Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspect virus, malware, etc. intrusion

Started by JohnGo , May 19 2011 07:55 AM

  • This topic is locked This topic is locked

#1
JohnGo
Posted 19 May 2011 - 07:55 AM

JohnGo

    Member

  • Member
  • PipPipPip
  • 339 posts
Hello, I would very much appreciate some help to get my computer working again. It is an hp pavilion zv5000. The operating system is XP Home edition ServicePack 3. The hard drive is 60gb with about 35gb free. There is 640mb ram.

The computer was being used for college work by my daughter so I havent't seen it for awhile until she brought it home. I have checked it out and find that it's very slow, taking several minutes to open programs, go on line, etc.

At first when it slowly booted up, the desktop icons would appear but the background would not appear. It would show a white background. An error message pops up saying "error loading C:\windows\mrmspg.dll special module could not be found". Click "ok" and the message goes away and the computer comes up.

I then ran antivirus, malwarebytes, and ad-aware. They found 5 virus, some of which were trojans. Those were eliminated but the computer is still too slow. I am using another computer for this consultation. What can I do next?
  • 0

Advertisements

#2
maliprog
Posted 23 May 2011 - 01:07 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello JohnGo and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please download ResetDMA from the link bellow. You must right click on the link and choose Save as.... Save it as resetdma.vbs on your desktop

ResetDMA

Double click it to run it.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
It would be helpful if you could post each log in separate post
  • 0

#3
JohnGo
Posted 23 May 2011 - 07:59 PM

JohnGo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 339 posts
It will not run ResetDMA. It gives a "Program Start message" saying this program will now reset the dma status of all ATA drives with windows drivers. Windows will redetect the status after the next reboot, therefore this procedure should be harmless.

I click OK and this message appears: "Program finished normally" The following ATA channels have been reset: Master of primary IDE channel; Master of secondary IDE channel; Please reboot now to reset and redetect the DMA status.

After reboot, I tried to run again and this time after I click OK, it gives a message "Program finished normally" No resettable ATA channels with windows drivers found therefore nothing changed.

Another attempt to run ResetDMA yields the same results with the same messages.
  • 0

#4
maliprog
Posted 23 May 2011 - 11:38 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi JohnGo,

You did it first time right. It has reseted your ATA Channels and your system should be a lot faster now. What do say? Is it faster and what problems do you have now?
  • 0

#5
JohnGo
Posted 24 May 2011 - 07:25 AM

JohnGo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 339 posts
When it boots up to desktop, a message pops up "RUNDLL Error loading C:\windows\mrmspg.dll. The specified module could not be found". I can click OK and the message goes away.

I can go to your site (forum) but it takes minutes instead of seconds. After the forum page opens it takes awhile for the graphics to appear. It takes 2+ minutes to open MY COMPUTER. Takes 1:39 to open NETWORK CONNECTIONS, etc.

It is very slow navigating the internet. I have a desktop computer sitting beside the problem laptop and both are running on wifi. The PC acts normally on the internet.
  • 0

#6
maliprog
Posted 24 May 2011 - 07:40 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Can you run OTL scan as instructed in Step 2 and post log here for me.
  • 0

#7
JohnGo
Posted 24 May 2011 - 08:48 AM

JohnGo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 339 posts
I don't believe it created a OTL Extras Log.

OTL logfile created on: 5/24/2011 9:23:15 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\John\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

638.98 Mb Total Physical Memory | 342.52 Mb Available Physical Memory | 53.60% Memory free
1.52 Gb Paging File | 0.98 Gb Available in Paging File | 64.25% Paging File free
Paging file location(s): C:\pagefile.sys 957 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 34.41 Gb Free Space | 61.58% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/24 09:20:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.scr
PRC - [2011/05/09 20:12:36 | 004,350,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgmfapx.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/03/27 10:57:18 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/27 10:57:17 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/17 10:31:24 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/05/01 23:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/27 22:30:12 | 000,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
PRC - [2005/05/19 15:48:34 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe
PRC - [2004/08/19 14:50:18 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/03/04 10:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2002/09/20 18:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/05/24 09:20:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.scr
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/05/01 23:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/03/27 10:57:17 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2005/12/27 22:30:12 | 000,071,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2005/05/19 15:48:34 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)
SRV - [2002/09/20 18:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/20 19:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/07/12 05:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 05:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/02/26 20:33:46 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/01/28 15:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/01/28 15:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2005/12/27 22:30:12 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2005/11/16 16:42:48 | 000,045,056 | ---- | M] (InterVideo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iviVD.sys -- (iviVD)
DRV - [2005/06/16 07:17:54 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2005/05/19 15:48:24 | 000,070,016 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2004/08/24 06:19:00 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/04 13:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/04/14 12:52:22 | 000,005,632 | R--- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2004/04/14 11:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/25 17:54:24 | 000,680,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/23 10:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/07 22:40:00 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/08 19:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2003/06/06 15:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/04/23 10:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/02/18 19:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2002/03/08 15:40:10 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {9ee802e8-c931-47ab-b570-aa8f791598ca} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = úp’w
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ˆ
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = ë

========== FireFox ==========

FF - prefs.js..network.proxy.autoconfig_url: "ë"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/03/03 11:14:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/03/03 11:14:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/18 22:03:39 | 000,000,000 | ---D | M]

[2010/02/20 20:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3oxsylyo.default\extensions
[2007/11/29 10:28:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3oxsylyo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/11/29 11:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/03 11:14:51 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2010/03/03 11:14:52 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2010/03/03 11:14:52 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2006/11/09 16:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\psc1350\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\psc1350\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9EE802E8-C931-47AB-B570-AA8F791598CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [Ireqekifenifij] File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\psc1350\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\psc1350\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/18 06:58:23 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O33 - MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\Shell\AutoRun\command - "" = F:\rcaeasyrip_setup.exe
O33 - MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\Shell\install\command - "" = F:\rcaeasyrip_setup.exe
O33 - MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\Shell\usermanualEnglish\command - "" = F:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\Shell\usermanualFrench\command - "" = F:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\Shell\usermanualSpanish\command - "" = F:\rcaeasyrip_setup.exe /pdf_Spanish
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/24 09:20:13 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.scr
[2011/05/23 18:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\My eMusic
[2011/05/18 22:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/18 21:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/05/18 21:00:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John\Recent
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/24 09:20:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.scr
[2011/05/24 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2011/05/24 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/05/24 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/05/24 08:54:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/24 08:03:44 | 115,858,167 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/24 08:00:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/05/24 08:00:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2011/05/24 08:00:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/05/24 07:49:12 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/24 07:49:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/24 07:48:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/23 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2011/05/23 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/05/23 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/05/23 20:23:58 | 000,003,083 | ---- | M] () -- C:\Documents and Settings\John\Desktop\resetdma.vbs
[2011/05/23 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2011/05/23 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/05/23 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/05/23 19:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2011/05/23 19:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/05/23 19:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/05/23 18:57:05 | 000,653,279 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/05/23 18:41:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/19 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2011/05/19 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/05/19 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/05/19 07:00:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/05/19 07:00:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2011/05/19 07:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/05/18 22:28:22 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2011/05/18 22:12:27 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/18 22:03:57 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/18 22:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2011/05/18 22:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/05/18 22:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/05/18 21:01:50 | 000,014,364 | ---- | M] () -- C:\Documents and Settings\John\My Documents\cc_20110518_210127.reg
[2011/05/18 20:58:35 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/18 19:05:38 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/05/17 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2011/05/17 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/05/17 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/05/16 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2011/05/16 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/05/16 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/05/14 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2011/05/14 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/05/14 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/05/14 17:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2011/05/14 17:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/05/14 17:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/05/14 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2011/05/14 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/05/14 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/05/14 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2011/05/14 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/05/14 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/05/14 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2011/05/14 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/05/14 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/05/14 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2011/05/14 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/05/14 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/05/11 21:30:05 | 000,380,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/11 21:30:05 | 000,052,962 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/11 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2011/05/11 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/05/11 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/04/29 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/04/29 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2011/04/29 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/04/29 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2011/04/29 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/04/29 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/04/29 00:47:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/23 20:23:58 | 000,003,083 | ---- | C] () -- C:\Documents and Settings\John\Desktop\resetdma.vbs
[2011/05/18 22:03:57 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/18 21:01:33 | 000,014,364 | ---- | C] () -- C:\Documents and Settings\John\My Documents\cc_20110518_210127.reg
[2010/04/01 22:00:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/02/07 12:41:45 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\John\Application Data\$_hpcst$.hpc
[2009/11/27 16:38:55 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/08/10 07:29:03 | 000,002,580 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/06/29 23:12:39 | 000,003,472 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/06/23 22:27:29 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/23 22:27:29 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/17 20:24:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/04/09 17:07:34 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/02/18 22:20:10 | 000,070,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2007/02/18 22:20:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\LxrSII1s.exe
[2007/02/18 22:20:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LxrUnplug.exe
[2007/02/09 17:44:51 | 000,019,968 | R--- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007/02/09 16:48:13 | 000,000,609 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/01/31 21:42:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/30 09:20:47 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/12/29 09:02:47 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2006/12/26 10:56:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/12/26 10:56:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/12/26 10:56:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/12/26 10:56:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/12/26 10:56:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/12/26 10:56:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/07/29 22:17:55 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/21 18:49:51 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2006/04/05 18:17:09 | 000,002,292 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2006/04/05 18:16:11 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2006/04/04 22:58:57 | 000,001,300 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/04/01 19:03:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Webspace.INI
[2005/11/09 19:32:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2005/11/09 19:28:46 | 000,000,583 | ---- | C] () -- C:\WINDOWS\A4_464.INI
[2005/11/09 18:51:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/11/09 18:49:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2005/11/09 18:49:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2005/08/26 16:28:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2005/08/16 12:38:00 | 000,001,825 | ---- | C] () -- C:\WINDOWS\tabled32.ini
[2005/05/24 07:31:09 | 000,405,588 | ---- | C] () -- C:\WINDOWS\System32\vc6-stlport-re300l.dll
[2005/05/24 07:08:49 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2005/03/29 21:06:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/03/15 18:38:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2005/03/15 18:38:11 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2005/03/15 18:38:11 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31c.exe
[2005/03/15 18:38:11 | 000,071,168 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31s.exe
[2005/03/15 18:38:11 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2005/03/15 18:38:11 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2005/03/11 14:21:06 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2005/03/11 10:58:48 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/11 10:48:14 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/11 09:36:33 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\John\Application Data\wklnhst.dat
[2005/03/11 08:40:53 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat
[2004/11/18 20:56:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/18 20:46:54 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/11/18 20:36:39 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/08/07 08:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 08:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:10:30 | 000,380,588 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 08:10:30 | 000,052,962 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 08:10:08 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 08:02:54 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 07:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 07:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/22 02:44:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/25 17:53:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/03/25 17:53:04 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/03/16 02:28:00 | 000,048,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiumfw.bin
[2003/08/28 11:47:40 | 000,396,800 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 03:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 03:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/12/27 15:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/05/18 22:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/26 19:23:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/10/11 14:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/04/12 08:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/05/18 21:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2004/11/18 21:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/08/24 08:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/02/09 19:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/08/18 18:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2009/01/05 18:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/09/17 20:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2009/11/27 15:23:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/11/27 20:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Any Video Converter
[2010/12/26 19:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\AVG10
[2008/06/23 22:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Axara
[2006/05/24 00:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\ClipMagic
[2008/08/31 12:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\CoffeeCup Software
[2005/08/19 13:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Common Files
[2010/03/03 11:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\eMusic
[2007/04/02 23:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\InterVideo
[2005/03/16 16:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Leadertech
[2008/09/04 18:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\LimeWire
[2010/12/29 21:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\MyPhotos
[2005/04/15 20:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\NetMedia Providers
[2005/11/09 18:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\NewSoft
[2005/11/10 23:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\NSBackup
[2008/08/08 20:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\OfficeGuardian
[2005/04/15 20:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Publish Providers
[2005/05/08 22:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Smith Micro
[2005/04/15 21:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Sony
[2005/03/11 09:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Template
[2009/10/18 16:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Thomson Learning
[2009/10/18 11:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Wal-Mart Digital Photo Viewer
[2011/04/08 14:31:12 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/04/29 00:47:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/05/24 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/05/19 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/05/14 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/05/14 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/05/14 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/05/14 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/05/16 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/05/11 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/05/14 17:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/05/14 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/04/29 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/05/23 19:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/05/23 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/05/23 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/05/18 22:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/05/17 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/04/15 00:24:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/04/29 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/02/22 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011/02/05 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/12/08 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/02/22 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/03/24 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2011/04/29 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/05/19 07:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011/05/24 08:00:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/05/24 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011/05/19 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/05/14 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/05/14 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/05/14 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/05/14 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011/02/05 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/05/16 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011/05/11 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/05/14 17:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011/05/14 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/05/23 19:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/05/23 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/05/23 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/05/18 22:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/05/17 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/04/15 00:24:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/12/08 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/04/29 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2011/02/22 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2011/02/05 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/12/08 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2011/03/24 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2011/04/29 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2011/05/19 07:00:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2011/05/24 08:00:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2011/05/24 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2011/05/19 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2011/03/24 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/05/14 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2011/05/14 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2011/05/14 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2011/05/14 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2011/05/16 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2011/05/11 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2011/05/14 17:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2011/05/14 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2011/05/23 19:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2011/05/23 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2011/04/29 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/05/23 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2011/05/18 22:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2011/05/17 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2011/05/19 07:00:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/05/24 08:00:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/02/14 07:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/02/14 07:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation)

< >

< End of report >
  • 0

#8
maliprog
Posted 24 May 2011 - 09:15 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please test your system after these two steps and let me know results.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = úp’w
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ˆ
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = ë
    FF - prefs.js..network.proxy.autoconfig_url: "ë"
    FF - prefs.js..network.proxy.type: 2
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - HKLM..\Run: [avast5] File not found
    O4 - HKCU..\Run: [Ireqekifenifij] File not found
    O4 - HKLM..\Run: [DXDllRegExe] File not found
    O33 - MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\Shell\AutoRun\command - "" = F:\rcaeasyrip_setup.exe
    O33 - MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\Shell\install\command - "" = F:\rcaeasyrip_setup.exe
    O33 - MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\Shell\usermanualEnglish\command - "" = F:\rcaeasyrip_setup.exe /pdf_English
    O33 - MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\Shell\usermanualFrench\command - "" = F:\rcaeasyrip_setup.exe /pdf_French
    O33 - MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\Shell\usermanualSpanish\command - "" = F:\rcaeasyrip_setup.exe /pdf_Spanish

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\tasks\At*.job

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply.

Step 2

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Confirm deletion to all infection AVP finds
Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • AVP log
It would be helpful if you could post each log in separate post
  • 0

#9
JohnGo
Posted 24 May 2011 - 01:32 PM

JohnGo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 339 posts
Note: I cannot locate the 2nd OTL log (step 1. It didnot go to desktop. Should I run it again?



AVTool Kaspersky:

OTL logfile created on: 5/24/2011 9:23:15 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\John\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

638.98 Mb Total Physical Memory | 342.52 Mb Available Physical Memory | 53.60% Memory free
1.52 Gb Paging File | 0.98 Gb Available in Paging File | 64.25% Paging File free
Paging file location(s): C:\pagefile.sys 957 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 34.41 Gb Free Space | 61.58% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/24 09:20:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.scr
PRC - [2011/05/09 20:12:36 | 004,350,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgmfapx.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/03/27 10:57:18 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/27 10:57:17 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/17 10:31:24 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/05/01 23:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/27 22:30:12 | 000,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
PRC - [2005/05/19 15:48:34 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe
PRC - [2004/08/19 14:50:18 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/03/04 10:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2002/09/20 18:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/05/24 09:20:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.scr
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/05/01 23:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/03/27 10:57:17 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2005/12/27 22:30:12 | 000,071,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2005/05/19 15:48:34 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)
SRV - [2002/09/20 18:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/20 19:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/07/12 05:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 05:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/02/26 20:33:46 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/01/28 15:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/01/28 15:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2005/12/27 22:30:12 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2005/11/16 16:42:48 | 000,045,056 | ---- | M] (InterVideo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iviVD.sys -- (iviVD)
DRV - [2005/06/16 07:17:54 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2005/05/19 15:48:24 | 000,070,016 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2004/08/24 06:19:00 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/04 13:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/04/14 12:52:22 | 000,005,632 | R--- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2004/04/14 11:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/25 17:54:24 | 000,680,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/23 10:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/07 22:40:00 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/08 19:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2003/06/06 15:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/04/23 10:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/02/18 19:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2002/03/08 15:40:10 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {9ee802e8-c931-47ab-b570-aa8f791598ca} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = úp’w
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ˆ
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = ë

========== FireFox ==========

FF - prefs.js..network.proxy.autoconfig_url: "ë"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/03/03 11:14:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/03/03 11:14:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/18 22:03:39 | 000,000,000 | ---D | M]

[2010/02/20 20:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3oxsylyo.default\extensions
[2007/11/29 10:28:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\3oxsylyo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/11/29 11:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/03 11:14:51 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2010/03/03 11:14:52 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2010/03/03 11:14:52 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2006/11/09 16:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\psc1350\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\psc1350\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9EE802E8-C931-47AB-B570-AA8F791598CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [Ireqekifenifij] File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\psc1350\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\psc1350\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/18 06:58:23 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O33 - MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\Shell\AutoRun\command - "" = F:\rcaeasyrip_setup.exe
O33 - MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\Shell\install\command - "" = F:\rcaeasyrip_setup.exe
O33 - MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\Shell\usermanualEnglish\command - "" = F:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\Shell\usermanualFrench\command - "" = F:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\Shell\usermanualSpanish\command - "" = F:\rcaeasyrip_setup.exe /pdf_Spanish
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/24 09:20:13 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.scr
[2011/05/23 18:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\My eMusic
[2011/05/18 22:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/18 21:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/05/18 21:00:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John\Recent
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/24 09:20:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.scr
[2011/05/24 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2011/05/24 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/05/24 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/05/24 08:54:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/24 08:03:44 | 115,858,167 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/24 08:00:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/05/24 08:00:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2011/05/24 08:00:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/05/24 07:49:12 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/24 07:49:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/24 07:48:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/23 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2011/05/23 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/05/23 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/05/23 20:23:58 | 000,003,083 | ---- | M] () -- C:\Documents and Settings\John\Desktop\resetdma.vbs
[2011/05/23 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2011/05/23 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/05/23 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/05/23 19:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2011/05/23 19:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/05/23 19:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/05/23 18:57:05 | 000,653,279 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/05/23 18:41:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/19 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2011/05/19 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/05/19 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/05/19 07:00:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/05/19 07:00:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2011/05/19 07:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/05/18 22:28:22 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2011/05/18 22:12:27 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/18 22:03:57 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/18 22:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2011/05/18 22:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/05/18 22:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/05/18 21:01:50 | 000,014,364 | ---- | M] () -- C:\Documents and Settings\John\My Documents\cc_20110518_210127.reg
[2011/05/18 20:58:35 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/18 19:05:38 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/05/17 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2011/05/17 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/05/17 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/05/16 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2011/05/16 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/05/16 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/05/14 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2011/05/14 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/05/14 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/05/14 17:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2011/05/14 17:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/05/14 17:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/05/14 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2011/05/14 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/05/14 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/05/14 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2011/05/14 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/05/14 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/05/14 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2011/05/14 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/05/14 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/05/14 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2011/05/14 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/05/14 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/05/11 21:30:05 | 000,380,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/11 21:30:05 | 000,052,962 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/11 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2011/05/11 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/05/11 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/04/29 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/04/29 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2011/04/29 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/04/29 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2011/04/29 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/04/29 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/04/29 00:47:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/23 20:23:58 | 000,003,083 | ---- | C] () -- C:\Documents and Settings\John\Desktop\resetdma.vbs
[2011/05/18 22:03:57 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/18 21:01:33 | 000,014,364 | ---- | C] () -- C:\Documents and Settings\John\My Documents\cc_20110518_210127.reg
[2010/04/01 22:00:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/02/07 12:41:45 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\John\Application Data\$_hpcst$.hpc
[2009/11/27 16:38:55 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/08/10 07:29:03 | 000,002,580 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/06/29 23:12:39 | 000,003,472 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/06/23 22:27:29 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/23 22:27:29 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/17 20:24:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/04/09 17:07:34 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/02/18 22:20:10 | 000,070,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2007/02/18 22:20:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\LxrSII1s.exe
[2007/02/18 22:20:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LxrUnplug.exe
[2007/02/09 17:44:51 | 000,019,968 | R--- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007/02/09 16:48:13 | 000,000,609 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/01/31 21:42:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/30 09:20:47 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/12/29 09:02:47 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2006/12/26 10:56:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/12/26 10:56:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/12/26 10:56:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/12/26 10:56:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/12/26 10:56:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/12/26 10:56:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/07/29 22:17:55 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/21 18:49:51 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2006/04/05 18:17:09 | 000,002,292 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2006/04/05 18:16:11 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2006/04/04 22:58:57 | 000,001,300 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/04/01 19:03:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Webspace.INI
[2005/11/09 19:32:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2005/11/09 19:28:46 | 000,000,583 | ---- | C] () -- C:\WINDOWS\A4_464.INI
[2005/11/09 18:51:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/11/09 18:49:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2005/11/09 18:49:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2005/08/26 16:28:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2005/08/16 12:38:00 | 000,001,825 | ---- | C] () -- C:\WINDOWS\tabled32.ini
[2005/05/24 07:31:09 | 000,405,588 | ---- | C] () -- C:\WINDOWS\System32\vc6-stlport-re300l.dll
[2005/05/24 07:08:49 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2005/03/29 21:06:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/03/15 18:38:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2005/03/15 18:38:11 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2005/03/15 18:38:11 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31c.exe
[2005/03/15 18:38:11 | 000,071,168 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31s.exe
[2005/03/15 18:38:11 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2005/03/15 18:38:11 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2005/03/11 14:21:06 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2005/03/11 10:58:48 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/11 10:48:14 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/11 09:36:33 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\John\Application Data\wklnhst.dat
[2005/03/11 08:40:53 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat
[2004/11/18 20:56:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/18 20:46:54 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/11/18 20:36:39 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/08/07 08:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 08:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:10:30 | 000,380,588 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 08:10:30 | 000,052,962 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 08:10:08 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 08:02:54 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 07:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 07:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/22 02:44:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/25 17:53:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/03/25 17:53:04 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/03/16 02:28:00 | 000,048,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiumfw.bin
[2003/08/28 11:47:40 | 000,396,800 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 03:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 03:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/12/27 15:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/05/18 22:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/26 19:23:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/10/11 14:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/04/12 08:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/05/18 21:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2004/11/18 21:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/08/24 08:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/02/09 19:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/08/18 18:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2009/01/05 18:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/09/17 20:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2009/11/27 15:23:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/11/27 20:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Any Video Converter
[2010/12/26 19:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\AVG10
[2008/06/23 22:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Axara
[2006/05/24 00:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\ClipMagic
[2008/08/31 12:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\CoffeeCup Software
[2005/08/19 13:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Common Files
[2010/03/03 11:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\eMusic
[2007/04/02 23:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\InterVideo
[2005/03/16 16:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Leadertech
[2008/09/04 18:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\LimeWire
[2010/12/29 21:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\MyPhotos
[2005/04/15 20:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\NetMedia Providers
[2005/11/09 18:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\NewSoft
[2005/11/10 23:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\NSBackup
[2008/08/08 20:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\OfficeGuardian
[2005/04/15 20:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Publish Providers
[2005/05/08 22:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Smith Micro
[2005/04/15 21:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Sony
[2005/03/11 09:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Template
[2009/10/18 16:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Thomson Learning
[2009/10/18 11:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Wal-Mart Digital Photo Viewer
[2011/04/08 14:31:12 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/04/29 00:47:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/05/24 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/05/19 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/05/14 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/05/14 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/05/14 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/05/14 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/05/16 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/05/11 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/05/14 17:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/05/14 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/04/29 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/05/23 19:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/05/23 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/05/23 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/05/18 22:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/05/17 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/04/15 00:24:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/04/29 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/02/22 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011/02/05 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/12/08 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/02/22 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/03/24 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2011/04/29 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/05/19 07:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011/05/24 08:00:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/05/24 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011/05/19 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/05/14 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/05/14 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/05/14 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/05/14 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011/02/05 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/05/16 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011/05/11 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/05/14 17:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011/05/14 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/05/23 19:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/05/23 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/05/23 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/05/18 22:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/05/17 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/04/15 00:24:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/12/08 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/04/29 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2011/02/22 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2011/02/05 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/12/08 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2011/03/24 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2011/04/29 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2011/05/19 07:00:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2011/05/24 08:00:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2011/05/24 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2011/05/19 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2011/03/24 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/05/14 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2011/05/14 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2011/05/14 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2011/05/14 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2011/05/16 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2011/05/11 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2011/05/14 17:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2011/05/14 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2011/05/23 19:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2011/05/23 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2011/04/29 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/05/23 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2011/05/18 22:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2011/05/17 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2011/05/19 07:00:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/05/24 08:00:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/02/14 07:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/02/14 07:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation)

< >

< End of report >
  • 0

#10
maliprog
Posted 24 May 2011 - 01:42 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OTL fix log is located in C:\_OTL\MovedFiles.

You didn't post me AVP Tool log. You posted old OTL log. Can you post right AVP log now.
  • 0

Advertisements

#11
JohnGo
Posted 24 May 2011 - 02:13 PM

JohnGo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 339 posts
Can you tell me where to find right ATL log?

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.
Prefs.js: "ë" removed from network.proxy.autoconfig_url
Prefs.js: 2 removed from network.proxy.type
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast5 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ireqekifenifij deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DXDllRegExe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60d34622-1e87-11df-be68-000fb04b9c30}\ not found.
File F:\rcaeasyrip_setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60d34622-1e87-11df-be68-000fb04b9c30}\ not found.
File F:\rcaeasyrip_setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60d34622-1e87-11df-be68-000fb04b9c30}\ not found.
File F:\rcaeasyrip_setup.exe /pdf_English not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60d34622-1e87-11df-be68-000fb04b9c30}\ not found.
File F:\rcaeasyrip_setup.exe /pdf_French not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60d34622-1e87-11df-be68-000fb04b9c30}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60d34622-1e87-11df-be68-000fb04b9c30}\ not found.
File F:\rcaeasyrip_setup.exe /pdf_Spanish not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\John\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\John\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.LAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 41 bytes

User: John
->Temp folder emptied: 23273 bytes
->Temporary Internet Files folder emptied: 1766253 bytes
->Java cache emptied: 23029508 bytes
->FireFox cache emptied: 2465570 bytes
->Google Chrome cache emptied: 6042513 bytes
->Flash cache emptied: 1971055 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33438 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57609155 bytes
->Flash cache emptied: 1434 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70043545 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 156.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.LAPTOP

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: John
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 05242011_104003

Files\Folders moved on Reboot...
C:\Documents and Settings\John\Local Settings\Temp\WCESLog.log moved successfully.

Registry entries deleted on Reboot...
  • 0

#12
JohnGo
Posted 24 May 2011 - 02:38 PM

JohnGo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 339 posts
Sorry, I meant to say AVPtool log in previous post.
  • 0

#13
maliprog
Posted 25 May 2011 - 12:14 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi JohnGo,

First tell me how is your system now? Any changes?
  • 0

#14
JohnGo
Posted 25 May 2011 - 07:07 AM

JohnGo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 339 posts
It opens programs better and goes on internet faster. except when something is running in background like AVG update, etc, which is not normal for this machine.
  • 0

#15
maliprog
Posted 25 May 2011 - 07:42 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Nice to hear that. AVG usually takes a little more resources then usual. Let's try to speed your system a little bit.

Step 1

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

Run the tool and it will disable all unnecessary sturtup entries.
Click on Continue button to save changes.

Step 2

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP