Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Searchnu/406 removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Searchnu/406 removal

Unread postby William O Brien » July 7th, 2012, 10:04 am

Problems removing searchnu/406 search engine also have problems running dds, please note that I have not included the Extras.txt file contents due to character restriction. Please inform me on how to send that information.
Thanks

OTL logfile created on: 07/07/2012 14:47:54 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Bongo\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 54.96% Memory free
6.50 Gb Paging File | 4.96 Gb Available in Paging File | 76.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 57.81 Gb Total Space | 1.59 Gb Free Space | 2.75% Space Free | Partition Type: NTFS
Drive D: | 91.24 Gb Total Space | 71.83 Gb Free Space | 78.73% Space Free | Partition Type: NTFS
Drive E: | 45.05 Gb Total Space | 35.59 Gb Free Space | 79.00% Space Free | Partition Type: NTFS
Drive F: | 3.40 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 6.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 93.37 Gb Total Space | 6.70 Gb Free Space | 7.18% Space Free | Partition Type: NTFS
Drive I: | 37.27 Gb Total Space | 24.53 Gb Free Space | 65.83% Space Free | Partition Type: NTFS
Drive J: | 94.69 Gb Total Space | 64.67 Gb Free Space | 68.30% Space Free | Partition Type: NTFS
Drive O: | 24.83 Gb Total Space | 9.09 Gb Free Space | 36.59% Space Free | Partition Type: NTFS
Drive P: | 24.83 Gb Total Space | 8.27 Gb Free Space | 33.30% Space Free | Partition Type: NTFS
Drive Q: | 24.83 Gb Total Space | 7.88 Gb Free Space | 31.74% Space Free | Partition Type: NTFS
Drive W: | 1.98 Gb Total Space | 1.75 Gb Free Space | 88.28% Space Free | Partition Type: FAT

Computer Name: BONGO-PC | User Name: Bongo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/07 14:13:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Bongo\Downloads\OTL.exe
PRC - [2012/06/22 02:27:31 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/06/22 02:27:30 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/06/11 12:26:06 | 000,557,056 | ---- | M] (BitLeader) -- D:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2012/06/08 21:42:12 | 001,668,952 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/06/08 21:42:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/05/16 15:44:58 | 001,084,840 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/04/22 13:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/04/22 13:50:44 | 000,174,120 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012/04/22 13:50:36 | 000,126,504 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012/04/22 13:50:32 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/10 04:02:07 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/06/07 23:09:18 | 000,220,824 | ---- | M] () -- D:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/14 06:02:56 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\Cyberlink\Shared files\brs.exe
PRC - [2009/12/15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- D:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2009/08/18 20:02:10 | 001,520,128 | ---- | M] () -- C:\Program Files\KWorld MultiMedia\HyperMedia\DTVR\Scheduled.exe
PRC - [2009/07/06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- D:\Program Files\Cyberlink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/03/10 04:19:32 | 000,073,728 | ---- | M] () -- C:\Program Files\KWorld MultiMedia\Afa Device Utilities\AFRCtl.exe
PRC - [2009/02/26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/05/28 03:39:45 | 000,401,408 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Software Update 3\SoftAuto.exe
PRC - [2007/11/26 15:10:08 | 000,020,992 | ---- | M] (E-MU Systems) -- C:\Windows\System32\emaudsv.exe
PRC - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/28 11:28:56 | 000,438,296 | ---- | M] () -- C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll
MOD - [2012/06/28 11:28:54 | 003,972,120 | ---- | M] () -- C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
MOD - [2012/06/28 11:27:40 | 000,554,520 | ---- | M] () -- C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll
MOD - [2012/06/28 11:27:38 | 000,117,784 | ---- | M] () -- C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll
MOD - [2012/06/28 11:27:29 | 000,140,328 | ---- | M] () -- C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll
MOD - [2012/06/28 11:27:28 | 000,262,184 | ---- | M] () -- C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll
MOD - [2012/06/28 11:27:26 | 002,386,984 | ---- | M] () -- C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll
MOD - [2012/06/22 02:27:32 | 000,132,664 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/06/22 02:27:30 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/06/21 01:13:41 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/05/16 15:45:56 | 000,276,392 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/05/16 15:45:40 | 002,652,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/05/16 15:45:40 | 000,363,944 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/05/16 15:45:38 | 011,166,120 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/05/16 15:45:36 | 001,346,472 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/05/16 15:45:36 | 000,205,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/05/16 15:45:34 | 001,013,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/05/16 15:45:34 | 000,720,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/05/16 15:45:32 | 008,506,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/05/16 15:45:32 | 000,520,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/05/16 15:45:30 | 002,480,552 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/05/16 15:45:30 | 002,353,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/05/16 15:45:28 | 000,445,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/05/16 15:45:22 | 000,206,760 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012/05/16 15:45:22 | 000,035,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012/05/16 15:45:20 | 000,032,680 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012/05/16 15:44:54 | 000,437,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2012/05/16 15:44:16 | 000,604,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/05/16 13:46:28 | 000,391,056 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/05/16 13:46:28 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/05/16 13:45:30 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2010/04/22 13:42:56 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2010/04/22 13:42:54 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2010/04/22 13:42:54 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/12/15 13:49:20 | 000,013,096 | ---- | M] () -- D:\Program Files\Cyberlink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/15 13:46:38 | 000,619,816 | ---- | M] () -- D:\Program Files\Cyberlink\Power2Go\CLMediaLibrary.dll
MOD - [2009/08/18 20:02:10 | 001,520,128 | ---- | M] () -- C:\Program Files\KWorld MultiMedia\HyperMedia\DTVR\Scheduled.exe
MOD - [2009/03/10 04:19:32 | 000,073,728 | ---- | M] () -- C:\Program Files\KWorld MultiMedia\Afa Device Utilities\AFRCtl.exe
MOD - [2003/09/10 04:42:28 | 000,045,056 | ---- | M] () -- C:\Program Files\KWorld MultiMedia\HyperMedia\DTVR\kwspnd.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2012/06/22 02:27:31 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/06/09 13:13:01 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/08 21:42:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/04/22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/06/22 15:19:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/07 23:09:18 | 000,220,824 | ---- | M] () [Auto | Running] -- D:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/14 14:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- D:\Program Files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_876CFF6A)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/05/21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/11/26 15:10:08 | 000,020,992 | ---- | M] (E-MU Systems) [Auto | Running] -- C:\Windows\System32\emaudsv.exe -- (emaudsv)
SRV - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2012/06/21 01:13:41 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2012/06/20 11:15:44 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2012/06/08 21:42:30 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/06/08 21:42:28 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/06/08 21:42:28 | 000,065,720 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/04/22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/09/13 14:25:29 | 000,582,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2011/09/13 14:25:29 | 000,135,296 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2011/07/01 12:56:01 | 000,012,952 | ---- | M] (Paramount Software UK Ltd) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\PSVolAcc.sys -- (PSVolAcc)
DRV - [2011/07/01 12:55:37 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pssnap.sys -- (pssnap)
DRV - [2011/07/01 12:55:28 | 000,045,208 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psmounter.sys -- (PSMounter)
DRV - [2011/05/27 19:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/20 04:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 04:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 02:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 02:50:38 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcuxd.sys -- (vpcuxd)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/11 16:29:50 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/05/11 16:29:50 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/01/12 05:19:20 | 000,081,920 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NmPar.sys -- (NmPar)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:19:25 | 000,114,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mf.sys -- (mf)
DRV - [2009/07/13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008/04/29 09:34:20 | 000,449,408 | ---- | M] (AfaTech ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2008/04/17 15:42:10 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/02/11 17:07:00 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007/11/26 15:14:54 | 000,163,352 | ---- | M] (E-MU Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emusba10.sys -- (emusba10)
DRV - [2007/11/08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/10/03 22:55:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/10/03 22:55:28 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007/10/03 22:55:08 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SI3132.sys -- (SI3132)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 7B B4 3A 80 2E CC 01 [binary data]
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={D8409E70-8F1E-4E04-893C-9A8B65C1729E}&mid=&lang=en&ds=AVG&pr=fr&d=&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\..\SearchScopes\{99C31C52-5959-410E-B0B0-8E08270DE11A}: "URL" = http://search.avg.com/route/?d=$instd$& ... =chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=us
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bongo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bongo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/22 02:27:40 | 000,000,000 | ---D | M]

[2012/07/04 10:54:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bongo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/04 10:54:09 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Bongo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll

O1 HOSTS File: ([2012/02/27 11:34:48 | 000,000,853 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll File not found
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] D:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DataCardMonitor] D:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe File not found
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LGODDFU] D:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [MDS_Menu] D:\Program Files\Cyberlink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RemoteControl9] D:\Program Files\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateLBPShortCut] D:\Program Files\Cyberlink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] D:\Program Files\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] D:\Program Files\Cyberlink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] D:\Program Files\Cyberlink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000..\Run: [Center Agent] C:\Program Files\KWorld MultiMedia\HyperMedia\DTVR\Scheduled.exe ()
O4 - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Bongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk = C:\Program Files\KWorld MultiMedia\Afa Device Utilities\AFRCtl.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05ADADC3-B528-4E4F-B7E9-1A4093BDB6F4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E25E55B1-C587-42E6-A00F-7D1E7AFEFAEC}: NameServer = 149.254.230.7 149.254.192.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5012F87-0E1D-4A97-8300-DEDB017764A8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6d8634f6-9a72-11e0-92c7-001e8ce42bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{6d8634f6-9a72-11e0-92c7-001e8ce42bc1}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{8412013f-e127-11e0-9d33-001e8ce42bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{8412014d-e127-11e0-9d33-001e8ce42bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{8b90a8af-9a63-11e0-a3f3-bfc9d72340c7}\Shell - "" = AutoRun
O33 - MountPoints2\{8b90a8af-9a63-11e0-a3f3-bfc9d72340c7}\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\{acd9690c-aef6-11e0-a21a-001e8ce42bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{acd9690c-aef6-11e0-a21a-001e8ce42bc1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/07 14:25:58 | 000,000,000 | ---D | C] -- C:\Users\Bongo\Documents\OTl Scan
[2012/07/05 19:30:32 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/05 09:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/07/05 09:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
[2012/07/04 11:39:28 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\com.adobe.WidgetBrowser
[2012/07/04 10:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\IMinent Toolbar
[2012/07/04 10:54:25 | 000,000,000 | ---D | C] -- C:\Users\Bongo\Desktop\Adobe Creative Suite 6 Master Collection Serial Codes Only[Team Nanban][TPB]
[2012/07/04 10:54:08 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\Mozilla
[2012/07/04 09:24:50 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\NVIDIA
[2012/07/04 01:17:33 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\WinRAR
[2012/07/04 01:17:32 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/07/04 01:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/07/04 01:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/07/03 11:07:02 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012/06/25 10:46:54 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\Apple Computer
[2012/06/24 13:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
[2012/06/24 12:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/24 12:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/06/24 12:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/06/24 12:33:44 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Local\Apple
[2012/06/24 12:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/06/24 12:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/06/24 00:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/06/23 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\Neuratron
[2012/06/23 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Bongo\Documents\AudioScore Documents
[2012/06/23 19:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neuratron
[2012/06/23 12:21:49 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Local\Ilivid Player
[2012/06/22 11:27:45 | 000,000,000 | ---D | C] -- C:\Users\Bongo\Documents\Pay
[2012/06/22 09:48:15 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Local\AVG Secure Search
[2012/06/22 00:32:09 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/22 00:32:09 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/22 00:31:31 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/22 00:31:31 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/22 00:31:31 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/22 00:31:07 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/22 00:31:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/21 10:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sibelius Software
[2012/06/21 10:10:49 | 000,000,000 | ---D | C] -- C:\Users\Bongo\Documents\Scores
[2012/06/21 10:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Sibelius Software
[2012/06/21 09:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/21 03:23:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/21 03:23:03 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/21 03:23:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/21 03:23:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/21 03:23:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/21 03:23:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/21 03:23:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/21 02:22:12 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/06/21 02:21:47 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/06/21 02:21:46 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/06/21 02:21:43 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/06/21 02:21:34 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/21 02:21:30 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/21 02:21:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/21 02:21:29 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/21 02:11:10 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/06/21 02:11:07 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/06/21 02:10:59 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/06/21 02:10:59 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/06/21 02:10:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/06/21 02:09:10 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/06/21 02:09:08 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/06/21 02:09:06 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/06/21 02:09:06 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/06/21 02:08:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/06/20 11:15:14 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Local\Trusteer
[2012/06/20 11:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
[2012/06/20 11:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2012/06/20 11:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2012/06/20 10:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/20 10:54:05 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/20 10:53:28 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/20 10:53:28 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/13 02:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard Free Edition 5.5.1
[2012/06/12 16:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2012/06/12 16:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/06/12 16:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2012/06/12 16:12:18 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Local\Origin
[2012/06/12 16:10:59 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\Origin
[2012/06/12 16:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/06/12 16:09:12 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Local\Electronic Arts
[2012/06/12 16:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012/06/12 16:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/06/11 16:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Photo Recovery 3.0.1 Demo
[2012/06/11 14:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recover Keys
[2012/06/11 14:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Recover Keys
[2012/06/11 12:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit
[2012/06/11 12:25:16 | 000,016,384 | ---- | C] (BitLeader) -- C:\Windows\System32\lgfwunis.exe
[2012/06/09 21:27:54 | 000,000,000 | R--D | C] -- C:\Users\Bongo\Documents\Scanned Documents
[2012/06/09 21:27:51 | 000,000,000 | ---D | C] -- C:\Users\Bongo\Documents\Fax
[2012/06/09 21:00:15 | 000,000,000 | ---D | C] -- C:\Users\Bongo\Documents\Nokia Suite
[2012/06/09 20:52:17 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\Nokia Suite
[2012/06/09 20:50:48 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Local\NokiaAccount
[2012/06/09 20:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012/06/09 20:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2012/06/09 16:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012/06/09 13:13:01 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/09 13:13:01 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/09 12:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/09 12:55:52 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/09 11:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/06/09 11:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/06/09 11:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/06/09 11:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/06/09 11:40:36 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/06/09 11:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/06/09 11:31:08 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/06/08 21:42:28 | 000,065,720 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/06/07 23:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2012/06/07 18:53:24 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2012/06/07 18:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2012/06/07 18:51:54 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm
[2012/06/07 18:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/07 14:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/07 14:21:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/07 14:14:14 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 14:14:14 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 14:10:22 | 000,000,365 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012/07/07 14:07:18 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/07 14:06:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/07 14:06:37 | 2616,107,008 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/05 19:29:35 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3046707503-3007279315-2951142500-1000Core.job
[2012/07/05 19:26:13 | 003,844,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/05 10:34:28 | 000,000,830 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012/07/03 23:39:14 | 007,469,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/03 23:39:14 | 003,527,452 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/28 11:00:55 | 000,001,598 | ---- | M] () -- C:\Users\Bongo\Documents\photo.bru
[2012/06/24 12:35:05 | 000,001,598 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/23 19:11:58 | 000,000,754 | ---- | M] () -- C:\Users\Public\Desktop\AudioScore Ultimate Demo.lnk
[2012/06/23 14:42:44 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.1.lnk
[2012/06/22 09:55:50 | 000,000,774 | ---- | M] () -- C:\Users\Bongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/06/21 10:20:37 | 000,000,624 | -H-- | M] () -- C:\Windows\System32\T4
[2012/06/21 10:10:57 | 000,000,452 | ---- | M] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2012/06/21 10:10:49 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\Sibelius 6.lnk
[2012/06/21 09:38:16 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/17 20:46:31 | 000,007,623 | ---- | M] () -- C:\Users\Bongo\AppData\Local\resmon.resmoncfg
[2012/06/13 02:19:31 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\EaseUS Data Recovery Wizard Free Edition 5.5.1.lnk
[2012/06/12 16:10:59 | 000,000,672 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/06/11 16:13:46 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Photo Recovery 3.0.1 Demo.lnk
[2012/06/11 12:32:07 | 000,000,872 | ---- | M] () -- C:\Users\Bongo\Desktop\Blu-ray Disc Suite.lnk
[2012/06/11 12:26:43 | 000,016,384 | ---- | M] (BitLeader) -- C:\Windows\System32\lgfwunis.exe
[2012/06/11 12:16:59 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink BD_Advisor.lnk
[2012/06/09 20:49:56 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012/06/09 16:12:10 | 000,008,054 | ---- | M] () -- C:\Users\Bongo\Documents\Fixit50388.reg
[2012/06/09 13:13:01 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/09 13:13:01 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/08 21:42:28 | 000,065,720 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/06/07 18:53:24 | 000,001,107 | ---- | M] () -- C:\Users\Bongo\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/06/07 18:52:06 | 000,000,813 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/05 19:29:35 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3046707503-3007279315-2951142500-1000Core.job
[2012/07/04 10:55:04 | 000,000,830 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012/07/04 09:00:36 | 000,001,074 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012/07/04 08:57:32 | 000,000,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/06/28 11:00:55 | 000,001,598 | ---- | C] () -- C:\Users\Bongo\Documents\photo.bru
[2012/06/24 12:35:05 | 000,001,598 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/24 12:33:42 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/06/23 19:11:58 | 000,000,754 | ---- | C] () -- C:\Users\Public\Desktop\AudioScore Ultimate Demo.lnk
[2012/06/23 14:42:44 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.1.lnk
[2012/06/23 14:42:44 | 000,001,798 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.1.lnk
[2012/06/21 10:10:49 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\Sibelius 6.lnk
[2012/06/21 10:10:03 | 000,000,452 | ---- | C] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2012/06/21 09:38:16 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/06/21 09:35:28 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/13 02:19:31 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\EaseUS Data Recovery Wizard Free Edition 5.5.1.lnk
[2012/06/12 16:10:59 | 000,000,672 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/06/11 16:13:46 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Photo Recovery 3.0.1 Demo.lnk
[2012/06/11 12:25:46 | 000,000,872 | ---- | C] () -- C:\Users\Bongo\Desktop\Blu-ray Disc Suite.lnk
[2012/06/11 12:16:59 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink BD_Advisor.lnk
[2012/06/09 20:49:56 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012/06/09 16:12:08 | 000,008,054 | ---- | C] () -- C:\Users\Bongo\Documents\Fixit50388.reg
[2012/06/09 13:13:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/09 11:49:47 | 000,000,774 | ---- | C] () -- C:\Users\Bongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/06/07 18:53:24 | 000,001,107 | ---- | C] () -- C:\Users\Bongo\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/06/07 18:52:06 | 000,000,813 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2012/02/18 22:53:24 | 000,003,512 | ---- | C] () -- C:\Windows\TVAfaDrv.ini
[2012/02/18 22:53:21 | 000,000,308 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2012/02/18 19:11:41 | 000,000,365 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011/09/11 12:29:52 | 000,000,291 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2011/09/11 12:29:51 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2011/09/08 15:01:02 | 000,001,024 | -HS- | C] () -- C:\Windows\System32\msi32e01.dat
[2011/08/24 11:54:57 | 000,200,872 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/08/01 00:58:19 | 000,000,275 | ---- | C] () -- C:\ProgramData\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2011/06/27 22:20:56 | 000,007,623 | ---- | C] () -- C:\Users\Bongo\AppData\Local\resmon.resmoncfg
[2011/06/24 13:20:18 | 000,212,992 | ---- | C] () -- C:\Windows\System32\NmUninst.exe
[2011/06/20 16:07:25 | 001,774,720 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/06/20 16:07:25 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/06/20 16:07:25 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/06/20 16:07:25 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/06/20 16:07:25 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/06/19 14:05:46 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2011/06/19 12:24:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/19 12:24:37 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

========== LOP Check ==========

[2011/06/20 12:56:13 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\AVG10
[2011/10/16 12:03:30 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Babylon
[2011/07/26 17:46:33 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\BitZipper
[2012/06/09 12:30:32 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Canon
[2011/06/21 18:28:39 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/06/08 01:15:06 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\com.adobe.configurator2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012/07/04 11:39:28 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\com.adobe.WidgetBrowser
[2011/08/18 23:58:01 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\EPSON
[2011/07/12 16:48:49 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\ERS Game Studios
[2011/08/06 13:39:10 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Garmin
[2011/07/26 18:37:45 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\HCM Updater
[2011/07/24 11:05:28 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Image-Line
[2012/05/27 19:03:44 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\KWorld Multimedia
[2011/08/09 21:08:47 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\NetMedia Providers
[2012/06/23 19:12:01 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Neuratron
[2012/06/09 21:00:14 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Nokia
[2012/06/09 20:52:17 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Nokia Suite
[2011/10/14 00:52:43 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\OpenCandy
[2012/06/12 16:12:19 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Origin
[2011/06/23 10:25:57 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\PC Suite
[2011/08/09 21:08:47 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Publish Providers
[2012/05/27 15:44:16 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Spotify
[2011/07/31 14:16:15 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/10 13:13:47 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Toontrack
[2012/02/19 13:18:40 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Vitova Ltd
[2012/07/05 00:41:17 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:9491C9C7
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E8BE05FA
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:7631EA83
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD

< End of report >
William O Brien
Active Member
 
Posts: 5
Joined: July 5th, 2012, 4:19 pm
Advertisement
Register to Remove

Re: Searchnu/406 removal

Unread postby melboy » July 8th, 2012, 5:36 am

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


==================================


Please post the contents of extras.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Searchnu/406 removal

Unread postby William O Brien » July 9th, 2012, 5:42 am

Hi Melboy thanks for your reply, before we go any further I have to inform you that I did a system restore but I do not think that that cured the problem as the restore date was not olds enough. Will you require me to run OLT report again.

Regard William
William O Brien
Active Member
 
Posts: 5
Joined: July 5th, 2012, 4:19 pm

Re: Searchnu/406 removal

Unread postby melboy » July 9th, 2012, 8:07 am

Yes please.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Searchnu/406 removal

Unread postby William O Brien » July 10th, 2012, 5:34 am

Hi OTL logfile as requested, cannot send extras.txt due to amount of characters.

OTL logfile created on: 10/07/2012 09:58:36 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Bongo\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 55.31% Memory free
6.50 Gb Paging File | 4.87 Gb Available in Paging File | 75.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 57.81 Gb Total Space | 2.77 Gb Free Space | 4.80% Space Free | Partition Type: NTFS
Drive D: | 91.24 Gb Total Space | 71.68 Gb Free Space | 78.56% Space Free | Partition Type: NTFS
Drive E: | 45.05 Gb Total Space | 35.59 Gb Free Space | 79.00% Space Free | Partition Type: NTFS
Drive F: | 3.40 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 6.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 93.37 Gb Total Space | 6.70 Gb Free Space | 7.18% Space Free | Partition Type: NTFS
Drive I: | 37.27 Gb Total Space | 24.53 Gb Free Space | 65.83% Space Free | Partition Type: NTFS
Drive J: | 94.69 Gb Total Space | 64.51 Gb Free Space | 68.13% Space Free | Partition Type: NTFS
Drive K: | 7.47 Gb Total Space | 6.74 Gb Free Space | 90.20% Space Free | Partition Type: FAT32
Drive O: | 24.83 Gb Total Space | 9.09 Gb Free Space | 36.59% Space Free | Partition Type: NTFS
Drive P: | 24.83 Gb Total Space | 8.27 Gb Free Space | 33.30% Space Free | Partition Type: NTFS
Drive Q: | 24.83 Gb Total Space | 7.88 Gb Free Space | 31.74% Space Free | Partition Type: NTFS

Computer Name: BONGO-PC | User Name: Bongo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/10 09:53:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Bongo\Downloads\OTL.exe
PRC - [2012/06/22 02:27:31 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/06/22 02:27:30 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/06/11 12:26:06 | 000,557,056 | ---- | M] (BitLeader) -- D:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2012/06/08 21:42:12 | 001,668,952 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/06/08 21:42:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/05/16 15:44:58 | 001,084,840 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/04/22 13:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/04/22 13:50:44 | 000,174,120 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012/04/22 13:50:36 | 000,126,504 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012/04/22 13:50:32 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/10 04:02:07 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/08/03 18:18:02 | 012,997,488 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2011/06/07 23:09:18 | 000,220,824 | ---- | M] () -- D:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/14 06:02:56 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\Cyberlink\Shared files\brs.exe
PRC - [2009/12/15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- D:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2009/08/18 20:02:10 | 001,520,128 | ---- | M] () -- C:\Program Files\KWorld MultiMedia\HyperMedia\DTVR\Scheduled.exe
PRC - [2009/07/06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- D:\Program Files\Cyberlink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/03/10 04:19:32 | 000,073,728 | ---- | M] () -- C:\Program Files\KWorld MultiMedia\Afa Device Utilities\AFRCtl.exe
PRC - [2009/02/26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/05/28 03:39:45 | 000,401,408 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Software Update 3\SoftAuto.exe
PRC - [2007/11/26 15:10:08 | 000,020,992 | ---- | M] (E-MU Systems) -- C:\Windows\System32\emaudsv.exe
PRC - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/28 11:28:56 | 000,438,296 | ---- | M] () -- C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll
MOD - [2012/06/28 11:28:54 | 003,972,120 | ---- | M] () -- C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
MOD - [2012/06/28 11:27:40 | 000,554,520 | ---- | M] () -- C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll
MOD - [2012/06/28 11:27:38 | 000,117,784 | ---- | M] () -- C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll
MOD - [2012/06/28 11:27:29 | 000,140,328 | ---- | M] () -- C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll
MOD - [2012/06/28 11:27:28 | 000,262,184 | ---- | M] () -- C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll
MOD - [2012/06/28 11:27:26 | 002,386,984 | ---- | M] () -- C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll
MOD - [2012/06/22 02:27:32 | 000,132,664 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/06/22 02:27:30 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/06/21 01:13:41 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/05/16 15:45:56 | 000,276,392 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/05/16 15:45:40 | 002,652,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/05/16 15:45:40 | 000,363,944 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/05/16 15:45:38 | 011,166,120 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/05/16 15:45:36 | 001,346,472 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/05/16 15:45:36 | 000,205,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/05/16 15:45:34 | 001,013,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/05/16 15:45:34 | 000,720,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/05/16 15:45:32 | 008,506,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/05/16 15:45:32 | 000,520,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/05/16 15:45:30 | 002,480,552 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/05/16 15:45:30 | 002,353,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/05/16 15:45:28 | 000,445,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/05/16 15:45:22 | 000,206,760 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012/05/16 15:45:22 | 000,035,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012/05/16 15:45:20 | 000,032,680 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012/05/16 15:44:54 | 000,437,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2012/05/16 15:44:16 | 000,604,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/05/16 13:46:28 | 000,391,056 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/05/16 13:46:28 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/05/16 13:45:30 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- D:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010/04/22 13:42:56 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2010/04/22 13:42:54 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2010/04/22 13:42:54 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/12/15 13:49:20 | 000,013,096 | ---- | M] () -- D:\Program Files\Cyberlink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/15 13:46:38 | 000,619,816 | ---- | M] () -- D:\Program Files\Cyberlink\Power2Go\CLMediaLibrary.dll
MOD - [2009/08/18 20:02:10 | 001,520,128 | ---- | M] () -- C:\Program Files\KWorld MultiMedia\HyperMedia\DTVR\Scheduled.exe
MOD - [2009/03/10 04:19:32 | 000,073,728 | ---- | M] () -- C:\Program Files\KWorld MultiMedia\Afa Device Utilities\AFRCtl.exe
MOD - [2003/09/10 04:42:28 | 000,045,056 | ---- | M] () -- C:\Program Files\KWorld MultiMedia\HyperMedia\DTVR\kwspnd.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2012/06/22 02:27:31 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/06/09 13:13:01 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/08 21:42:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/04/22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/06/22 15:19:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/07 23:09:18 | 000,220,824 | ---- | M] () [Auto | Running] -- D:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/14 14:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- D:\Program Files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_876CFF6A)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/05/21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/11/26 15:10:08 | 000,020,992 | ---- | M] (E-MU Systems) [Auto | Running] -- C:\Windows\System32\emaudsv.exe -- (emaudsv)
SRV - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jvaegaty.sys -- (jvaegaty)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2012/07/10 09:26:02 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0826BFAB-6631-4AEA-A905-668598FB83EA}\MpKsl345fae8f.sys -- (MpKsl345fae8f)
DRV - [2012/06/21 01:13:41 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2012/06/20 11:15:44 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2012/06/08 21:42:30 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/06/08 21:42:28 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/06/08 21:42:28 | 000,065,720 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/04/22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/09/13 14:25:29 | 000,582,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2011/09/13 14:25:29 | 000,135,296 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2011/07/01 12:56:01 | 000,012,952 | ---- | M] (Paramount Software UK Ltd) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\PSVolAcc.sys -- (PSVolAcc)
DRV - [2011/07/01 12:55:37 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pssnap.sys -- (pssnap)
DRV - [2011/07/01 12:55:28 | 000,045,208 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psmounter.sys -- (PSMounter)
DRV - [2011/05/27 19:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/20 04:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 04:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 02:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 02:50:38 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcuxd.sys -- (vpcuxd)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/11 16:29:50 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/05/11 16:29:50 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/01/12 05:19:20 | 000,081,920 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NmPar.sys -- (NmPar)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:19:25 | 000,114,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mf.sys -- (mf)
DRV - [2009/07/13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008/04/29 09:34:20 | 000,449,408 | ---- | M] (AfaTech ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2008/04/17 15:42:10 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/02/11 17:07:00 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007/11/26 15:14:54 | 000,163,352 | ---- | M] (E-MU Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emusba10.sys -- (emusba10)
DRV - [2007/11/08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/10/03 22:55:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/10/03 22:55:28 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007/10/03 22:55:08 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SI3132.sys -- (SI3132)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 7B B4 3A 80 2E CC 01 [binary data]
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={D8409E70-8F1E-4E04-893C-9A8B65C1729E}&mid=&lang=en&ds=AVG&pr=fr&d=&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\..\SearchScopes\{99C31C52-5959-410E-B0B0-8E08270DE11A}: "URL" = http://search.avg.com/route/?d=$instd$& ... =chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=us
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bongo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bongo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/22 02:27:40 | 000,000,000 | ---D | M]

[2012/07/04 10:54:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bongo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/08 10:53:07 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Bongo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bongo\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll

O1 HOSTS File: ([2012/02/27 11:34:48 | 000,000,853 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll File not found
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] D:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DataCardMonitor] D:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe File not found
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LGODDFU] D:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [MDS_Menu] D:\Program Files\Cyberlink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RemoteControl9] D:\Program Files\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] D:\Program Files\Cyberlink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] D:\Program Files\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] D:\Program Files\Cyberlink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] D:\Program Files\Cyberlink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000..\Run: [Center Agent] C:\Program Files\KWorld MultiMedia\HyperMedia\DTVR\Scheduled.exe ()
O4 - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Bongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk = C:\Program Files\KWorld MultiMedia\Afa Device Utilities\AFRCtl.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-3046707503-3007279315-2951142500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05ADADC3-B528-4E4F-B7E9-1A4093BDB6F4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E25E55B1-C587-42E6-A00F-7D1E7AFEFAEC}: NameServer = 149.254.230.7 149.254.192.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5012F87-0E1D-4A97-8300-DEDB017764A8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/02/15 18:44:26 | 000,000,090 | ---- | M] () - K:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{6d8634f6-9a72-11e0-92c7-001e8ce42bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{6d8634f6-9a72-11e0-92c7-001e8ce42bc1}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{8412013f-e127-11e0-9d33-001e8ce42bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{8412014d-e127-11e0-9d33-001e8ce42bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{8b90a8af-9a63-11e0-a3f3-bfc9d72340c7}\Shell - "" = AutoRun
O33 - MountPoints2\{8b90a8af-9a63-11e0-a3f3-bfc9d72340c7}\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\{acd9690c-aef6-11e0-a21a-001e8ce42bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{acd9690c-aef6-11e0-a21a-001e8ce42bc1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/10 09:47:54 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/10 06:03:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2012/07/08 15:22:45 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012/07/07 21:45:47 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/07/07 21:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/07 21:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/07/07 21:38:14 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\SpeedyPC Software
[2012/07/07 21:38:14 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\DriverCure
[2012/07/07 21:38:03 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/07/07 21:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/07 21:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2012/07/07 21:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2012/07/07 14:25:58 | 000,000,000 | ---D | C] -- C:\Users\Bongo\Documents\OTl Scan
[2012/07/05 09:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/07/04 11:39:28 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\com.adobe.WidgetBrowser
[2012/07/04 10:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\IMinent Toolbar
[2012/07/04 10:54:25 | 000,000,000 | ---D | C] -- C:\Users\Bongo\Desktop\Adobe Creative Suite 6 Master Collection Serial Codes Only[Team Nanban][TPB]
[2012/07/04 10:54:08 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\Mozilla
[2012/07/04 09:24:50 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\NVIDIA
[2012/07/04 01:17:33 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\WinRAR
[2012/07/04 01:17:32 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/07/04 01:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/07/04 01:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/06/25 10:46:54 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\Apple Computer
[2012/06/24 13:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
[2012/06/24 12:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/24 12:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/06/24 12:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/06/24 12:33:44 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Local\Apple
[2012/06/24 12:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/06/24 12:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/06/24 00:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/06/23 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\Neuratron
[2012/06/23 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Bongo\Documents\AudioScore Documents
[2012/06/23 19:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neuratron
[2012/06/23 12:21:49 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Local\Ilivid Player
[2012/06/22 11:27:45 | 000,000,000 | ---D | C] -- C:\Users\Bongo\Documents\Pay
[2012/06/22 09:48:15 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Local\AVG Secure Search
[2012/06/22 00:32:09 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/22 00:32:09 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/22 00:31:31 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/22 00:31:31 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/22 00:31:31 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/22 00:31:07 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/22 00:31:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/21 10:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sibelius Software
[2012/06/21 10:10:49 | 000,000,000 | ---D | C] -- C:\Users\Bongo\Documents\Scores
[2012/06/21 10:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Sibelius Software
[2012/06/21 09:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/21 03:23:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/21 03:23:03 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/21 03:23:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/21 03:23:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/21 03:23:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/21 03:23:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/21 03:23:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/21 02:22:12 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/06/21 02:21:47 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/06/21 02:21:46 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/06/21 02:21:43 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/06/21 02:21:34 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/21 02:21:30 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/21 02:21:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/21 02:21:29 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/21 02:11:10 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/06/21 02:11:07 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/06/21 02:10:59 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/06/21 02:10:59 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/06/21 02:10:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/06/21 02:09:10 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/06/21 02:09:08 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/06/21 02:09:06 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/06/21 02:09:06 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/06/21 02:08:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/06/20 11:15:14 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Local\Trusteer
[2012/06/20 11:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
[2012/06/20 11:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2012/06/20 11:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2012/06/20 10:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/20 10:54:05 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/20 10:53:28 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/20 10:53:28 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/13 02:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard Free Edition 5.5.1
[2012/06/12 16:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2012/06/12 16:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/06/12 16:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2012/06/12 16:12:18 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Local\Origin
[2012/06/12 16:10:59 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Roaming\Origin
[2012/06/12 16:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/06/12 16:09:12 | 000,000,000 | ---D | C] -- C:\Users\Bongo\AppData\Local\Electronic Arts
[2012/06/12 16:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012/06/12 16:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/06/11 16:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Photo Recovery 3.0.1 Demo
[2012/06/11 14:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recover Keys
[2012/06/11 14:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Recover Keys
[2012/06/11 12:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit
[2012/06/11 12:25:16 | 000,016,384 | ---- | C] (BitLeader) -- C:\Windows\System32\lgfwunis.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/10 09:55:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3046707503-3007279315-2951142500-1000UA.job
[2012/07/10 09:55:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3046707503-3007279315-2951142500-1000Core.job
[2012/07/10 09:43:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/10 09:33:42 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/10 09:33:42 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/10 09:26:31 | 000,000,366 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012/07/10 09:26:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/10 09:25:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/10 09:25:49 | 2616,107,008 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/10 09:23:38 | 000,008,054 | ---- | M] () -- C:\Users\Bongo\Documents\Fixit50388.reg
[2012/07/10 09:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/28 11:00:55 | 000,001,598 | ---- | M] () -- C:\Users\Bongo\Documents\photo.bru
[2012/06/24 12:35:05 | 000,001,598 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/24 00:13:11 | 003,804,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/23 19:11:58 | 000,000,754 | ---- | M] () -- C:\Users\Public\Desktop\AudioScore Ultimate Demo.lnk
[2012/06/23 14:42:44 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.1.lnk
[2012/06/22 09:55:50 | 000,000,774 | ---- | M] () -- C:\Users\Bongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/06/21 10:20:37 | 000,000,624 | -H-- | M] () -- C:\Windows\System32\T4
[2012/06/21 10:10:57 | 000,000,452 | ---- | M] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2012/06/21 10:10:49 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\Sibelius 6.lnk
[2012/06/21 09:38:16 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/21 09:35:13 | 007,450,726 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/21 09:35:13 | 003,518,046 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/17 20:46:31 | 000,007,623 | ---- | M] () -- C:\Users\Bongo\AppData\Local\resmon.resmoncfg
[2012/06/13 02:19:31 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\EaseUS Data Recovery Wizard Free Edition 5.5.1.lnk
[2012/06/12 16:10:59 | 000,000,672 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/06/11 16:13:46 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Photo Recovery 3.0.1 Demo.lnk
[2012/06/11 12:32:07 | 000,000,872 | ---- | M] () -- C:\Users\Bongo\Desktop\Blu-ray Disc Suite.lnk
[2012/06/11 12:26:43 | 000,016,384 | ---- | M] (BitLeader) -- C:\Windows\System32\lgfwunis.exe
[2012/06/11 12:16:59 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink BD_Advisor.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/10 09:45:02 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3046707503-3007279315-2951142500-1000UA.job
[2012/07/10 09:45:01 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3046707503-3007279315-2951142500-1000Core.job
[2012/06/28 11:00:55 | 000,001,598 | ---- | C] () -- C:\Users\Bongo\Documents\photo.bru
[2012/06/24 12:35:05 | 000,001,598 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/24 12:33:42 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/06/23 19:11:58 | 000,000,754 | ---- | C] () -- C:\Users\Public\Desktop\AudioScore Ultimate Demo.lnk
[2012/06/23 14:42:44 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.1.lnk
[2012/06/23 14:42:44 | 000,001,798 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.1.lnk
[2012/06/21 10:10:49 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\Sibelius 6.lnk
[2012/06/21 10:10:03 | 000,000,452 | ---- | C] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2012/06/21 09:38:16 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/06/21 09:35:28 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/13 02:19:31 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\EaseUS Data Recovery Wizard Free Edition 5.5.1.lnk
[2012/06/12 16:10:59 | 000,000,672 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/06/11 16:13:46 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Photo Recovery 3.0.1 Demo.lnk
[2012/06/11 12:25:46 | 000,000,872 | ---- | C] () -- C:\Users\Bongo\Desktop\Blu-ray Disc Suite.lnk
[2012/06/11 12:16:59 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink BD_Advisor.lnk
[2012/02/18 22:53:24 | 000,003,512 | ---- | C] () -- C:\Windows\TVAfaDrv.ini
[2012/02/18 22:53:21 | 000,000,308 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2012/02/18 19:11:41 | 000,000,366 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011/09/11 12:29:52 | 000,000,291 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2011/09/11 12:29:51 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2011/09/08 15:01:02 | 000,001,024 | -HS- | C] () -- C:\Windows\System32\msi32e01.dat
[2011/08/24 11:54:57 | 000,200,872 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/08/01 00:58:19 | 000,000,275 | ---- | C] () -- C:\ProgramData\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2011/06/27 22:20:56 | 000,007,623 | ---- | C] () -- C:\Users\Bongo\AppData\Local\resmon.resmoncfg
[2011/06/24 13:20:18 | 000,212,992 | ---- | C] () -- C:\Windows\System32\NmUninst.exe
[2011/06/20 16:07:25 | 001,774,720 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/06/20 16:07:25 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/06/20 16:07:25 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/06/20 16:07:25 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/06/20 16:07:25 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/06/19 14:05:46 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2011/06/19 12:24:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/19 12:24:37 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

========== LOP Check ==========

[2011/06/20 12:56:13 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\AVG10
[2011/10/16 12:03:30 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Babylon
[2011/07/26 17:46:33 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\BitZipper
[2012/06/09 12:30:32 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Canon
[2011/06/21 18:28:39 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/06/08 01:15:06 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\com.adobe.configurator2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012/07/04 11:39:28 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\com.adobe.WidgetBrowser
[2012/07/07 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\DriverCure
[2011/08/18 23:58:01 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\EPSON
[2011/07/12 16:48:49 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\ERS Game Studios
[2011/08/06 13:39:10 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Garmin
[2011/07/26 18:37:45 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\HCM Updater
[2011/07/24 11:05:28 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Image-Line
[2012/05/27 19:03:44 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\KWorld Multimedia
[2011/08/09 21:08:47 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\NetMedia Providers
[2012/06/23 19:12:01 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Neuratron
[2012/06/09 21:00:14 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Nokia
[2012/06/09 20:52:17 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Nokia Suite
[2011/10/14 00:52:43 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\OpenCandy
[2012/06/12 16:12:19 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Origin
[2011/06/23 10:25:57 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\PC Suite
[2011/08/09 21:08:47 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Publish Providers
[2012/07/07 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\SpeedyPC Software
[2012/05/27 15:44:16 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Spotify
[2011/07/31 14:16:15 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/10 13:13:47 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Toontrack
[2012/02/19 13:18:40 | 000,000,000 | ---D | M] -- C:\Users\Bongo\AppData\Roaming\Vitova Ltd
[2012/02/18 22:25:59 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:9491C9C7
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E8BE05FA
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:7631EA83
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD

< End of report >
William O Brien
Active Member
 
Posts: 5
Joined: July 5th, 2012, 4:19 pm

Re: Searchnu/406 removal

Unread postby melboy » July 10th, 2012, 8:08 am

cannot send extras.txt due to amount of characters.
In this instance you may zip & attach the log using the forums Upload Attachment feature.

Image
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Searchnu/406 removal

Unread postby William O Brien » July 11th, 2012, 5:03 am

For some reason or another when I try to browse to the extras file location there is no response when I click the browse button. Here is the text file.
OTL Extras logfile created on: 10/07/2012 09:58:36 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Bongo\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 55.31% Memory free
6.50 Gb Paging File | 4.87 Gb Available in Paging File | 75.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 57.81 Gb Total Space | 2.77 Gb Free Space | 4.80% Space Free | Partition Type: NTFS
Drive D: | 91.24 Gb Total Space | 71.68 Gb Free Space | 78.56% Space Free | Partition Type: NTFS
Drive E: | 45.05 Gb Total Space | 35.59 Gb Free Space | 79.00% Space Free | Partition Type: NTFS
Drive F: | 3.40 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 6.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 93.37 Gb Total Space | 6.70 Gb Free Space | 7.18% Space Free | Partition Type: NTFS
Drive I: | 37.27 Gb Total Space | 24.53 Gb Free Space | 65.83% Space Free | Partition Type: NTFS
Drive J: | 94.69 Gb Total Space | 64.51 Gb Free Space | 68.13% Space Free | Partition Type: NTFS
Drive K: | 7.47 Gb Total Space | 6.74 Gb Free Space | 90.20% Space Free | Partition Type: FAT32
Drive O: | 24.83 Gb Total Space | 9.09 Gb Free Space | 36.59% Space Free | Partition Type: NTFS
Drive P: | 24.83 Gb Total Space | 8.27 Gb Free Space | 33.30% Space Free | Partition Type: NTFS
Drive Q: | 24.83 Gb Total Space | 7.88 Gb Free Space | 31.74% Space Free | Partition Type: NTFS

Computer Name: BONGO-PC | User Name: Bongo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = jsfile] -- Reg Error: Value error. File not found

[HKEY_USERS\S-1-5-21-3046707503-3007279315-2951142500-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- Reg Error: Value error.
jsfile [open] -- Reg Error: Value error.
jsfile [print] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00399D0E-3B8A-416E-B3BB-EBA6DE347DC9}" = lport=137 | protocol=17 | dir=in | app=system |
"{0F96DDE9-BFD8-4862-AB4F-045E1DE78475}" = lport=2869 | protocol=6 | dir=in | app=system |
"{113739F2-7817-4F9A-ACEF-457E9355B362}" = lport=10243 | protocol=6 | dir=in | app=system |
"{129D257E-ABF0-47D4-89EA-96DC7B021B1F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1BBE1595-7912-4131-84D7-CC78A6B78FE4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{25E9C213-9A5F-4A2C-B174-F4A33C8BF019}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{26507AB3-2D91-468F-9218-15982EC59FA5}" = rport=445 | protocol=6 | dir=out | app=system |
"{28914BB5-B7D7-4555-A997-FB990FBAD7C1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38436EAF-F85D-4FB5-A531-C4545CB2CDAD}" = lport=6004 | protocol=17 | dir=in | app=d:\program files\microsoft office\office12\outlook.exe |
"{453A19DA-9A69-434B-9A69-549E619090A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{475B7215-CA2E-42CD-BE47-E5DC893CE354}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E932584-2A84-4514-B3EC-87D3883301EF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EEAE920-F684-47EB-A1FA-4A1DADE1971F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85A213CD-D342-41CE-A41D-6C4BEBEAD86D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D636B67-68BA-4298-A74D-055C52144129}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D8DA15C-D278-424B-A717-F25A57085BD0}" = lport=445 | protocol=6 | dir=in | app=system |
"{92E11D75-130B-4DB0-A2AE-1B124E8A96C6}" = rport=139 | protocol=6 | dir=out | app=system |
"{9FC49A01-8349-45F2-9056-ECDF1D45244E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A29BBDAF-C5A4-46EE-9AE0-BECA7CDA33FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3DA42C9-90CC-4FE0-8266-C07659F3A822}" = rport=137 | protocol=17 | dir=out | app=system |
"{CF21A462-1726-4020-92B5-A4A16D88C2FD}" = lport=138 | protocol=17 | dir=in | app=system |
"{DB87358E-8FFE-4469-B02A-C0E4D2BD7F8C}" = lport=139 | protocol=6 | dir=in | app=system |
"{E15D4E94-7F25-4A7B-A268-2A607BF24174}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F70E83B6-B54A-4FB9-939E-59811213A39D}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13E76EC8-3D80-432A-B303-5B84ADDB4278}" = protocol=17 | dir=in | app=c:\users\bongo\downloads\sweetimsetup.exe |
"{140EDF4F-DF1B-4722-B6A1-F8748EB8704C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2132ED3A-5AEA-42DB-8B7F-8CD3B5EE24F9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21BFBB67-8EE5-4EFC-932F-39FDF05CA3C3}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{236D8BE1-DEDF-4E33-8FE2-3F0E1FB67113}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23F404D2-5BAE-4477-BDF6-640DC8526CAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3A6CB0B8-4B02-464D-A787-C9B3349A561B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B86FEFD-CD6D-4730-80F5-76D47A5F79AF}" = protocol=17 | dir=in | app=q:\games\halo2.exe |
"{4501E049-59DC-4DCD-84AE-4DA46B834E12}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{49E294C8-43F9-45AA-A4EA-AAA0C67C0E7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B8A6258-CB4E-4FB4-8CA5-B5E4EFA5E765}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{688A241B-EB3A-40D8-88D1-2582817C25CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{68CE69A9-0C0E-4705-8E18-858C9BCB0A47}" = protocol=6 | dir=in | app=d:\program files\sibelius software\sibelius 6\regtool.exe |
"{6A1FE6C3-928E-45FC-85CA-3979C59DCDE2}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office12\onenote.exe |
"{6C0D58B7-7A43-4143-B79F-4226FB12153F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{73131968-CA71-4E42-9F1E-7939841A4E56}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{73390B92-35F0-4214-BD32-421DE28C0161}" = dir=in | app=d:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{770114A0-45BB-4EBD-B7B0-65D8416CF3C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{798706DC-4DF1-46C4-9D32-4E6FE73A9C4D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7C8591EC-1186-4C65-8EAB-295887A29FD1}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office12\onenote.exe |
"{7E1663C7-B308-49ED-A89E-74F355ACB611}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8442E492-89EB-448B-AEF5-41D178777474}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{857D2F5F-7FE4-476B-A0BC-6EDD7FA11AA1}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office12\groove.exe |
"{8D53A00D-B7E6-44F5-8D97-EC467C47EF1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95B5AF54-C255-4F5D-967F-E37F79E2EFDA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A87D0511-977F-4069-89E9-4910936792D5}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office12\groove.exe |
"{C8972D80-31D0-46AE-85B2-0F469E946F95}" = protocol=17 | dir=in | app=d:\program files\sibelius software\sibelius 6\regtool.exe |
"{CD774E46-C377-4C1A-A426-1093275A5613}" = protocol=6 | dir=in | app=d:\program files\sibelius software\sibelius 6\sibelius.exe |
"{CEADB828-E519-4C29-A978-BB8D056E524D}" = protocol=6 | dir=out | app=system |
"{D51A5B47-3D59-4CEE-A2FA-AE703BD810DD}" = protocol=6 | dir=in | app=q:\games\halo2.exe |
"{D5C469D5-0D47-49F4-A82B-EE132ED2699E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D5CBC69E-584C-4999-956B-F1CB708131C6}" = dir=in | app=d:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{D75C0F16-11AC-478E-94E1-3FD65C5F5343}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E77634C5-EA83-4CF1-AC28-F2EB02F32087}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EEC022EF-76AD-43CB-897D-7C5AE94767DB}" = protocol=17 | dir=in | app=d:\program files\sibelius software\sibelius 6\sibelius.exe |
"{F0EA9105-1880-41C9-83F8-0F5B898461EB}" = protocol=6 | dir=in | app=c:\users\bongo\downloads\sweetimsetup.exe |
"{F3B49670-5D7F-4208-AB51-262650773EE1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{5823C0AE-0477-4AAB-89EE-589FDAA98E31}D:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{E6D6F10F-0837-4C6F-9C4C-D9CFF99ABC4F}C:\program files\kworld multimedia\hypermedia\liveupdate\liveupdate.exe" = protocol=6 | dir=in | app=c:\program files\kworld multimedia\hypermedia\liveupdate\liveupdate.exe |
"UDP Query User{AED5876D-F05B-47B8-A574-0FFAAB96B671}C:\program files\kworld multimedia\hypermedia\liveupdate\liveupdate.exe" = protocol=17 | dir=in | app=c:\program files\kworld multimedia\hypermedia\liveupdate\liveupdate.exe |
"UDP Query User{D3D5FCC5-3C32-487D-A58B-F2220D78A60E}D:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0562047E-BB70-4E41-BD33-978DAD28DB3A}" = MetaDMS Scan Software
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D007C7C-5813-4FDE-9E61-63A63DD1A0CD}" = Macrium Reflect - Free Edition
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C99893D-BC98-4456-AA3E-B67AB42301A6}" = E-MU USB Audio
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2920232-19DA-44FC-835F-68E427EAE2CE}" = Telescope Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C1575982-F1CA-46DC-A77D-43FF12F2EFC7}" = Adobe Photoshop Lightroom 4.1
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ASIO4ALL" = ASIO4ALL
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Creative Centrale" = Creative Centrale
"EaseUS Data Recovery Wizard Free Edition 5.5.1_is1" = EaseUS Data Recovery Wizard Free Edition 5.5.1
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 6.0.1 Professional
"EASEUS Photo Recovery 3.0.1 Demo_is1" = EASEUS Photo Recovery 3.0.1 Demo
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FL Studio 10" = FL Studio 10
"HyperMedia_is1" = HyperMedia Software
"HyperMediaCenter 3.6_is1" = HyperMediaCenter 3.6
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"KWorld Afa Device Utilities_is1" = KWorld Multimedia -- Afa Device Utilities
"KWorld DVB-T USB BDA Driver_is1" = KWorld DVB-T USB BDA Driver
"KWorld USB DVB-T BDA Driver_is1" = KWorld USB DVB-T BDA Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NetMos Technology" = NetMos Multi-IO Controller
"Neuratron AudioScore Ultimate Demo" = Neuratron AudioScore Ultimate Demo
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Origin" = Origin
"Rapport_msi" = Rapport
"Recover Keys_is1" = Recover Keys
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.91
"SpeedFan" = SpeedFan (remove only)
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3046707503-3007279315-2951142500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06/07/2012 07:47:37 | Computer Name = Bongo-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "D:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 07/07/2012 14:12:29 | Computer Name = Bongo-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 07/07/2012 14:12:29 | Computer Name = Bongo-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 07/07/2012 14:32:22 | Computer Name = Bongo-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 07/07/2012 14:32:22 | Computer Name = Bongo-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 08/07/2012 06:00:27 | Computer Name = Bongo-PC | Source = VSS | ID = 8194
Description =

Error - 08/07/2012 06:00:35 | Computer Name = Bongo-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary MpKsl2fc4b974. System Error: The system cannot find the file specified.
.

Error - 08/07/2012 06:06:07 | Computer Name = Bongo-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary MpKsl2fc4b974. System Error: The system cannot find the file specified.
.

Error - 08/07/2012 10:22:32 | Computer Name = Bongo-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary MpKsl2fc4b974. System Error: The system cannot find the file specified.
.

Error - 09/07/2012 23:03:12 | Computer Name = Bongo-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\asio4all
v2\a4apanel64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 09/07/2012 23:04:06 | Computer Name = Bongo-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "D:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 08/07/2012 08:25:25 | Computer Name = Bongo-PC | Source = MCUpdate | ID = 0
Description = 13:25:07 - Error connecting to the internet. 13:25:07 - Internet
connection not configured.. 13:25:07 - Error connecting to the internet. 13:25:07
- Unable to contact server..

Error - 08/07/2012 09:25:39 | Computer Name = Bongo-PC | Source = MCUpdate | ID = 0
Description = 14:25:25 - Error connecting to the internet. 14:25:25 - Internet
connection not configured.. 14:25:25 - Error connecting to the internet. 14:25:25
- Unable to contact server..

Error - 09/07/2012 19:53:06 | Computer Name = Bongo-PC | Source = MCUpdate | ID = 0
Description = 00:53:05 - Error connecting to the internet. 00:53:05 - Internet
connection not configured.. 00:53:05 - Error connecting to the internet. 00:53:05
- Unable to contact server..

Error - 09/07/2012 20:01:17 | Computer Name = Bongo-PC | Source = MCUpdate | ID = 0
Description = 00:53:06 - Error connecting to the internet. 00:53:06 - Internet
connection not configured.. 00:53:06 - Error connecting to the internet. 00:53:06
- Unable to contact server..

Error - 09/07/2012 21:02:20 | Computer Name = Bongo-PC | Source = MCUpdate | ID = 0
Description = 02:02:20 - Error connecting to the internet. 02:02:20 - Internet
connection not configured.. 02:02:20 - Error connecting to the internet. 02:02:20
- Unable to contact server..

Error - 09/07/2012 21:18:23 | Computer Name = Bongo-PC | Source = MCUpdate | ID = 0
Description = 02:02:25 - Error connecting to the internet. 02:02:25 - Internet
connection not configured.. 02:02:25 - Error connecting to the internet. 02:02:25
- Unable to contact server..

Error - 09/07/2012 22:18:27 | Computer Name = Bongo-PC | Source = MCUpdate | ID = 0
Description = 03:18:27 - Error connecting to the internet. 03:18:27 - Internet
connection not configured.. 03:18:27 - Error connecting to the internet. 03:18:27
- Unable to contact server..

Error - 09/07/2012 22:18:56 | Computer Name = Bongo-PC | Source = MCUpdate | ID = 0
Description = 03:18:27 - Error connecting to the internet. 03:18:27 - Internet
connection not configured.. 03:18:27 - Error connecting to the internet. 03:18:27
- Unable to contact server..

Error - 09/07/2012 23:19:02 | Computer Name = Bongo-PC | Source = MCUpdate | ID = 0
Description = 04:19:02 - Error connecting to the internet. 04:19:02 - Internet
connection not configured.. 04:19:02 - Error connecting to the internet. 04:19:02
- Unable to contact server..

Error - 09/07/2012 23:21:22 | Computer Name = Bongo-PC | Source = MCUpdate | ID = 0
Description = 04:19:02 - Error connecting to the internet. 04:19:02 - Internet
connection not configured.. 04:19:02 - Error connecting to the internet. 04:19:02
- Unable to contact server..

[ OSession Events ]
Error - 30/06/2011 18:50:11 | Computer Name = Bongo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05/10/2011 20:38:42 | Computer Name = Bongo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
tcpipBM

Error - 06/10/2011 08:50:56 | Computer Name = Bongo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
tcpipBM

Error - 06/10/2011 19:07:35 | Computer Name = Bongo-PC | Source = volsnap | ID = 393245
Description = The shadow copies of volume C: were aborted during detection.

Error - 06/10/2011 19:08:18 | Computer Name = Bongo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
tcpipBM

Error - 07/10/2011 05:40:32 | Computer Name = Bongo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
tcpipBM

Error - 08/10/2011 06:24:44 | Computer Name = Bongo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
tcpipBM

Error - 08/10/2011 11:43:46 | Computer Name = Bongo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
tcpipBM

Error - 08/10/2011 20:03:25 | Computer Name = Bongo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
tcpipBM

Error - 08/10/2011 20:08:05 | Computer Name = Bongo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
tcpipBM

Error - 08/10/2011 20:11:12 | Computer Name = Bongo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
tcpipBM


< End of report >
William O Brien
Active Member
 
Posts: 5
Joined: July 5th, 2012, 4:19 pm

Re: Searchnu/406 removal

Unread postby melboy » July 11th, 2012, 3:00 pm

Hello William.

You have Microsoft Office Enterprise 2007 installed. May I ask how you obtained the software?

MGADiag

Download the diagnostic tool MGADiag and save it to your desktop.

  • Double-click on MGADiag.exe.
  • Click Run and Run again.
  • Click Continue, then Copy.
  • Paste the report in your next reply.



CKScanner

Download CKScanner from here. Important - Save it to your desktop.

Please Run the program only once.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Searchnu/406 removal

Unread postby William O Brien » July 11th, 2012, 6:43 pm

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {0723EA18-303B-46C8-9D9D-69C70BFDD2AE}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0723EA18-303B-46C8-9D9D-69C70BFDD2AE}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-3046707503-3007279315-2951142500</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>ASUS StrikerExtreme ACPI BIOS Revision 2002</Version><SMBIOSVersion major="2" minor="4"/><Date>20100301000000.000000+000</Date></BIOS><HWID>F19E3807018400FA</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>BFA1BA7EE2576D0</Val><Hash>iLPK0PGebwERsvMynySEIjfD6zM=</Hash><Pid>81599-872-2968253-65219</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-2057-7600.0000-1702011
Installation ID: 007770639204879281894692722583254243437036692166286350
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 11/07/2012 23:34:08

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 6:7:2012 23:41
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OAAAAAIAAgABAAEAAgABAAAABAABAAEA6GGgeXZQ4r2SAKw7yPD6MZr1BnsX6EaGWJY6GwhgKoU=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC Nvidia ASUSACPI
FACP Nvidia ASUSACPI
HPET Nvidia ASUSACPI
MCFG Nvidia ASUSACPI
SSDT Nvidia ASUSACPI
SLIC ACRSYS ACRPRDCT


CKScanner - Additional Security Risks - These are not necessarily bad
hosts 127.0.0.1 activate.adobe.com
scanner sequence 3.NA.11.HFABBS
----- EOF -----
William O Brien
Active Member
 
Posts: 5
Joined: July 5th, 2012, 4:19 pm

Re: Searchnu/406 removal

Unread postby Gary R » July 12th, 2012, 1:35 am

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware