Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bad issues with Google Redirects and Permissions


  • This topic is locked This topic is locked

#1
Cheri430

Cheri430

    Member

  • Member
  • PipPip
  • 18 posts
Hello, I am so frustrated. I have AVG 2011 Internet Security and all of it's components were deleted. I thought I could uninstall and reinstall but I wasn't able to do that. I've been dealing with AVG customer service for nearly a month. As a result of not being protected and not being able to get any free virus scans to work I now have Google Redirects and Permission Virus. I have tried your suggestion for ERunt, OTM and TDSSkiller for the redirect and it just keeps finding the same virus over and over again even after being cured. I have tried OTL, OTL.scr, OTL.com ComboFix, MBAM, exehelper.scr and rkill.com for the permsions virus. Nothing will work. they download fine but will not run. Both exehelper and rkill seemed to work but when I try MBAM immediately after running those (each at different times) it won't work. Any help with this is greatly appreciated as it seems to be getting worse all the time. It has taken over my itunes also(therefore my iPod isn't working). As a note this all started with a message after a reboot that my computer had reached all the secrets allowed. I clicked ok as there wasn't any other option and it's been downhill from there. I even received the message that I don't have the right permissions to restart my computer.
Thanks!
  • 0

Advertisements


#2
Cheri430

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
To clarify, I no longer get the message that I can't restart my computer. That was the first permissions message that I received but haven't received that particular one again.
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have access to another computer that you could use to burn a CD ?

Also can you access safe mode ?

Please print these instruction out so that you know what you are doing
  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start
  • Drag and drop this attached scan.txt into the Custom scans and fixes box, or double click the scan box
    [attachment=52208:scan.txt]
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#4
Cheri430

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thank you I'll give this a try this weekend and let you know what happens.
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will be standing by
  • 0

#6
Cheri430

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I burned the CD and will work on the rest of the steps tomorrow but I discovered something else and I don't know if it's an issue or not. I found that all of my document folders have thumbs.db in them. I delete them and they reappear as soon as I open the folder again. Is this anything to be concerned about? It's one of my pet peeves having them in my folders so I've always deleted them before and they never came back. I'm so irritated with AVG for not catching this but more so for not being of any help for a month. Thanks again. I might just end up taking this in to a local PC shop.
  • 0

#7
Cheri430

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here are the results, please let me know what to do next. thanks

OTL logfile created on: 9/4/2011 3:50:59 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 33.61 Gb Free Space | 45.13% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (sdCoreService)
SRV - File not found [Auto] -- -- (sdAuxService)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/07/26 11:16:02 | 001,025,352 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/05/21 18:19:52 | 000,598,696 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\dleacoms.exe -- (dlea_device)
SRV - [2010/05/21 18:19:46 | 000,193,192 | ---- | M] () [Auto] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe -- (dleaCATSCustConnectService)
SRV - [2009/12/09 16:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\WINDOWS\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2008/05/27 05:21:04 | 000,471,040 | ---- | M] (Atheros) [Auto] -- C:\WINDOWS\system32\acs.exe -- (ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (25226129)
DRV - [2011/09/04 03:35:20 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\3941072378 -- (fafde7ea)
DRV - [2011/08/31 22:43:41 | 000,241,152 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2011/08/30 00:19:26 | 000,206,464 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2011/02/16 09:22:48 | 000,138,496 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2010/11/09 15:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/12/01 11:32:24 | 000,458,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arusb.sys -- (arusb(SMC)) SMCWUSB-N2 802.11n Wireless USB 2.0 Adapter Service(SMC)
DRV - [2008/03/22 11:41:53 | 000,044,288 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/03/21 10:10:42 | 000,143,834 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2008/03/21 10:10:42 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2008/03/21 10:10:42 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2007/12/13 21:31:02 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2004/03/24 11:12:44 | 000,004,272 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/08/29 06:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/06/30 20:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/12/17 13:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2001/08/22 10:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.inbox.com...aspx?TbId=70001
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.inbox.com...spx?tb_id=70001


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E2 61 99 00 36 34 7F 43 AB D4 41 2B C5 7A 70 07 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Ardis_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Ardis_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\Ardis_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Ardis_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 3D D6 9E 7A 4B CB 01 [binary data]
IE - HKU\Ardis_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\Ardis_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\Ardis_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Cheri_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Cheri_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://stp.startnow....ion=5.1-x86-SP3
IE - HKU\Cheri_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://start.pogo.iplay.com/?o=shp
IE - HKU\Cheri_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E2 61 99 00 36 34 7F 43 AB D4 41 2B C5 7A 70 07 [binary data]
IE - HKU\Cheri_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\Cheri_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Cheri_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E2 61 99 00 36 34 7F 43 AB D4 41 2B C5 7A 70 07 [binary data]

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E2 61 99 00 36 34 7F 43 AB D4 41 2B C5 7A 70 07 [binary data]

IE - HKU\Owner_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\Owner_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1387
FF - prefs.js..extensions.enabledItems: [email protected]:7.007.026.001
FF - prefs.js..extensions.enabledItems: {771f3037-9885-4423-b50f-a5ede4854e26}:1.300.379
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.ftp: "192.168.1.1"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "192.168.1.1"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "192.168.1.1"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.1.1"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "192.168.1.1"
FF - prefs.js..network.proxy.ssl_port: 80


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/08/07 05:34:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 10:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/31 21:57:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/31 21:59:22 | 000,000,000 | ---D | M]

[2009/04/09 00:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cheri\Application Data\Mozilla\Extensions
[2011/09/04 01:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cheri\Application Data\Mozilla\Firefox\Profiles\25izu5ij.default\extensions
[2010/09/24 23:19:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cheri\Application Data\Mozilla\Firefox\Profiles\25izu5ij.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/24 01:24:09 | 000,000,000 | ---D | M] (InboxDollars) -- C:\Documents and Settings\Cheri\Application Data\Mozilla\Firefox\Profiles\25izu5ij.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}
[2011/06/24 01:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cheri\Application Data\Mozilla\Firefox\Profiles\25izu5ij.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}\chrome\content\dca\core\extensionManager
[2010/08/24 02:17:15 | 000,002,564 | ---- | M] () -- C:\Documents and Settings\Cheri\Application Data\Mozilla\Firefox\Profiles\25izu5ij.default\searchplugins\askcom.xml
[2011/07/16 03:44:48 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Cheri\Application Data\Mozilla\Firefox\Profiles\25izu5ij.default\searchplugins\bing-zugo.xml
[2011/06/23 22:02:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Cheri\Application Data\Mozilla\Firefox\Profiles\25izu5ij.default\searchplugins\search-the-web.xml
[2011/09/04 01:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/22 22:13:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/07/12 10:51:39 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/08/07 05:34:30 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
[2011/08/11 22:53:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/13 00:34:36 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/05/13 00:34:36 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/08/11 22:52:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/01/02 23:38:31 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober20342468.xml
[2010/11/25 01:09:39 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober21673093.xml
[2010/08/21 20:41:06 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober22643468.xml
[2011/02/19 21:07:03 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober31909281.xml
[2010/07/13 23:21:38 | 000,001,469 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober6168625.xml
[2010/08/24 21:57:32 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober70122546.xml
[2010/12/05 01:44:53 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober87919156.xml

Hosts file not found
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\Ardis_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - Reg Error: Value error. File not found
O3 - HKU\Ardis_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\Ardis_ON_C\..\Toolbar\WebBrowser: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Cheri_ON_C\..\Toolbar\WebBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKU\Cheri_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\Cheri_ON_C\..\Toolbar\WebBrowser: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Owner_ON_C\..\Toolbar\ShellBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell V310-V510 Series Fax Server] C:\Program Files\Dell V310-V510 Series\fm3032.exe ()
O4 - HKLM..\Run: [dleamon.exe] C:\Program Files\Dell V310-V510 Series\dleamon.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V310-V510 Series\ezprint.exe ()
O4 - HKLM..\Run: [SMCWUSB-N2 Wireless Utility] C:\Program Files\SMC\SMCWUSB-N2\SMCWUSB-N2 Wireless Utility.exe (SMC)
O4 - HKU\.DEFAULT..\Run: [8DDYX0ZBPZ] File not found
O4 - HKU\Cheri_ON_C..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKU\Ardis_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10m_Plugin.exe (Adobe Systems, Inc.)
O4 - HKU\Ardis_ON_C..\RunOnce: [spchecker] C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Ardis_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\Ardis_ON_C\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\Ardis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Cheri_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\Cheri_ON_C\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\Cheri_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Cheri_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\Owner_ON_C\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.co...IEGetPlugin.ocx (get_atlcom Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.3.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://groups.msn.co...UC/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1206044020061 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1206044116797 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/20 15:17:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe - (FUJIFILM Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: 05119454.sys - Driver
SafeBootMin: 16303680.sys - Driver
SafeBootMin: 23164909.sys - Driver
SafeBootMin: 40251803.sys - Driver
SafeBootMin: 42164163.sys - Driver
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: 05119454.sys - Driver
SafeBootNet: 16303680.sys - Driver
SafeBootNet: 23164909.sys - Driver
SafeBootNet: 40251803.sys - Driver
SafeBootNet: 42164163.sys - Driver
SafeBootNet: AFD - C:\WINDOWS\System32\drivers\afd.sys ()
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/01 00:50:18 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/01 00:50:18 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/09/01 00:50:00 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/08/31 23:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheri\Application Data\Malwarebytes
[2011/08/31 23:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/31 22:41:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/31 22:41:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/31 22:41:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/31 22:41:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/31 22:41:18 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/31 22:39:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/31 22:39:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cheri\Start Menu\Programs\Administrative Tools
[2011/08/31 21:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/08/31 21:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/31 21:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/31 21:55:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/29 23:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheri\Desktop\GooredFix Backups
[2011/08/29 23:43:22 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/29 23:39:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/28 23:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell V310-V510 Series
[2011/08/28 16:47:08 | 005,570,008 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_isc_stb_all_2011_1392.exe
[2011/08/28 16:35:43 | 000,000,000 | ---D | C] -- C:\AVGTemp
[2011/08/28 16:34:03 | 001,819,488 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Owner\Desktop\avg_remover_stf_x64_2011_1322.exe
[2011/08/28 16:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2011/08/28 16:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2011/08/28 16:20:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2011/08/28 16:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2011/08/28 16:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities
[2011/08/28 16:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2011/08/28 16:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2011/08/28 16:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer
[2011/08/28 16:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\V310-V510 Series
[2011/08/28 16:18:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2011/08/24 20:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/08/11 22:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheri\Application Data\AVG
[2011/08/11 22:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/08/11 22:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/11 22:52:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/08/11 22:52:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/08/11 22:52:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/08/11 22:52:50 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/11 22:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2011/08/10 23:50:55 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/10 23:50:37 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/08 20:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheri\Application Data\DriverCure
[2011/08/08 20:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheri\Application Data\ParetoLogic
[2011/08/08 20:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheri\Start Menu\Programs\ParetoLogic
[2011/08/08 20:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/08/08 20:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/08/08 20:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/08/07 00:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheri\Local Settings\Application Data\AVG Security Toolbar
[2011/08/07 00:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/06 05:13:50 | 000,218,624 | ---- | C] (Intel Corporation ) -- C:\WINDOWS\System32\terdvw32.dll
[2011/08/06 01:10:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2011/05/12 23:28:12 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacoin.dll
[2011/05/12 23:21:21 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaserv.dll
[2011/05/12 23:21:21 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\dleausb1.dll
[2011/05/12 23:21:21 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dleainpa.dll
[2011/05/12 23:21:21 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\DLEAhcp.dll
[2011/05/12 23:21:21 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaiesc.dll
[2011/05/12 23:21:20 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dleapmui.dll
[2011/05/12 23:21:20 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dlealmpm.dll
[2011/05/12 23:21:19 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dleahbn3.dll
[2011/05/12 23:21:19 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaih.exe
[2011/05/12 23:21:18 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacoms.exe
[2011/05/12 23:21:18 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacomm.dll
[2011/05/12 23:21:17 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacomc.dll
[2011/05/12 23:21:17 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacfg.exe
[2010/08/16 21:56:27 | 002,944,904 | ---- | C] (Ask) -- C:\Program Files\Common Files\AskToolbarInstaller.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/04 03:36:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/04 03:36:39 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/09/04 03:35:24 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\Huvqgeo.job
[2011/09/04 03:35:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3941072378
[2011/09/04 00:02:46 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Cheri\Desktop\Shortcut to OTLPENet.exe.lnk
[2011/09/03 22:33:59 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Cheri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/03 20:31:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/01 00:50:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2011/08/31 22:44:11 | 000,045,328 | -HS- | M] () -- C:\WINDOWS\System32\c_90571.nl_
[2011/08/31 22:43:41 | 000,241,152 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys
[2011/08/31 21:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/08/31 04:47:02 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/08/31 03:02:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/08/30 00:45:29 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/30 00:19:26 | 000,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys
[2011/08/28 23:29:46 | 000,002,568 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/08/28 18:52:19 | 002,933,280 | ---- | M] () -- C:\Documents and Settings\Cheri\Desktop\AVGInstLog.cab
[2011/08/28 18:11:41 | 002,734,204 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AVGInstLog.cab
[2011/08/28 17:04:22 | 001,819,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Owner\Desktop\avg_remover_stf_x64_2011_1322.exe
[2011/08/28 16:47:11 | 005,570,008 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_isc_stb_all_2011_1392.exe
[2011/08/28 16:35:35 | 000,392,456 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\reset_access_avg2011_en.exe
[2011/08/28 16:34:34 | 001,163,104 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avg_remover_stf_x86_2011_1322.exe
[2011/08/28 16:18:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/26 03:02:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/08/23 23:53:42 | 000,000,011 | ---- | M] () -- C:\WINDOWS\3DShadow.INI
[2011/08/11 22:55:16 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Cheri\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/08/11 22:55:16 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Cheri\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/11 22:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/08/11 22:52:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/08/11 22:52:44 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/08/11 22:52:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/08/11 22:52:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/08/11 22:52:44 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/11 20:08:48 | 000,465,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 20:08:48 | 000,079,380 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/08 20:34:23 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/08/07 14:32:23 | 000,524,152 | ---- | M] () -- C:\Documents and Settings\Cheri\Desktop\application.evt
[2011/08/07 14:31:56 | 000,524,128 | ---- | M] () -- C:\Documents and Settings\Cheri\Desktop\system.evt
[2011/08/07 14:30:27 | 000,524,152 | ---- | M] () -- C:\Documents and Settings\Cheri\My Documents\eventvwr.msc
[2011/08/07 14:19:26 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\Cheri\Desktop\MFADatalogs.lnk
[2011/08/07 14:16:13 | 001,302,498 | ---- | M] () -- C:\Documents and Settings\Cheri\Desktop\MSINFO32 application.nfo
[2011/08/07 05:16:04 | 000,000,541 | ---- | M] () -- C:\Documents and Settings\Cheri\.fotki-uploader300-settings.xml
[2011/08/07 00:44:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cheri\Local Settings\Application Data\prvlcl.dat
[2011/08/07 00:13:07 | 000,659,282 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/08/06 21:50:49 | 000,118,272 | RHS- | M] () -- C:\WINDOWS\System32\sqlwoae.dll
[2011/08/06 12:05:29 | 127,161,113 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/06 05:15:45 | 000,001,276 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\jy6cbs1t3n12s636j33wub36654our40e272at7p8
[2011/08/06 05:15:45 | 000,001,276 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jy6cbs1t3n12s636j33wub36654our40e272at7p8
[2011/08/06 05:14:57 | 000,401,408 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ljp.exe
[2011/08/06 05:13:50 | 000,218,624 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\terdvw32.dll
[2011/08/06 05:13:49 | 000,035,840 | ---- | M] () -- C:\WINDOWS\System32\temgvw32.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/04 00:02:46 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Cheri\Desktop\Shortcut to OTLPENet.exe.lnk
[2011/09/01 00:50:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/08/31 22:41:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/31 22:41:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/31 22:41:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/31 22:41:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/31 22:41:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/30 00:01:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3941072378
[2011/08/30 00:01:18 | 000,045,328 | -HS- | C] () -- C:\WINDOWS\System32\c_90571.nl_
[2011/08/29 23:41:11 | 000,163,328 | ---- | C] () -- C:\Documents and Settings\Cheri\My Documents\ERDNT.E_E
[2011/08/29 23:41:11 | 000,157,696 | ---- | C] () -- C:\Documents and Settings\Cheri\My Documents\ERUNT.EXE
[2011/08/29 23:41:11 | 000,140,288 | ---- | C] () -- C:\Documents and Settings\Cheri\My Documents\NTREGOPT.EXE
[2011/08/29 23:41:11 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Cheri\My Documents\AUTOBACK.EXE
[2011/08/29 23:41:11 | 000,004,090 | ---- | C] () -- C:\Documents and Settings\Cheri\My Documents\ERUNT.LOC
[2011/08/29 23:41:11 | 000,003,275 | ---- | C] () -- C:\Documents and Settings\Cheri\My Documents\ERDNTWIN.LOC
[2011/08/29 23:41:11 | 000,002,815 | ---- | C] () -- C:\Documents and Settings\Cheri\My Documents\ERDNTDOS.LOC
[2011/08/29 23:41:11 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\Cheri\My Documents\NTREGOPT.LOC
[2011/08/28 18:11:41 | 002,734,204 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AVGInstLog.cab
[2011/08/28 16:35:35 | 000,392,456 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\reset_access_avg2011_en.exe
[2011/08/28 16:34:34 | 001,163,104 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avg_remover_stf_x86_2011_1322.exe
[2011/08/11 22:55:22 | 000,000,388 | ---- | C] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/08/11 22:55:16 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Cheri\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/08/11 22:55:16 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Cheri\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/08 20:46:30 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/08/08 20:34:23 | 000,000,396 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/08/08 20:33:55 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/08/08 20:33:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/08/08 20:33:51 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/08/07 14:32:23 | 000,524,152 | ---- | C] () -- C:\Documents and Settings\Cheri\Desktop\application.evt
[2011/08/07 14:31:56 | 000,524,128 | ---- | C] () -- C:\Documents and Settings\Cheri\Desktop\system.evt
[2011/08/07 14:30:27 | 000,524,152 | ---- | C] () -- C:\Documents and Settings\Cheri\My Documents\eventvwr.msc
[2011/08/07 14:19:26 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\Cheri\Desktop\MFADatalogs.lnk
[2011/08/07 14:15:04 | 001,302,498 | ---- | C] () -- C:\Documents and Settings\Cheri\Desktop\MSINFO32 application.nfo
[2011/08/07 04:13:44 | 002,933,280 | ---- | C] () -- C:\Documents and Settings\Cheri\Desktop\AVGInstLog.cab
[2011/08/06 21:50:50 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\Huvqgeo.job
[2011/08/06 21:50:49 | 000,118,272 | RHS- | C] () -- C:\WINDOWS\System32\sqlwoae.dll
[2011/08/06 05:15:45 | 000,001,276 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\jy6cbs1t3n12s636j33wub36654our40e272at7p8
[2011/08/06 05:15:45 | 000,001,276 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jy6cbs1t3n12s636j33wub36654our40e272at7p8
[2011/08/06 05:14:57 | 000,401,408 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ljp.exe
[2011/08/06 05:13:49 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\temgvw32.dll
[2011/05/12 23:28:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dleavs.dll
[2011/05/12 23:27:55 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dleagcfg.dll
[2011/05/12 23:27:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dleacuir.dll
[2011/05/12 23:27:52 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dleacui.dll
[2011/05/12 23:24:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DLEAPMON.DLL
[2011/05/12 23:24:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLEAFXPU.DLL
[2011/05/12 23:24:39 | 005,709,824 | ---- | C] () -- C:\WINDOWS\System32\DLEAoem.dll
[2011/05/12 23:24:04 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\DLEAwupd.dll
[2011/05/12 23:24:04 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\DLEAwupd.exe
[2011/05/12 23:21:22 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\DLEAinst.dll
[2011/05/12 23:21:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\dleainsb.dll
[2011/05/12 23:21:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dleajswr.dll
[2011/05/12 23:21:19 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\dleains.dll
[2011/05/12 23:21:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dleagrd.dll
[2011/05/12 23:21:19 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dleainsr.dll
[2011/05/12 23:21:19 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dleacub.dll
[2011/05/12 23:21:18 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\dleacu.dll
[2011/05/12 23:21:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dleacur.dll
[2011/05/12 23:21:17 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\DLEAcfg.dll
[2011/05/12 23:20:33 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\DLEAsm.dll
[2011/05/12 23:20:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DLEAsmr.dll
[2011/04/29 14:35:35 | 000,262,217 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/04/29 14:34:29 | 000,401,525 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll
[2011/03/04 03:19:06 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\LocalService\s-1-5-19.rrr
[2011/02/19 22:45:25 | 000,000,463 | ---- | C] () -- C:\Program Files\0219201120452570.bat
[2011/01/09 01:21:59 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\Cheri\.fotki-uploader300-settings.xml
[2011/01/09 01:20:41 | 000,000,421 | ---- | C] () -- C:\Documents and Settings\Cheri\.lastFolder
[2011/01/08 22:25:29 | 000,000,470 | ---- | C] () -- C:\Program Files\0108201120252895.bat
[2010/12/12 02:12:15 | 000,000,474 | ---- | C] () -- C:\Program Files\121220100121565.bat
[2010/09/04 02:41:31 | 000,000,459 | ---- | C] () -- C:\Program Files\090420101413092.bat
[2010/09/01 00:18:10 | 000,000,468 | ---- | C] () -- C:\Program Files\0831201023181067.bat
[2010/08/24 22:19:24 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/08/21 22:06:44 | 000,000,466 | ---- | C] () -- C:\Program Files\0821201021064406.bat
[2010/08/19 01:14:02 | 000,000,455 | ---- | C] () -- C:\Program Files\081920100140231.bat
[2010/08/17 02:24:09 | 000,352,256 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/15 22:05:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cheri\Local Settings\Application Data\prvlcl.dat
[2010/01/01 04:02:01 | 000,929,792 | ---- | C] () -- C:\Documents and Settings\Owner\s-1-5-21-1220945662-602162358-725345543-1003.rrr
[2010/01/01 04:01:36 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\s-1-5-20.rrr
[2009/08/31 00:27:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/30 19:36:12 | 000,002,655 | ---- | C] () -- C:\Documents and Settings\Cheri\r
[2008/11/12 00:40:17 | 000,000,011 | ---- | C] () -- C:\WINDOWS\3DShadow.INI
[2008/11/12 00:25:56 | 000,044,544 | ---- | C] () -- C:\WINDOWS\AWuninstall.exe
[2008/11/03 00:54:47 | 000,000,073 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2008/11/02 15:11:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ilrw4FVL.exe.a_a
[2008/11/01 18:21:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\DFjW23fK.exe.a_a
[2008/05/26 23:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 23:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 01:05:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/03/31 23:53:59 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/03/31 12:48:41 | 000,000,556 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/03/23 01:12:56 | 000,002,568 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/03/22 19:38:19 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/22 18:21:14 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Cheri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/21 14:13:26 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Ardis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/21 12:33:56 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/03/20 16:45:09 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\igfxtray.exe
[2008/03/20 16:45:08 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\hkcmd.exe
[2008/03/20 16:32:35 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2008/03/20 15:20:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/20 15:14:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/20 09:08:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/20 09:06:47 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 12:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 12:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 12:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/03/22 14:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 14:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,465,494 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys
[2004/08/04 06:00:00 | 000,079,380 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2008/04/17 10:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardis\Application Data\acccore
[2011/04/29 14:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardis\Application Data\AVG10
[2011/04/06 11:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardis\Application Data\AVG9
[2009/10/29 20:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardis\Application Data\FUJIFILM
[2009/10/23 20:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardis\Application Data\Oberonv1001
[2009/11/08 13:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardis\Application Data\Playrix Entertainment
[2010/01/04 13:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardis\Application Data\Windows Desktop Search
[2011/04/08 11:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ardis\Application Data\Windows Search
[2008/03/22 19:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\acccore
[2010/01/26 21:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Alien Skin
[2009/08/25 20:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Amazon
[2011/08/11 23:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\AVG
[2011/04/20 22:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\AVG10
[2011/03/22 18:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\AVG9
[2011/05/13 00:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Catalina Marketing Corp
[2008/12/29 23:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/08 20:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\DriverCure
[2010/11/25 22:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Flood Light Games
[2008/11/02 22:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\FotkiDesktop
[2009/01/27 01:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Foxit
[2008/12/22 03:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\FUJIFILM
[2008/04/13 22:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Jasc
[2009/08/25 21:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\MSNInstaller
[2011/01/02 23:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Oberon Media
[2010/09/05 21:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Oberonv1006
[2011/08/08 20:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\ParetoLogic
[2009/08/02 23:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Pogo Games
[2009/11/30 00:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Registry Mechanic
[2010/08/24 22:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Sudden Games
[2011/05/13 01:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\V310-V510 Series
[2009/01/23 21:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Viewpoint
[2009/12/23 19:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Windows Desktop Search
[2009/12/25 01:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheri\Application Data\Windows Search
[2011/08/28 16:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\V310-V510 Series
[2011/08/28 16:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2011/08/08 21:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/07 05:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/04/20 22:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/03/31 12:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/03/14 13:15:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/25 22:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2009/08/03 23:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/08/29 02:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamesBar
[2010/09/02 00:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/08/30 18:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2011/08/29 02:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/10/23 15:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/10/23 21:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2010/11/25 21:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/08/08 20:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/03/03 00:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2011/04/29 14:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMC Networks, Inc
[2009/03/19 23:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/07/13 23:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2011/09/04 03:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/12 23:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V310-V510 Series
[2008/03/22 19:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/10/28 00:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/17 22:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/09/04 03:36:39 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/09/04 03:35:24 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\Tasks\Huvqgeo.job
[2011/08/08 20:34:23 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2011/08/31 04:47:02 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2011/08/26 03:02:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor Defrag.job
[2011/08/31 03:02:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor.job

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %temp%\smtmp\*.*

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/20 22:26:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/20 22:26:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/20 22:26:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/20 22:26:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IASTOR.SYS >
[2006/05/11 12:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTOSKRNL.EXE >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ntoskrnl.exe
[2008/08/20 22:26:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ntoskrnl.exe
[2008/08/20 22:26:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ntoskrnl.exe
[2009/12/09 01:52:36 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=05BE3D9A71972223AFF6A3C823BA51B1 -- C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[2008/04/13 15:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
[2005/03/01 21:04:22 | 002,179,456 | ---- | M] (Microsoft Corporation) MD5=28187802B7C368C0D3AEF7D4C382AABB -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[2008/08/14 17:11:10 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=31914172342BFF330063F343AC6958FE -- C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[2007/02/28 05:55:14 | 002,182,144 | ---- | M] (Microsoft Corporation) MD5=5A5C8DB4AA962C714C8371FBDF189FC9 -- C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
[2010/12/09 09:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=64C1ADF6DF629F340C5A439FE0EF8ED1 -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[2010/12/09 09:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=64C1ADF6DF629F340C5A439FE0EF8ED1 -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[2010/12/09 09:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=64C1ADF6DF629F340C5A439FE0EF8ED1 -- C:\WINDOWS\system32\ntoskrnl.exe
[2010/04/27 09:50:44 | 002,190,080 | ---- | M] (Microsoft Corporation) MD5=A2ABBEC40CDB57454645D06B7EBD22F5 -- C:\WINDOWS\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[2010/12/09 09:43:18 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=A531BBD3DE13121C1380ED7DC99082DB -- C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[2010/02/16 08:52:12 | 002,190,080 | ---- | M] (Microsoft Corporation) MD5=E1F653A542449D54FA2D27463D99B6B6 -- C:\WINDOWS\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[2009/02/07 20:35:26 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EFE8EACE83EAAD5849A7A548FB75B584 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2009/08/04 09:56:10 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=FDE779EA1A564EBFE16F4E0F82B61BAD -- C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

< MD5 for: NVATABUS.SYS >
[2006/03/16 20:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: UXTHEME.DLL >
[2004/08/04 06:00:00 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=2CDE496666A975A2CE8F969F3042C8DB -- C:\WINDOWS\$NtServicePackUninstall$\uxtheme.dll
[2008/04/13 20:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll
[2008/04/13 20:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOWS\system32\uxtheme.dll

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\*.* >
[2009/12/23 18:58:01 | 000,092,367 | ---- | M] () -- C:\aaw7boot.log
[2008/03/20 15:17:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/03/20 16:34:40 | 000,000,032 | ---- | M] () -- C:\BCMSM.log
[2008/11/10 10:02:52 | 000,027,652 | ---- | M] () -- C:\bold.log
[2010/02/12 03:06:08 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/03 01:43:36 | 000,003,227 | ---- | M] () -- C:\CD3rdPartyWrapper.log
[2008/03/20 15:17:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/11/03 22:44:10 | 000,035,264 | ---- | M] () -- C:\CybDefInstallInfo.log
[2011/07/16 03:44:57 | 000,000,013 | ---- | M] () -- C:\END
[2011/07/16 03:51:01 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2008/03/20 15:17:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/03/20 15:17:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/20 22:40:25 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/09/04 02:23:26 | 000,125,308 | ---- | M] () -- C:\OTL.Txt
[2011/09/04 03:35:17 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2011/09/01 00:38:15 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2011/08/30 00:00:21 | 000,038,840 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_29.08.2011_22.57.40_log.txt
[2011/08/30 00:04:34 | 000,038,932 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_29.08.2011_23.03.28_log.txt
[2011/08/30 00:12:15 | 000,003,994 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_29.08.2011_23.11.56_log.txt
[2011/08/30 00:18:59 | 000,039,152 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_29.08.2011_23.17.36_log.txt
[2011/08/30 00:41:59 | 000,038,932 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_29.08.2011_23.40.42_log.txt
[2011/08/31 02:29:49 | 000,038,870 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_31.08.2011_01.29.01_log.txt
[2011/08/31 22:12:11 | 000,037,564 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_31.08.2011_21.11.33_log.txt
[2011/08/31 22:30:48 | 000,037,564 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_31.08.2011_21.30.16_log.txt
[2011/08/31 23:30:41 | 000,002,152 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_31.08.2011_22.30.35_log.txt

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/12/03 15:35:07 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/12/03 15:35:07 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/12/03 15:35:07 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/12/03 15:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/12/03 15:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/12/03 15:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/11/03 21:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/11/03 21:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/11/03 21:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/11/03 21:11:24 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/12/03 15:35:07 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/12/03 15:35:07 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/12/03 15:35:07 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/12/03 15:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/12/03 15:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/12/03 15:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/11/03 21:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/11/03 21:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/11/03 21:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/11/03 21:11:24 | 002,388,264 | ---- | M] (Apple Inc.)

< CREATERESTOREPOINT >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB58088$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\3941072378:84023317.exe
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:864A52B8
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E999B93
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60D48570
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EFDF5FB
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6622852D
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14168AA3
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB0CD29E
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FAFBD6A
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F34C507
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68DA8CC0
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B87381C
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:860D9052
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D9A374E
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6427C0F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA7BE830
@Alternate Data Stream - 128 bytes -> C:\WINDOWS:nlsPreferences
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1069F99
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EEA9E7B
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:104EF12D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK run this fix - reboot to normal windows and let me know if the problem persists please

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB
[attachment=52271:fix.txt]
  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

#9
Cheri430

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I don't have a USB drive
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets be sneaky

From the nomal mode download the fix.txt to your root drive i.e. C:\fix.txt
Then run the computer from the cd and when you press run fix select the fix that you downloaded to the c drive ... Does that make sense ?
  • 0

Advertisements


#11
Cheri430

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here is the new OTL log...I think this is the latest one.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\25226129 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fafde7ea deleted successfully.
C:\WINDOWS\3941072378 moved successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL moved successfully.
Registry value HKEY_USERS\Ardis_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL not found.
HKU\Cheri_ON_C\Software\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry value HKEY_USERS\Owner_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL not found.
Prefs.js: "192.168.1.1" removed from network.proxy.ftp
Prefs.js: 80 removed from network.proxy.ftp_port
Prefs.js: "192.168.1.1" removed from network.proxy.gopher
Prefs.js: 80 removed from network.proxy.gopher_port
Prefs.js: "192.168.1.1" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "192.168.1.1" removed from network.proxy.socks
Prefs.js: 80 removed from network.proxy.socks_port
Prefs.js: "192.168.1.1" removed from network.proxy.ssl
Prefs.js: 80 removed from network.proxy.ssl_port
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober20342468.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober21673093.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober22643468.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober31909281.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober6168625.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober70122546.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober87919156.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.
File C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL not found.
Registry value HKEY_USERS\Ardis_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\8DDYX0ZBPZ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\05119454.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\16303680.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\23164909.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\40251803.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\42164163.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\05119454.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\16303680.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\23164909.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\40251803.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\42164163.sys\ deleted successfully.
C:\WINDOWS\system32\sqlwoae.dll moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\jy6cbs1t3n12s636j33wub36654our40e272at7p8 moved successfully.
C:\Documents and Settings\All Users\Application Data\jy6cbs1t3n12s636j33wub36654our40e272at7p8 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ljp.exe moved successfully.
File C:\WINDOWS\3941072378 not found.
C:\WINDOWS\tasks\Huvqgeo.job moved successfully.
File C:\WINDOWS\System32\sqlwoae.dll not found.
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\jy6cbs1t3n12s636j33wub36654our40e272at7p8 not found.
File C:\Documents and Settings\All Users\Application Data\jy6cbs1t3n12s636j33wub36654our40e272at7p8 not found.
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\ljp.exe not found.
C:\Documents and Settings\LocalService\s-1-5-19.rrr moved successfully.
C:\Program Files\0219201120452570.bat moved successfully.
C:\Program Files\0108201120252895.bat moved successfully.
C:\Program Files\121220100121565.bat moved successfully.
C:\Program Files\090420101413092.bat moved successfully.
C:\Program Files\0831201023181067.bat moved successfully.
C:\Documents and Settings\Owner\s-1-5-21-1220945662-602162358-725345543-1003.rrr moved successfully.
C:\Documents and Settings\NetworkService\s-1-5-20.rrr moved successfully.
C:\WINDOWS\system32\ilrw4FVL.exe.a_a moved successfully.
C:\WINDOWS\system32\DFjW23fK.exe.a_a moved successfully.
File C:\WINDOWS\Tasks\Huvqgeo.job not found.
Unable to delete ADS C:\WINDOWS\3941072378:84023317.exe .
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\Cheri_ON_C\Software\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Ardis
->Temp folder emptied: 126173996 bytes
->Temporary Internet Files folder emptied: 48329529 bytes
->Java cache emptied: 33624975 bytes
->FireFox cache emptied: 25873068 bytes
->Flash cache emptied: 8276 bytes

User: Cheri
->Temp folder emptied: 1380677047 bytes
->Temporary Internet Files folder emptied: 53740476 bytes
->Java cache emptied: 8109280 bytes
->FireFox cache emptied: 96790166 bytes
->Flash cache emptied: 2066 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 69612 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 7048 bytes
->Temporary Internet Files folder emptied: 244228642 bytes
->Java cache emptied: 813 bytes
->Flash cache emptied: 9332 bytes

User: Owner
->Temp folder emptied: 38243685 bytes
->Temporary Internet Files folder emptied: 17319105 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 560 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 101899 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 129434304 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

Total Files Cleaned = 2,103.00 mb


[EMPTYFLASH]

User: All Users

User: Ardis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Cheri
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <[CREATERESTOREPOINT]> in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 09042011_185900

Edited by Cheri430, 04 September 2011 - 05:34 PM.

  • 0

#12
Cheri430

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
The redirects are still happening. I haven't tried to download AVG again, didn't know if I should.
  • 0

#13
Cheri430

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Still getting the same message that I don't have the right permissions when I click on the AVG Remover. I'm also not allowed to delete the AVG remover .exe, or any .exe that are in my downloads folder.

Edited by Cheri430, 04 September 2011 - 07:38 PM.

  • 0

#14
Cheri430

Cheri430

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Do you know why I'm getting thumbs.db in all my folders and can't get rid of them? What do they do? Is it part of the virus or have I gotten another one. I've been unprotected for a month now and really need to get this solved. Would a reimage or uninstalling/reinstalling Windows be an option that would clean my computer?
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Reimaging is a sure fire and very fast way of clearing the problems that you are experiencing. Thumbs.db are system files and are really of no import at this stage

I have removed the malware that I could see , we could now if you wish try another removal tool that should clear a further portion of your problems

Download and Install Combofix

Download ComboFix from one of the following locations:

When downloading the file rename to winlogon

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP