Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need to remove Virus need computer for school asap


  • This topic is locked This topic is locked

#1
MANOFKRYPTON

MANOFKRYPTON

    New Member

  • Member
  • Pip
  • 1 posts
Hello to all and thank you for your volunteer time.

I have a virus that redirects all of my online searches on search engines. There are no pop-ups or porn just more time wasted while trying to get through the last week of school. I have Maleware Bytes free and the paid full AVG 9.0 Subscription on my computer. I can run both, AVG finds the virus Malware will not detect the virus.

Note: The name of the virus is Trojan Horse Cryptic.BWD

Here is my OTL report:

OTL logfile created on: 5/9/2011 2:48:01 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 152.33 Gb Free Space | 53.05% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.77 Gb Free Space | 16.20% Space Free | Partition Type: NTFS
Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RALPH | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/09 14:47:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe.com
PRC - [2011/05/09 13:14:05 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/05/09 13:14:05 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2011/05/09 13:14:05 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2011/05/09 13:14:05 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2011/05/09 13:14:05 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2011/05/09 13:14:05 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2011/05/09 13:14:05 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2011/05/09 13:14:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2011/05/07 08:04:39 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/29 02:18:49 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 08:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/09 14:47:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe.com
MOD - [2011/05/09 13:14:47 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2011/05/09 13:14:05 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2011/05/09 13:14:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2008/10/06 08:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/05/09 13:14:46 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2011/05/09 13:14:45 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/05/09 13:14:36 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2011/05/09 13:14:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/09/26 20:13:10 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/29 06:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/06/10 10:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 08:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 18:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/10/17 15:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.lds.org"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/05/09 13:14:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2011/05/09 13:14:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 08:04:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 08:04:43 | 000,000,000 | ---D | M]

[2010/11/18 17:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2011/05/07 08:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\sj3595ip.default\extensions
[2010/11/19 13:59:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\sj3595ip.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/07 08:05:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\sj3595ip.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/18 12:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/30 13:16:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/18 12:36:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/07 08:04:39 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/07 08:04:41 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ignfgfo] File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 137.229.34.121 137.229.34.137
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 14:47:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe.com
[2011/05/09 14:32:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\gmer
[2011/05/09 13:55:35 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/05/09 13:14:47 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2011/05/09 13:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 9.0
[2011/05/09 13:14:46 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2011/05/09 13:14:45 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2011/05/09 13:14:36 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2011/05/09 13:14:35 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2011/05/09 13:14:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2011/05/09 13:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/05/09 13:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2011/04/23 08:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/23 08:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/23 08:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/10 18:03:43 | 000,426,075 | ---- | C] (Atheros) -- C:\Windows\System32\wgapi.dll
[2011/04/10 18:03:43 | 000,413,765 | ---- | C] (Atheros) -- C:\Windows\System32\wcapi.dll
[2011/04/10 18:03:43 | 000,335,964 | ---- | C] (Atheros) -- C:\Windows\System32\wcapiU.dll
[2011/04/10 18:03:43 | 000,311,391 | ---- | C] (Atheros) -- C:\Windows\System32\athcfg20U.dll
[2011/04/10 18:03:43 | 000,299,080 | ---- | C] (Atheros) -- C:\Windows\System32\athcfg20.dll
[2011/04/10 18:03:43 | 000,127,080 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg20resU.dll
[2011/04/10 18:03:43 | 000,127,054 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg20res.dll
[2011/04/10 18:03:43 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\Downloads\Documents\*.tmp files -> C:\Users\Owner\Downloads\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/09 14:48:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-217932776-3245697268-3369205918-1000UA.job
[2011/05/09 14:47:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe.com
[2011/05/09 14:29:10 | 000,293,775 | ---- | M] () -- C:\Users\Owner\Desktop\gmer.zip
[2011/05/09 13:33:24 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/05/09 13:32:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 13:32:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 13:32:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/09 13:32:44 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/09 13:17:17 | 075,787,241 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/05/09 13:14:47 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2011/05/09 13:14:47 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2011/05/09 13:14:46 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2011/05/09 13:14:45 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2011/05/09 13:14:36 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2011/05/09 13:14:35 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2011/05/09 13:14:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2011/05/09 11:50:02 | 000,002,042 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2011/05/09 11:50:02 | 000,002,004 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/08 00:48:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-217932776-3245697268-3369205918-1000Core.job
[2011/05/03 11:02:27 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/04/25 22:18:16 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/25 22:18:16 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/23 09:47:04 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2011/04/23 08:29:06 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/22 09:36:32 | 000,007,052 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/04/14 08:47:23 | 000,307,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\Downloads\Documents\*.tmp files -> C:\Users\Owner\Downloads\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/09 14:29:05 | 000,293,775 | ---- | C] () -- C:\Users\Owner\Desktop\gmer.zip
[2011/05/09 13:14:47 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2011/05/09 13:14:35 | 075,787,241 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/05/09 13:14:35 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2011/05/07 08:04:43 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/23 08:29:06 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/22 14:42:49 | 000,007,052 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/11/18 23:19:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/18 23:19:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/18 17:18:02 | 000,026,112 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/17 12:09:20 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/04/22 06:10:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/06 12:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/07/06 12:14:06 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/29 06:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,307,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/11/18 09:18:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10
[2011/03/03 21:39:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NJStar
[2011/05/09 14:43:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2011/05/09 12:21:12 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/01/08 02:58:02 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ᰨΧ
[2011/01/08 02:58:02 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ᰨΧ

< End of report >

OTL Extras logfile created on: 5/9/2011 2:48:01 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 152.33 Gb Free Space | 53.05% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.77 Gb Free Space | 16.20% Space Free | Partition Type: NTFS
Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RALPH | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B6B266-441B-442E-AC7F-F5092FD969B3}" = rport=138 | protocol=17 | dir=out | app=system |
"{1D985764-F909-4FB0-B218-EBDC58DFCC85}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{204B412F-463F-453A-92D6-BF4856271F49}" = lport=139 | protocol=6 | dir=in | app=system |
"{2173A23B-435C-4D49-B487-8727054C6316}" = lport=445 | protocol=6 | dir=in | app=system |
"{2222DE71-7DE1-4297-A175-FA7D74FD32EA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{28A3A864-230F-4921-9352-9FBFBCC2C6B1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C1F0163-5496-41B4-8051-B328ED6FDEF4}" = lport=137 | protocol=17 | dir=in | app=system |
"{30BCE0F6-D8B3-4F1C-8A08-EC933BA0CBBE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40984B83-8412-46D9-B568-C85165176DFA}" = lport=138 | protocol=17 | dir=in | app=system |
"{4FA9D79C-679F-4618-8FD7-8B647BA56258}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{52D7D52E-FEE1-4EA1-B6D1-2FCE443C7660}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{736CE4FD-0273-4890-A7D9-64982AD58678}" = rport=10243 | protocol=6 | dir=out | app=system |
"{87363C95-F493-47E6-89A1-D15C8AD7BE40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2CBF53D-32AF-44E6-8F1B-0AF82D9ABE2D}" = rport=139 | protocol=6 | dir=out | app=system |
"{B04BE6F7-A931-43E8-BEE1-E92F957AA15A}" = rport=137 | protocol=17 | dir=out | app=system |
"{B4870188-238D-445A-B0CA-A57F01E99FA2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B69081B1-872B-4287-BA10-F2E2579876BF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D210EC55-B77D-4E3D-9189-D54A82524124}" = rport=445 | protocol=6 | dir=out | app=system |
"{DD7138F4-5204-4B8E-A781-C27DC5621055}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E5DFD7-2EA4-4C13-BA70-74A27CBB7391}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{152D1F08-360B-4485-8D34-7FFAD465336F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{16D79E9F-ABA0-4447-A854-FBB0C78D1535}" = protocol=6 | dir=in | app=c:\program files\ubisoft\lost via domus\detection\launcher.exe |
"{1C4E66B5-7B50-4613-BFA9-5CDED37549BC}" = protocol=1 | dir=in | [email protected],-28543 |
"{25CCD0E3-089E-4A29-9B2A-A3A3E795E13A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{29F2316B-495D-4191-8859-9C02805802C5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\lost via domus\detection\launcher.exe |
"{2BCDAA0A-DE3B-4B3D-BB97-9ECE00DCFAD4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{2D643C46-D6FE-44D9-BAEA-2AD576509C70}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D85EF63-4AB5-4D74-9241-D6BC6D0B537D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{306E53FE-D924-46FC-8814-DFEEBE93DA59}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{34D474D0-31F3-4601-B1FC-012F3077537C}" = protocol=58 | dir=in | [email protected],-28545 |
"{368CEA95-78B0-46D7-A931-AFBF7B9CEFB0}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{3DAA23D2-0787-4F29-A593-AE1A012F501A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3E2B5D44-9AB6-43A5-88B3-57B776041DE7}" = protocol=17 | dir=in | app=c:\program files\ubisoft\lost via domus\yeti_final_win32.exe |
"{4C7319FA-DBB3-4A3A-8514-C993D3A2FF0D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{572489B2-854C-4029-A275-AB1FC4034E38}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{5AC49F6F-FDD2-4220-AFA5-BE0B0ADEEAA1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5EDD18D5-BD8D-48A9-8BD1-3A72C7A1611F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{6132C566-BF96-4177-9427-BE8AE0F4BFE4}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6470FB4A-5782-44D3-B8B0-F572E636D271}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{67004B62-3794-4AB7-919F-C6EB00B24213}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6BA2A220-2B47-4675-9AFE-E57913A54EFF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{713C2F0F-1929-471A-941A-8B4AC28D926E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D5C2548-8A16-455C-9421-D77F30105B92}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7D94FD83-6FB3-4503-9352-AFC926FEB8E0}" = protocol=58 | dir=out | [email protected],-203 |
"{7DD0C2B5-B5DD-4C06-9005-AD0A89CE5004}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88189F51-7C84-435F-AFEE-9D8D8E3D8DD7}" = protocol=58 | dir=in | app=system |
"{8E16610A-9B2F-432B-AB65-6B4E6E220F45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9593BDA7-0314-46FC-BAF3-67FEC47266C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C4EDADF-86A3-474C-B8C7-597BE02D3350}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DE52564-B974-4B94-9832-035107D97D1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2EC0635-4C7E-4228-B09C-2BCFC1D7AE09}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A66E5C7D-6AF4-41E5-87BA-934CCE7F66CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A731221D-1C6F-481F-A9A8-A0349F3DD7CC}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{AB94ABC1-4EBF-45BD-8929-49FE0B65EDC5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B24339A5-0E3A-48B4-87FE-AFE76ACABF8E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\lost via domus\gu.exe |
"{B5D54D62-DA15-4CE9-AED4-4A8A0A74965B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\lost via domus\yeti_final_win32.exe |
"{BED66C9C-6770-4A6C-BFE8-39D37D83369C}" = protocol=6 | dir=out | app=system |
"{BEFBBBD4-B188-402A-94A7-F303F8D60699}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{BF51BF0B-F020-4653-AC58-84C8A7D154DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD6D79A6-4C3F-4CA7-8EC0-657A9217906E}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{D00D7D09-28E6-43DA-9ADE-F3C079C4F890}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{D39A4B3D-62D4-4370-80E2-669A35C1E679}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{D5D5B143-00F2-4A86-8F18-C3A93485E480}" = protocol=17 | dir=in | app=c:\program files\ubisoft\lost via domus\gu.exe |
"{DA5F64FE-C054-4734-9F2C-202C156F8748}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{E0910E95-4685-47E5-9449-FDA457033D8A}" = protocol=58 | dir=out | [email protected],-28546 |
"{E3A3949C-E165-4483-9325-A976AA239414}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{EBA5B96F-2630-4DA3-9384-2F0A58F29176}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EDB68D8A-1DD7-4B6A-BCEC-BC919F10656B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{EE3F57D8-036C-46C7-8A8F-C56F0382FF84}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{F13A03E5-5D62-4D5B-B07C-4F9DD703E0D4}" = protocol=1 | dir=out | [email protected],-28544 |
"{FB8C5504-3FF2-4130-8E34-87B941AC3091}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{FFE6773A-6308-4241-B1D1-91747A4ADF1D}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{2702B8FC-6003-4AC6-ADBC-EC65746D800A}" = Lost Via Domus
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG 9.0
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Final Fantasy VII_is1" = Final Fantasy VII - Ultima Edition
"HDMI" = Intel® Graphics Media Accelerator Driver
"Heroes of Might and Magic IV" = Heroes of Might and Magic® IV The Gathering Storm
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NJStar Chinese WP" = NJStar Chinese WP
"PageRage Toolbar" = PageRage Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = My HP Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/4/2011 1:50:22 PM | Computer Name = Ralph | Source = WinMgmt | ID = 10
Description =

Error - 5/5/2011 1:15:45 AM | Computer Name = Ralph | Source = WinMgmt | ID = 10
Description =

Error - 5/5/2011 1:31:15 AM | Computer Name = Ralph | Source = WinMgmt | ID = 10
Description =

Error - 5/5/2011 5:59:56 PM | Computer Name = Ralph | Source = WinMgmt | ID = 10
Description =

Error - 5/6/2011 10:15:52 PM | Computer Name = Ralph | Source = WinMgmt | ID = 10
Description =

Error - 5/7/2011 12:52:44 AM | Computer Name = Ralph | Source = WinMgmt | ID = 10
Description =

Error - 5/7/2011 3:21:48 PM | Computer Name = Ralph | Source = WinMgmt | ID = 10
Description =

Error - 5/7/2011 3:23:46 PM | Computer Name = Ralph | Source = Application Hang | ID = 1002
Description = The program HPAdvisor.exe version 2.4.4941.2798 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ce0 Start Time: 01cc0cec02851e69 Termination Time: 18

Error - 5/7/2011 9:10:04 PM | Computer Name = Ralph | Source = WinMgmt | ID = 10
Description =

Error - 5/7/2011 10:44:22 PM | Computer Name = Ralph | Source = Application Hang | ID = 1002
Description = The program QP.exe version 3.7.0.5723 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: f70 Start Time: 01cc0d2939a131cc Termination Time: 1988

[ Media Center Events ]
Error - 4/13/2011 9:34:18 PM | Computer Name = Ralph | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 1/15/2011 11:56:12 PM | Computer Name = Ralph | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 1/15/2011 11:56:17 PM | Computer Name = Ralph | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 1/15/2011 11:56:21 PM | Computer Name = Ralph | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 1/15/2011 11:56:26 PM | Computer Name = Ralph | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 1/15/2011 11:56:31 PM | Computer Name = Ralph | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 1/15/2011 11:56:36 PM | Computer Name = Ralph | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 1/15/2011 11:56:41 PM | Computer Name = Ralph | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 1/15/2011 11:56:45 PM | Computer Name = Ralph | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 1/15/2011 11:56:50 PM | Computer Name = Ralph | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 1/15/2011 11:56:55 PM | Computer Name = Ralph | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >

Again thanks in advance!!

Ralph
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, MANOFKRYPTON! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.

Sorry for the delay.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

  • 0

#3
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP