetBT       (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/08 18:16:36.0265 3320   NIC1394       (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/08 18:16:36.0281 3320   Npfs     (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/08 18:16:36.0328 3320   Ntfs     (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/08 18:16:36.0390 3320   Null     (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/08 18:16:37.0000 3320   nv     (f1de35c89d98a883d1b4030dc9896855) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/08 18:16:37.0609 3320   nvata       (11d1ad7e946538e02f9ef6a6e1792061) C:\WINDOWS\system32\DRIVERS\nvata.sys
2011/06/08 18:16:37.0671 3320   NVENETFD     (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/06/08 18:16:37.0703 3320   nvnetbus     (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/06/08 18:16:37.0765 3320   NwlnkFlt     (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/08 18:16:37.0796 3320   NwlnkFwd     (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/08 18:16:37.0875 3320   ohci1394     (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/08 18:16:37.0937 3320   ossrv       (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/06/08 18:16:38.0015 3320   P17       (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
2011/06/08 18:16:38.0125 3320   Parport       (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/08 18:16:38.0203 3320   PartMgr       (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/08 18:16:38.0218 3320   ParVdm     (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/08 18:16:38.0265 3320   PCI       (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/08 18:16:38.0312 3320   PCIIde     (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/08 18:16:38.0343 3320   Pcmcia     (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/08 18:16:38.0562 3320   PptpMiniport   (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/08 18:16:38.0578 3320   Processor    (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/08 18:16:38.0609 3320   PSched     (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/08 18:16:38.0640 3320   Ptilink       (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/08 18:16:38.0828 3320   QCMerced     (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
2011/06/08 18:16:38.0968 3320   RasAcd     (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/08 18:16:39.0078 3320   Rasl2tp       (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/08 18:16:39.0109 3320   RasPppoe     (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/08 18:16:39.0125 3320   Raspti     (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/08 18:16:39.0156 3320   Rdbss       (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/08 18:16:39.0171 3320   RDPCDD     (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/08 18:16:39.0250 3320   rdpdr       (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/08 18:16:39.0312 3320   RDPWD       (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/08 18:16:39.0375 3320   redbook       (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/08 18:16:39.0453 3320   Secdrv     (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/08 18:16:39.0515 3320   serenum       (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/08 18:16:39.0546 3320   Serial     (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/08 18:16:39.0593 3320   Sfloppy       (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/08 18:16:39.0703 3320   SLIP     (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/08 18:16:39.0781 3320   splitter     (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/08 18:16:39.0859 3320   sr     (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/08 18:16:39.0953 3320   Srv       (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/08 18:16:39.0984 3320   streamip     (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/08 18:16:40.0046 3320   swenum     (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/08 18:16:40.0109 3320   swmidi     (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/08 18:16:40.0218 3320   sysaudio     (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/08 18:16:40.0406 3320   Tcpip       (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/08 18:16:40.0515 3320   TDPIPE     (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/08 18:16:40.0625 3320   TDTCP       (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/08 18:16:40.0687 3320   TermDD     (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/08 18:16:40.0890 3320   Udfs     (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/08 18:16:41.0078 3320   Update     (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/08 18:16:41.0156 3320   USBAAPL       (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/08 18:16:41.0234 3320   usbaudio     (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/08 18:16:41.0359 3320   usbccgp       (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/08 18:16:41.0453 3320   usbehci       (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/08 18:16:41.0515 3320   usbhub     (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/08 18:16:41.0625 3320   usbohci       (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/08 18:16:41.0687 3320   USBSTOR       (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/08 18:16:41.0781 3320   VgaSave       (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/06/08 18:16:41.0875 3320   VolSnap       (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/08 18:16:41.0953 3320   Wanarp     (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/08 18:16:42.0218 3320   Wdf01000     (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/06/08 18:16:42.0421 3320   wdmaud     (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/08 18:16:42.0593 3320   WSTCODEC     (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/08 18:16:42.0671 3320   MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/08 18:16:44.0625 3320   ================================================================================
2011/06/08 18:16:44.0625 3320   Scan finished
2011/06/08 18:16:44.0625 3320   ================================================================================
2011/06/08 18:16:44.0640 3864   Detected object count: 0
2011/06/08 18:16:44.0640 3864   Actual detected object count: 0

guestolo · « **Reply #15 on:** June 09, 2011, 07:01:52 PM »

Did you do the following in Internet Explorer?

Quote

In IE: Click on TOOLS>>Internet Options>>Connections tab>>LAN Settings
Tick "Use Proxy Server" >>highlight and delete anything to do with a proxy server, especially the following address
http=127.0.0.1:61192>>everything should be blank, then go back and UNTICK "Use Proxy Server", OK out of there

I still see that proxy server setting, would like you to remove it
Can you let me know how that is set

Quote

When I try to watch YouTube videos, my pc goes to the blue screen mentioned way earlier in this thread

What happens when you go to the following site?
http://www.adobe.com/software/flash/about/

Do you see the flash animation?

In addition, can you do the following please
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Seng · « **Reply #16 on:** June 13, 2011, 07:19:14 PM »

Hello,

Sorry for my late response!

Internet Explorer: I've had them cleared, but this time, I went under Advanced... menu while having the Proxy ticked and there were more things for me to clear out. The only thing I cannot get rid of on the Internet Explorer is the Port, which says 80. I erase it, untick, click Ok. When I go back, the 80 is still there.

I didn't have any trouble with the adobe site, but am still having a bit of trouble with YouTube and a few other things.

MalWare has been blocking this (along with a few other) addresses:
87.248.186.252

Here is the log you requested:

Results of screen317's Security Check version 0.99.13
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Flash Player Out of Date!
Adobe Flash Player    10.1.102.64
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgemc.exe
``````````End of Log````````````

guestolo · « **Reply #17 on:** June 14, 2011, 10:01:21 PM »

Quote

which says 80. I erase it, untick, click Ok. When I go back, the 80 is still there.

That's fine, that is normal

Quote

I didn't have any trouble with the adobe site, but am still having a bit of trouble with YouTube and a few other things.

Go back to this site
http://www.adobe.com/software/flash/about/
After it loads, right click on the Flash Animation
Select SETTINGS, then UNTICK "Enable Hardware Acceleration"
Restart your browser, any problems with YouTube, etc...?

Quote

MalWare has been blocking this (along with a few other) addresses:
87.248.186.252

Not sure what you mean, are you trying to access that address??

TheTechGuide Forum

News:

Author Topic: MS2011Helper.DLL (Read 1862 times)

Seng

MS2011Helper.DLL

guestolo

MS2011Helper.DLL

Seng

MS2011Helper.DLL

guestolo

MS2011Helper.DLL

Seng

MS2011Helper.DLL

guestolo

MS2011Helper.DLL

Seng

MS2011Helper.DLL

guestolo

MS2011Helper.DLL

Seng

MS2011Helper.DLL

guestolo

MS2011Helper.DLL

Seng

MS2011Helper.DLL

guestolo

MS2011Helper.DLL

Seng

MS2011Helper.DLL

guestolo

MS2011Helper.DLL

Seng

MS2011Helper.DLL

guestolo

MS2011Helper.DLL

Seng

MS2011Helper.DLL

guestolo

MS2011Helper.DLL