Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Finish poor performance system slow [Solved]

Started by Valiant108 , Mar 06 2012 09:55 PM

  • This topic is locked This topic is locked

#1
Valiant108
Posted 06 March 2012 - 09:55 PM

Valiant108

    Member

  • Member
  • PipPip
  • 28 posts
At times even when AVG is not updating or running there is a lot of drive activity and 50% of RAM is being used by...something running. I don't know what it is. Also some of my emails disappear. In Word at times all my recent documents do not appear and I have to reestablish the links to the documents one by one to the flash drive. Also LUpdates stopped working months ago and every time I restart the message comes up that this file cannot be found and Windows has no solution or repair.

Please let me know what is wrong because I don't need another system crash. OTL report is below.

OTL logfile created on: 28/02/2012 11:26:51 PM - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = D:\Users\Paul Triska\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.25 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 46.90% Memory free
2.76 Gb Paging File | 1.69 Gb Available in Paging File | 61.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.12 Gb Total Space | 52.91 Gb Free Space | 67.72% Space Free | Partition Type: NTFS
Drive D: | 65.50 Gb Total Space | 55.13 Gb Free Space | 84.17% Space Free | Partition Type: NTFS
Drive K: | 3.74 Gb Total Space | 3.40 Gb Free Space | 91.02% Space Free | Partition Type: FAT32

Computer Name: PAUL-PC | User Name: Paul Triska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/28 22:38:13 | 000,583,680 | ---- | M] (OldTimer Tools) -- D:\Users\Paul Triska\Downloads\OTL.exe
PRC - [2012/02/20 10:19:08 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/02/08 12:40:05 | 001,114,048 | ---- | M] (Discordia, LTD) -- C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2010/05/27 02:46:57 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
PRC - [2009/08/14 05:03:06 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/22 12:42:23 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/20 10:19:07 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/11/03 16:52:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/14 05:03:06 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009/07/30 02:43:15 | 000,475,136 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\sso2mdu.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/27 02:46:57 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/23 12:37:48 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/11 04:33:51 | 001,217,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/02/10 20:48:20 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2009/02/06 02:04:55 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008/06/20 00:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/05/16 11:20:32 | 000,043,008 | ---- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2007/04/03 09:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 30 FF 42 D2 94 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "https://www.google.c...che=2&hl=en-GB"
FF - prefs.js..keyword.URL: "http://search.avg.co...a&lng=en-GB&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 09:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 10:19:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/23 14:28:27 | 000,000,000 | ---D | M]

[2011/03/31 23:02:42 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Extensions
[2012/02/19 16:49:49 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions
[2012/01/25 09:23:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/11 23:18:46 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/01/02 19:29:56 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012/02/19 16:49:49 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\[email protected]
[2011/11/02 21:28:39 | 000,003,700 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\searchplugins\avg-secure-search.xml
[2012/01/02 19:29:53 | 000,003,915 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\searchplugins\sweetim.xml
[2012/02/22 12:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/22 12:47:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/01 09:12:32 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/02/20 10:19:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/22 12:46:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/20 10:19:05 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/20 10:19:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/20 10:19:05 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/20 10:19:05 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/09/02 03:09:24 | 000,002,510 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ShareazaWebSearch.xml
[2012/02/20 10:19:05 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (UrlHelper Class) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (MediaBar) - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\Program Files\Shareaza Applications\MediaBar\ToolBar\shdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\Program Files\Shareaza Applications\MediaBar\ToolBar\shdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7313B9C5-C02A-4D34-AB7E-6E95B1ECA34E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB21E204-3C56-4450-B427-6744F6FC44BC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1939dd05-94b0-11e0-9997-0022b062416d}\Shell - "" = AutoRun
O33 - MountPoints2\{1939dd05-94b0-11e0-9997-0022b062416d}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 10:45:40 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/24 19:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2011
[2012/02/24 15:03:04 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\Adobe
[2012/02/23 12:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2012/02/23 12:19:41 | 000,000,000 | ---D | C] -- C:\rei
[2012/02/23 12:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2012/02/22 12:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/22 12:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/02/20 20:20:03 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Press
[2012/02/20 20:20:02 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\Documents\Microsoft Press
[2012/02/07 15:49:52 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\Access2007Exercises
[2012/01/31 13:31:19 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\Desktop\Paul's Crazy Ideas
[2012/01/31 13:13:46 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\Desktop\Professional Information

========== Files - Modified Within 30 Days ==========

[2012/02/28 23:24:23 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D64CAB60-2A4A-448D-8209-5DB1CF845A03}.job
[2012/02/28 21:57:01 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/28 21:56:53 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/28 21:56:39 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/02/28 21:56:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/28 21:56:30 | 1341,710,336 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/28 11:35:39 | 090,307,428 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/02/27 17:43:44 | 000,368,922 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/27 10:45:51 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/27 10:45:51 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/27 03:46:56 | 000,000,680 | ---- | M] () -- D:\Users\Paul Triska\AppData\Local\d3d9caps.dat
[2012/02/24 15:02:41 | 000,011,254 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\SmarThruOptions.xml
[2012/02/23 12:20:44 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/02/23 11:33:56 | 000,007,680 | ---- | M] () -- D:\Users\Paul Triska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/16 03:32:56 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/15 12:00:41 | 000,060,304 | ---- | M] () -- D:\Users\Paul Triska\g2mdlhlpx.exe
[2012/02/14 14:21:29 | 000,328,633 | ---- | M] () -- D:\Users\Paul Triska\Desktop\DipoOlaEnvelopeNote02132012.pdf
[2012/02/08 00:46:45 | 000,000,755 | ---- | M] () -- D:\Users\Paul Triska\Desktop\Glary Utilities.lnk
[2012/02/07 15:50:09 | 000,299,008 | ---- | M] () -- D:\Users\Paul Triska\Documents\Paul_Feb7_12.accdb
[2012/02/07 15:48:35 | 001,687,552 | ---- | M] () -- D:\Users\Paul Triska\Documents\Assets.accdb
[2012/02/07 15:46:40 | 000,608,133 | ---- | M] () -- D:\Users\Paul Triska\Documents\Assets.accdt
[2012/02/07 15:34:28 | 000,299,008 | ---- | M] () -- D:\Users\Paul Triska\Documents\Database1.accdb

========== Files Created - No Company Name ==========

[2012/02/23 12:20:25 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/02/14 14:21:29 | 000,328,633 | ---- | C] () -- D:\Users\Paul Triska\Desktop\DipoOlaEnvelopeNote02132012.pdf
[2012/02/07 15:46:40 | 000,608,133 | ---- | C] () -- D:\Users\Paul Triska\Documents\Assets.accdt
[2012/02/07 15:46:29 | 001,687,552 | ---- | C] () -- D:\Users\Paul Triska\Documents\Assets.accdb
[2012/02/07 15:35:09 | 000,299,008 | ---- | C] () -- D:\Users\Paul Triska\Documents\Paul_Feb7_12.accdb
[2012/02/07 15:33:10 | 000,299,008 | ---- | C] () -- D:\Users\Paul Triska\Documents\Database1.accdb
[2012/01/10 22:14:04 | 003,730,356 | ---- | C] () -- C:\ProgramData\SamPCFax000013980001
[2011/11/01 22:54:44 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/10/17 01:08:21 | 000,000,680 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\d3d9caps.dat
[2011/01/24 01:44:05 | 000,000,000 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\prvlcl.dat
[2011/01/03 21:55:39 | 000,007,680 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 16:18:52 | 000,011,254 | ---- | C] () -- D:\Users\Paul Triska\AppData\Roaming\SmarThruOptions.xml
[2010/12/27 16:18:50 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2010/12/27 16:18:38 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2010/12/27 16:18:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2010/12/27 16:17:47 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/12/27 16:17:42 | 000,116,016 | ---- | C] () -- C:\Windows\Wiainst.exe
[2010/12/27 16:16:55 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sso2ml3.dll
[2010/12/27 16:16:13 | 000,270,336 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2010/12/27 16:16:13 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2010/12/27 16:16:12 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2010/12/27 16:16:12 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2010/12/04 22:00:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/04 21:35:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/04 21:35:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

========== LOP Check ==========

[2011/12/02 22:57:13 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\AVG
[2011/11/02 22:11:45 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\AVG2012
[2011/08/01 20:10:11 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\Blackberry Desktop
[2011/11/28 00:03:08 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\ConsumerSoft
[2011/11/30 21:16:13 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\EuroTalk
[2011/02/07 04:16:47 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\GlarySoft
[2011/05/12 23:40:53 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\gtk-2.0
[2011/11/27 23:51:09 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\PC Cleaners
[2011/01/12 01:01:32 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\Research In Motion
[2011/11/24 23:40:46 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\uTorrent
[2012/02/28 21:56:39 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/02/28 21:54:46 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/28 23:24:23 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D64CAB60-2A4A-448D-8209-5DB1CF845A03}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 12 March 2012 - 10:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay, could you update me on the current problems please

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Valiant108
Posted 12 March 2012 - 08:46 PM

Valiant108

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Here is the OTL Log


OTL logfile created on: 12/03/2012 7:54:43 PM - Run 4
OTL by OldTimer - Version 3.2.36.3 Folder = D:\Users\Paul Triska\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.25 Gb Total Physical Memory | 0.37 Gb Available Physical Memory | 29.80% Memory free
2.76 Gb Paging File | 1.44 Gb Available in Paging File | 52.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.12 Gb Total Space | 52.72 Gb Free Space | 67.49% Space Free | Partition Type: NTFS
Drive D: | 65.50 Gb Total Space | 54.90 Gb Free Space | 83.82% Space Free | Partition Type: NTFS
Drive F: | 501.73 Mb Total Space | 501.61 Mb Free Space | 99.98% Space Free | Partition Type: FAT

Computer Name: PAUL-PC | User Name: Paul Triska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/12 19:53:57 | 000,594,944 | ---- | M] (OldTimer Tools) -- D:\Users\Paul Triska\Desktop\OTL.exe
PRC - [2012/02/20 11:19:08 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/19 19:59:00 | 001,960,584 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/02/08 13:40:05 | 001,114,048 | ---- | M] (Discordia, LTD) -- C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2010/05/27 03:46:57 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
PRC - [2009/08/14 06:03:06 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/22 13:42:23 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/20 11:19:07 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/11/03 17:52:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/08/14 06:03:06 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/19 19:59:00 | 001,960,584 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/27 03:46:57 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz134)
DRV - [2012/01/17 22:00:32 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/12/19 19:59:06 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/12/19 19:59:06 | 000,038,616 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/12/19 19:59:04 | 000,019,600 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2011/11/23 13:37:48 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/11 05:33:51 | 001,217,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/02/10 21:48:20 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2009/02/06 03:04:55 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008/06/20 01:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/05/16 12:20:32 | 000,043,008 | ---- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2007/04/03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {71C63272-91A7-436a-843D-A1C641D1C626}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{71C63272-91A7-436a-843D-A1C641D1C626}: "URL" = http://search.sharea...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 30 FF 42 D2 94 CB 01 [binary data]
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes,DefaultScope = {71C63272-91A7-436a-843D-A1C641D1C626}
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...DE-5C1879782426
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{31D5F45F-5005-4134-96F7-5E8BD763A97B}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{71C63272-91A7-436a-843D-A1C641D1C626}: "URL" = http://search.sharea...q={searchTerms}
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-10-13 10:05:46&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{A8FB2D5A-21DF-4B75-9805-EC351565FA4B}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://www.google.c...che=2&hl=en-GB"
FF - prefs.js..keyword.URL: "http://search.avg.co...a&lng=en-GB&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 10:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 11:19:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/23 15:28:27 | 000,000,000 | ---D | M]

[2011/04/01 00:02:42 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Extensions
[2012/02/19 17:49:49 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions
[2012/01/25 10:23:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/12 00:18:46 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/01/02 20:29:56 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012/02/19 17:49:49 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\[email protected]
[2011/11/02 22:28:39 | 000,003,700 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\searchplugins\avg-secure-search.xml
[2012/01/02 20:29:53 | 000,003,915 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\searchplugins\sweetim.xml
[2012/02/22 13:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/22 13:47:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/01 10:12:32 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/02/20 11:19:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/22 13:46:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/20 11:19:05 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/20 11:19:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/20 11:19:05 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/20 11:19:05 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/09/02 04:09:24 | 000,002,510 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ShareazaWebSearch.xml
[2012/02/20 11:19:05 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========


O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (UrlHelper Class) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (MediaBar) - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\Program Files\Shareaza Applications\MediaBar\ToolBar\shdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\Program Files\Shareaza Applications\MediaBar\ToolBar\shdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7313B9C5-C02A-4D34-AB7E-6E95B1ECA34E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7313B9C5-C02A-4D34-AB7E-6E95B1ECA34E}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB21E204-3C56-4450-B427-6744F6FC44BC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1939dd05-94b0-11e0-9997-0022b062416d}\Shell - "" = AutoRun
O33 - MountPoints2\{1939dd05-94b0-11e0-9997-0022b062416d}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/12 19:53:53 | 000,594,944 | ---- | C] (OldTimer Tools) -- D:\Users\Paul Triska\Desktop\OTL.exe
[2012/03/09 00:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/03/09 00:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/03/09 00:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/03/09 00:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/03/06 16:08:46 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\Desktop\Miscellaneous
[2012/03/02 15:34:46 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\Apple Computer
[2012/03/01 10:56:58 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\Apple
[2012/02/29 11:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2012/02/24 20:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2011
[2012/02/24 16:03:04 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\Adobe
[2012/02/22 13:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/22 13:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/02/20 21:20:03 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Press
[2012/02/20 21:20:02 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\Documents\Microsoft Press

========== Files - Modified Within 30 Days ==========

[2012/03/12 19:53:57 | 000,594,944 | ---- | M] (OldTimer Tools) -- D:\Users\Paul Triska\Desktop\OTL.exe
[2012/03/12 19:49:36 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2012/03/12 18:11:00 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/12 18:11:00 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/12 18:10:03 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 18:10:01 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 18:09:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/12 18:09:49 | 000,379,632 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/12 09:11:15 | 091,551,840 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/11 17:58:50 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/03/11 17:58:36 | 1341,710,336 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/08 21:41:31 | 000,011,273 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\SmarThruOptions.xml
[2012/03/07 01:20:38 | 000,049,152 | ---- | M] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t.backup
[2012/03/07 01:20:38 | 000,049,152 | ---- | M] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t
[2012/02/29 11:31:18 | 000,000,811 | ---- | M] () -- D:\Users\Paul Triska\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/29 11:20:21 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/29 11:20:21 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/29 11:20:08 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/27 04:46:56 | 000,000,680 | ---- | M] () -- D:\Users\Paul Triska\AppData\Local\d3d9caps.dat
[2012/02/23 13:20:44 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/02/23 12:33:56 | 000,007,680 | ---- | M] () -- D:\Users\Paul Triska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/16 04:32:56 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/15 13:00:41 | 000,060,304 | ---- | M] () -- D:\Users\Paul Triska\g2mdlhlpx.exe
[2012/02/14 15:21:29 | 000,328,633 | ---- | M] () -- D:\Users\Paul Triska\Desktop\DipoOlaEnvelopeNote02132012.pdf

========== Files Created - No Company Name ==========

[2012/03/09 00:09:42 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012/03/06 00:24:15 | 000,049,152 | ---- | C] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t.backup
[2012/03/06 00:03:41 | 000,049,152 | ---- | C] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t
[2012/02/29 11:20:08 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/23 13:20:25 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/02/14 15:21:29 | 000,328,633 | ---- | C] () -- D:\Users\Paul Triska\Desktop\DipoOlaEnvelopeNote02132012.pdf
[2012/01/10 23:14:04 | 003,730,356 | ---- | C] () -- C:\ProgramData\SamPCFax000013980001
[2011/11/01 23:54:44 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/10/17 02:08:21 | 000,000,680 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\d3d9caps.dat
[2011/04/07 09:30:08 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2011/04/07 09:30:06 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2011/04/07 09:30:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2011/01/24 02:44:05 | 000,000,000 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\prvlcl.dat
[2011/01/03 22:55:39 | 000,007,680 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 17:18:52 | 000,011,273 | ---- | C] () -- D:\Users\Paul Triska\AppData\Roaming\SmarThruOptions.xml
[2010/12/27 17:18:50 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2010/12/27 17:18:38 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2010/12/27 17:18:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2010/12/27 17:17:47 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/12/27 17:17:42 | 000,116,016 | ---- | C] () -- C:\Windows\Wiainst.exe
[2010/12/27 17:16:55 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sso2ml3.dll
[2010/12/27 17:16:13 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2010/12/04 23:00:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/04 22:35:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/04 22:35:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

========== LOP Check ==========

[2011/12/02 23:57:13 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\AVG
[2011/11/02 23:11:45 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\AVG2012
[2011/08/01 21:10:11 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\Blackberry Desktop
[2011/11/28 01:03:08 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\ConsumerSoft
[2011/11/30 22:16:13 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\EuroTalk
[2011/02/07 05:16:47 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\GlarySoft
[2011/05/13 00:40:53 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\gtk-2.0
[2011/11/28 00:51:09 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\PC Cleaners
[2011/01/12 02:01:32 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\Research In Motion
[2011/11/25 00:40:46 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\uTorrent
[2012/03/11 17:58:50 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/03/09 16:38:36 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: EXPLORER.EXE >
[2010/12/04 18:27:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/12/04 18:27:32 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/12/04 18:27:32 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/12/04 19:31:14 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/12/04 19:31:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010/12/04 18:27:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{7313B9C5-C02A-4D34-AB7E-6E95B1ECA34E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A11A069F-3D93-4B21-91A0-184A400E5BF0}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{CB21E204-3C56-4450-B427-6744F6FC44BC}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/19 01:55:45 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 05 01 03 01 00 01 07 01 06 01 04 01 02 01 01 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 05:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


Here is the aswMBR log
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-12 22:21:29
-----------------------------
22:21:29.626 OS Version: Windows 6.0.6002 Service Pack 2
22:21:29.626 Number of processors: 1 586 0x5F02
22:21:29.628 ComputerName: PAUL-PC UserName:
22:22:05.241 Initialize success
22:23:45.608 AVAST engine defs: 12031200
22:23:58.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
22:23:58.102 Disk 0 Vendor: Hitachi_ P22O Size: 157066MB BusType: 6
22:23:58.126 Disk 0 MBR read successfully
22:23:58.136 Disk 0 MBR scan
22:23:58.168 Disk 0 Windows VISTA default MBR code
22:23:58.175 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9993 MB offset 63
22:23:58.203 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 80000 MB offset 20467712
22:23:58.245 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 67071 MB offset 184307712
22:23:58.277 Disk 0 scanning sectors +321669120
22:23:58.358 Disk 0 scanning C:\Windows\system32\drivers
22:24:18.132 Service scanning
22:24:53.131 Modules scanning
22:25:00.964 Disk 0 trace - called modules:
22:25:01.436 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys dxgkrnl.sys nvlddmkm.sys watchdog.sys tcpip.sys NETIO.SYS ndis.sys rdbss.sys athr.sys spsys.sys
22:25:01.451 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851deac8]
22:25:01.462 3 CLASSPNP.SYS[82b9d8b3] -> nt!IofCallDriver -> [0x83d2fde8]
22:25:01.478 5 acpi.sys[806146bc] -> nt!IofCallDriver -> \Device\0000005c[0x83d2d818]
22:25:02.029 AVAST engine scan C:\Windows
22:25:12.906 AVAST engine scan C:\Windows\system32
22:31:34.132 AVAST engine scan C:\Windows\system32\drivers
22:31:56.445 AVAST engine scan D:\Users\Paul Triska
22:40:32.687 AVAST engine scan C:\ProgramData
22:42:07.376 Scan finished successfully
22:43:19.132 Disk 0 MBR has been saved successfully to "D:\Users\Paul Triska\Desktop\MBR.dat"
22:43:19.140 The log file has been saved successfully to "D:\Users\Paul Triska\Desktop\aswMBR.txt"

Hope you can help
Regards
Valiant108
  • 0

#4
Essexboy
Posted 13 March 2012 - 03:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this could you let me know if the disc drive activity is reduced

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {71C63272-91A7-436a-843D-A1C641D1C626}
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/
    IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
    IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{71C63272-91A7-436a-843D-A1C641D1C626}: "URL" = http://search.sharea...q={searchTerms}
    [2010/09/02 04:09:24 | 000,002,510 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ShareazaWebSearch.xml
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    O2 - BHO: (UrlHelper Class) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
    O2 - BHO: (MediaBar) - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\Program Files\Shareaza Applications\MediaBar\ToolBar\shdtxmltbpi.dll ()
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (MediaBar) - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\Program Files\Shareaza Applications\MediaBar\ToolBar\shdtxmltbpi.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O20 - AppInit_DLLs: (C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngr.dll (Discordia, LTD)
    O20 - AppInit_DLLs: (C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)


    :Files
    ipconfig /flushdns /c
    C:\Program Files\Shareaza Applications
    C:\Program Files\uTorrentBar
    :Commands

    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#5
Valiant108
Posted 13 March 2012 - 09:35 AM

Valiant108

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Here is the log:

OTL logfile created on: 13/03/2012 11:21:30 AM - Run 5
OTL by OldTimer - Version 3.2.36.3 Folder = D:\Users\Paul Triska\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.25 Gb Total Physical Memory | 0.40 Gb Available Physical Memory | 32.02% Memory free
2.76 Gb Paging File | 1.50 Gb Available in Paging File | 54.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.12 Gb Total Space | 52.24 Gb Free Space | 66.87% Space Free | Partition Type: NTFS
Drive D: | 65.50 Gb Total Space | 54.96 Gb Free Space | 83.90% Space Free | Partition Type: NTFS
Drive F: | 501.73 Mb Total Space | 501.61 Mb Free Space | 99.98% Space Free | Partition Type: FAT

Computer Name: PAUL-PC | User Name: Paul Triska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/12 19:53:57 | 000,594,944 | ---- | M] (OldTimer Tools) -- D:\Users\Paul Triska\Desktop\OTL.exe
PRC - [2012/02/20 11:19:08 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/21 01:41:44 | 006,676,808 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2011/12/19 19:59:00 | 001,960,584 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/05/27 03:46:57 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
PRC - [2009/08/14 06:03:06 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/22 13:42:23 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/20 11:19:07 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/11/03 17:52:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/14 06:03:06 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/19 19:59:00 | 001,960,584 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/27 03:46:57 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz134)
DRV - [2012/01/17 22:00:32 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/12/19 19:59:06 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/12/19 19:59:06 | 000,038,616 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/12/19 19:59:04 | 000,019,600 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2011/11/23 13:37:48 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/11 05:33:51 | 001,217,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/02/10 21:48:20 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2009/02/06 03:04:55 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008/06/20 01:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/05/16 12:20:32 | 000,043,008 | ---- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2007/04/03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{71C63272-91A7-436a-843D-A1C641D1C626}: "URL" = http://search.sharea...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 30 FF 42 D2 94 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {71C63272-91A7-436a-843D-A1C641D1C626}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...DE-5C1879782426
IE - HKCU\..\SearchScopes\{31D5F45F-5005-4134-96F7-5E8BD763A97B}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-10-13 10:05:46&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A8FB2D5A-21DF-4B75-9805-EC351565FA4B}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://www.google.c...che=2&hl=en-GB"
FF - prefs.js..keyword.URL: "http://search.avg.co...a&lng=en-GB&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 10:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 11:19:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/23 15:28:27 | 000,000,000 | ---D | M]

[2011/04/01 00:02:42 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Extensions
[2012/02/19 17:49:49 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions
[2012/01/25 10:23:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/12 00:18:46 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/01/02 20:29:56 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012/02/19 17:49:49 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\[email protected]
[2011/11/02 22:28:39 | 000,003,700 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\searchplugins\avg-secure-search.xml
[2012/01/02 20:29:53 | 000,003,915 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\searchplugins\sweetim.xml
[2012/02/22 13:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/22 13:47:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/01 10:12:32 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/02/20 11:19:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/22 13:46:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/20 11:19:05 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/20 11:19:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/20 11:19:05 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/20 11:19:05 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/20 11:19:05 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========


O1 HOSTS File: ([2012/03/13 11:03:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\DATAMN~1.EXE File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7313B9C5-C02A-4D34-AB7E-6E95B1ECA34E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7313B9C5-C02A-4D34-AB7E-6E95B1ECA34E}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB21E204-3C56-4450-B427-6744F6FC44BC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1939dd05-94b0-11e0-9997-0022b062416d}\Shell - "" = AutoRun
O33 - MountPoints2\{1939dd05-94b0-11e0-9997-0022b062416d}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/13 11:02:58 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012/03/12 22:20:41 | 004,730,880 | ---- | C] (AVAST Software) -- D:\Users\Paul Triska\Desktop\aswMBR.exe
[2012/03/12 19:53:53 | 000,594,944 | ---- | C] (OldTimer Tools) -- D:\Users\Paul Triska\Desktop\OTL.exe
[2012/03/09 00:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/03/09 00:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/03/09 00:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/03/09 00:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/03/06 16:08:46 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\Desktop\Miscellaneous
[2012/03/02 15:34:46 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\Apple Computer
[2012/03/01 10:56:58 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\Apple
[2012/02/29 11:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2012/02/24 20:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2011
[2012/02/24 16:03:04 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\Adobe
[2012/02/22 13:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/22 13:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/02/20 21:20:03 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Press
[2012/02/20 21:20:02 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\Documents\Microsoft Press

========== Files - Modified Within 30 Days ==========

[2012/03/13 11:22:21 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2012/03/13 11:18:15 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/13 11:18:15 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/13 11:14:26 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/13 11:14:22 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/13 11:12:50 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/03/13 11:12:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/13 11:12:35 | 1341,710,336 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/13 11:03:28 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/03/13 10:28:39 | 091,663,547 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/12 22:43:19 | 000,000,512 | ---- | M] () -- D:\Users\Paul Triska\Desktop\MBR.dat
[2012/03/12 22:20:51 | 004,730,880 | ---- | M] (AVAST Software) -- D:\Users\Paul Triska\Desktop\aswMBR.exe
[2012/03/12 19:53:57 | 000,594,944 | ---- | M] (OldTimer Tools) -- D:\Users\Paul Triska\Desktop\OTL.exe
[2012/03/12 18:09:49 | 000,379,632 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/08 21:41:31 | 000,011,273 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\SmarThruOptions.xml
[2012/03/07 01:20:38 | 000,049,152 | ---- | M] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t.backup
[2012/03/07 01:20:38 | 000,049,152 | ---- | M] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t
[2012/02/29 11:31:18 | 000,000,811 | ---- | M] () -- D:\Users\Paul Triska\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/29 11:20:21 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/29 11:20:21 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/29 11:20:08 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/27 04:46:56 | 000,000,680 | ---- | M] () -- D:\Users\Paul Triska\AppData\Local\d3d9caps.dat
[2012/02/23 13:20:44 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/02/23 12:33:56 | 000,007,680 | ---- | M] () -- D:\Users\Paul Triska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/16 04:32:56 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/15 13:00:41 | 000,060,304 | ---- | M] () -- D:\Users\Paul Triska\g2mdlhlpx.exe
[2012/02/14 15:21:29 | 000,328,633 | ---- | M] () -- D:\Users\Paul Triska\Desktop\DipoOlaEnvelopeNote02132012.pdf

========== Files Created - No Company Name ==========

[2012/03/12 22:43:19 | 000,000,512 | ---- | C] () -- D:\Users\Paul Triska\Desktop\MBR.dat
[2012/03/09 00:09:42 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012/03/06 00:24:15 | 000,049,152 | ---- | C] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t.backup
[2012/03/06 00:03:41 | 000,049,152 | ---- | C] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t
[2012/02/29 11:20:08 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/23 13:20:25 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/02/14 15:21:29 | 000,328,633 | ---- | C] () -- D:\Users\Paul Triska\Desktop\DipoOlaEnvelopeNote02132012.pdf
[2012/01/10 23:14:04 | 003,730,356 | ---- | C] () -- C:\ProgramData\SamPCFax000013980001
[2011/11/01 23:54:44 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/10/17 02:08:21 | 000,000,680 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\d3d9caps.dat
[2011/04/07 09:30:08 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2011/04/07 09:30:06 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2011/04/07 09:30:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2011/01/24 02:44:05 | 000,000,000 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\prvlcl.dat
[2011/01/03 22:55:39 | 000,007,680 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 17:18:52 | 000,011,273 | ---- | C] () -- D:\Users\Paul Triska\AppData\Roaming\SmarThruOptions.xml
[2010/12/27 17:18:50 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2010/12/27 17:18:38 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2010/12/27 17:18:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2010/12/27 17:17:47 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/12/27 17:17:42 | 000,116,016 | ---- | C] () -- C:\Windows\Wiainst.exe
[2010/12/27 17:16:55 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sso2ml3.dll
[2010/12/27 17:16:13 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2010/12/04 23:00:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/04 22:35:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/04 22:35:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

========== LOP Check ==========

[2011/12/02 23:57:13 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\AVG
[2011/11/02 23:11:45 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\AVG2012
[2011/08/01 21:10:11 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\Blackberry Desktop
[2011/11/28 01:03:08 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\ConsumerSoft
[2011/11/30 22:16:13 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\EuroTalk
[2011/02/07 05:16:47 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\GlarySoft
[2011/05/13 00:40:53 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\gtk-2.0
[2011/11/28 00:51:09 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\PC Cleaners
[2011/01/12 02:01:32 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\Research In Motion
[2011/11/25 00:40:46 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\uTorrent
[2012/03/13 11:12:50 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/03/13 11:10:59 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


I am now running the scan suggested.
Regards
Paul
  • 0

#6
Valiant108
Posted 13 March 2012 - 09:39 AM

Valiant108

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Farbar Service Scanner Version: 01-03-2012
Ran by Paul Triska (administrator) on 13-03-2012 at 11:37:43
Running from "D:\Users\Paul Triska\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
Attention! D:\Program Files\Windows Defender\MpSvc.dll is missing.
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

That was a fast scan.
What is the nature of the repairs done?
Regards
Paul
  • 0

#7
Essexboy
Posted 13 March 2012 - 10:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Farbar was just scanning the security registry and files for me - to confirm that they are OK .. Which they are

What are the main problems you are currently experiencing
  • 0

#8
Valiant108
Posted 13 March 2012 - 11:13 AM

Valiant108

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
What I'm experiencing is high memory usage, LUpdate did not work, I regularly lose the links between MS Word and the files and need to manually reestablish them, it takes a long time as much as 15 minutes to attach a Word document(10-15Kb) to a gmail, Mozilla browser email.

I was told to ask,my default antivirus is AVG, however I still have traces of Malware bytes and also I recently installed COMODO Security software on my PC(30 day trial) which I cannot uninstall. Finally I uninstalled Simply Accounting over a year ago and while it does not show on my Programs list I saw it appear on the scan so I do not know how to delete the remaining traces of it. At one time I also had Norton Security but I believe
I uninstalled it over a year ago.
Regard
Paul
  • 0

#9
Essexboy
Posted 13 March 2012 - 12:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK LUpdate is a part of Norton antivirus

Download the Norton removal tool and run

Commodo does not appear to have an uninstaller and according to their forum is a bit of a nightmare to remove if it does not go properly

I will see what else I can find on that

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#10
Valiant108
Posted 13 March 2012 - 08:41 PM

Valiant108

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
H, here is the combofix log:

ComboFix 12-03-13.01 - Paul Triska 13/03/2012 22:06:01.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.1279.410 [GMT -4:00]
Running from: d:\users\Paul Triska\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
d:\users\Paul Triska\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-13 15:02 . 2012-03-13 15:02 -------- d-----w- C:\VritualRoot
2012-03-09 04:12 . 2012-03-09 04:18 -------- d-----w- c:\programdata\CPA_VA
2012-03-09 04:09 . 2012-03-14 01:51 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-03-09 04:00 . 2012-03-09 04:12 -------- d-----w- c:\programdata\Comodo
2012-03-09 04:00 . 2012-03-09 04:19 -------- d-----w- c:\program files\Comodo
2012-03-09 04:00 . 2012-03-09 04:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-09 04:00 . 2012-03-09 04:00 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-03-09 04:00 . 2012-03-09 04:00 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-03-02 19:34 . 2012-03-02 19:34 -------- d-----w- d:\users\Paul Triska\AppData\Local\Apple Computer
2012-03-01 14:56 . 2012-03-01 14:56 -------- d-----w- d:\users\Paul Triska\AppData\Local\Apple
2012-02-29 15:19 . 2012-02-29 15:19 386560 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-02-29 15:19 . 2012-02-29 15:19 22016 ----a-w- c:\program files\Internet Explorer\ExtExport.exe
2012-02-29 15:19 . 2012-02-29 15:19 149504 ----a-w- c:\program files\Internet Explorer\jsprofilerui.dll
2012-02-29 15:03 . 2012-03-01 01:38 -------- d-----w- c:\programdata\iolo
2012-02-24 20:03 . 2012-02-24 20:03 -------- d-----w- d:\users\Paul Triska\AppData\Local\Adobe
2012-02-22 17:47 . 2012-02-22 17:47 -------- d-----w- c:\program files\Common Files\Java
2012-02-22 17:41 . 2012-02-22 17:41 -------- d-----w- c:\programdata\McAfee
2012-02-15 15:01 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 15:01 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 15:01 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 17:46 . 2010-12-05 23:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-22 17:42 . 2011-05-17 17:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-18 02:00 . 2012-01-18 02:00 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 23:59 . 2011-12-19 23:59 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 23:59 . 2011-12-19 23:59 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 23:59 . 2011-12-19 23:59 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 23:58 . 2011-12-19 23:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 23:58 . 2011-12-19 23:58 301224 ----a-w- c:\windows\system32\guard32.dll
2012-02-20 15:19 . 2011-10-02 02:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-14 614400]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...de418e30281753" [?]
.
d:\users\Paul Triska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2011-12-21 05:41 6676808 ----a-w- c:\program files\Comodo\COMODO Internet Security\cfp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 19:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-07-27 00:33]
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7313B9C5-C02A-4D34-AB7E-6E95B1ECA34E}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - d:\users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&ss=1&scc=1&ltmpl=default&ltmplcache=2&hl=en-GB
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dd2a9ef&v=7.005.030.004&i=26&tp=ab&iy=&ychte=ca&lng=en-GB&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DATAMNGR - c:\progra~1\SHAREA~1\MediaBar\Datamngr\DATAMN~1.EXE
AddRemove-Shareaza 3 MediaBar - c:\program files\Shareaza Applications\MediaBar\uninstall.exe
AddRemove-uTorrentBar Toolbar - c:\program files\uTorrentBar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-13 22:13
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\guard32.dll
.
Completion time: 2012-03-13 22:18:43
ComboFix-quarantined-files.txt 2012-03-14 02:18
.
Pre-Run: 55,783,575,552 bytes free
Post-Run: 55,602,696,192 bytes free
.
- - End Of File - - F1DEB23B68382F5CE3D73A90BD720B28

What's it all mean?
Regards
P
  • 0

Advertisements

#11
Valiant108
Posted 13 March 2012 - 10:47 PM

Valiant108

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Yo Essex,

Just after midnight a lot of drive activity started up. Task manager shows activity in avgtray, dwm, apparently I have 147,000 KB in firefox.exe, csrss.exe had activity and explorer.exe was opened as well. Yet AVG shows its not running updates or scans and there are no indications other than the hard drive light on that anything is being updated. I have upto 75% CPU usage no 85% and 70% of memory is being taken up after running for half an hour. Now I see that 100% of the CPU is being used. By the way I still get a window opening that advises me that LUpdate is not working.
Regards
Paul
  • 0

#12
Essexboy
Posted 14 March 2012 - 05:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

OK lets try to clear this

First download and install Revo Uninstaller Free

From the comodo control panel disable Defense +

Use this to uninstall Comodo

Then download the Comodo uninstaller from here and run as administrator

On completion could you run a fresh OTL scan for me please selecting all users and I will remove the residue
  • 0

#13
Valiant108
Posted 14 March 2012 - 09:32 AM

Valiant108

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
OTL logfile created on: 14/03/2012 11:18:28 AM - Run 6
OTL by OldTimer - Version 3.2.36.3 Folder = D:\Users\Paul Triska\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.25 Gb Total Physical Memory | 0.38 Gb Available Physical Memory | 30.48% Memory free
2.76 Gb Paging File | 1.60 Gb Available in Paging File | 57.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.12 Gb Total Space | 50.92 Gb Free Space | 65.17% Space Free | Partition Type: NTFS
Drive D: | 65.50 Gb Total Space | 54.81 Gb Free Space | 83.67% Space Free | Partition Type: NTFS
Drive F: | 501.73 Mb Total Space | 501.61 Mb Free Space | 99.98% Space Free | Partition Type: FAT
Drive K: | 3.74 Gb Total Space | 3.40 Gb Free Space | 91.00% Space Free | Partition Type: FAT32

Computer Name: PAUL-PC | User Name: Paul Triska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/12 19:53:57 | 000,594,944 | ---- | M] (OldTimer Tools) -- D:\Users\Paul Triska\Desktop\OTL.exe
PRC - [2012/02/20 11:19:08 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/05/27 03:46:57 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
PRC - [2009/08/14 06:03:06 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/22 13:42:23 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/20 11:19:07 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/08/14 06:03:06 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/27 03:46:57 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2011/11/23 13:37:48 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/11 05:33:51 | 001,217,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/02/10 21:48:20 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2009/02/06 03:04:55 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008/06/20 01:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/05/16 12:20:32 | 000,043,008 | ---- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2007/04/03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{71C63272-91A7-436a-843D-A1C641D1C626}: "URL" = http://search.sharea...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 30 FF 42 D2 94 CB 01 [binary data]
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes,DefaultScope = {71C63272-91A7-436a-843D-A1C641D1C626}
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...DE-5C1879782426
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{31D5F45F-5005-4134-96F7-5E8BD763A97B}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-10-13 10:05:46&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{A8FB2D5A-21DF-4B75-9805-EC351565FA4B}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://www.google.c...che=2&hl=en-GB"
FF - prefs.js..keyword.URL: "http://search.avg.co...a&lng=en-GB&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 10:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 11:19:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/23 15:28:27 | 000,000,000 | ---D | M]

[2011/04/01 00:02:42 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Extensions
[2012/02/19 17:49:49 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions
[2012/01/25 10:23:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/12 00:18:46 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/01/02 20:29:56 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012/02/19 17:49:49 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\[email protected]
[2011/11/02 22:28:39 | 000,003,700 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\searchplugins\avg-secure-search.xml
[2012/01/02 20:29:53 | 000,003,915 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\searchplugins\sweetim.xml
[2012/03/13 22:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/22 13:47:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/01 10:12:32 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/02/20 11:19:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/22 13:46:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/20 11:19:05 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/20 11:19:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/20 11:19:05 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/20 11:19:05 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/20 11:19:05 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========


O1 HOSTS File: ([2012/03/13 22:13:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7313B9C5-C02A-4D34-AB7E-6E95B1ECA34E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7313B9C5-C02A-4D34-AB7E-6E95B1ECA34E}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB21E204-3C56-4450-B427-6744F6FC44BC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (c:\Windows\System32\guard32.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/14 10:54:52 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Roaming\Uninstaller Tool(Comodo Forums)
[2012/03/14 10:17:44 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\VS Revo Group
[2012/03/14 10:17:30 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2012/03/14 10:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2012/03/14 10:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/03/14 10:14:02 | 007,895,528 | ---- | C] (VS Revo Group ) -- D:\Users\Paul Triska\Desktop\RevoUninProSetup.exe
[2012/03/13 22:18:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/13 22:18:46 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\temp
[2012/03/13 22:18:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/13 22:03:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/13 22:03:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/13 22:03:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/13 22:03:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/13 21:59:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/13 21:57:19 | 004,434,769 | R--- | C] (Swearware) -- D:\Users\Paul Triska\Desktop\ComboFix.exe
[2012/03/12 22:20:41 | 004,730,880 | ---- | C] (AVAST Software) -- D:\Users\Paul Triska\Desktop\aswMBR.exe
[2012/03/12 19:53:53 | 000,594,944 | ---- | C] (OldTimer Tools) -- D:\Users\Paul Triska\Desktop\OTL.exe
[2012/03/09 00:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/03/06 16:08:46 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\Desktop\Miscellaneous
[2012/03/02 15:34:46 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\Apple Computer
[2012/03/01 10:56:58 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\Apple
[2012/02/29 11:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2012/02/24 20:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2011
[2012/02/24 16:03:04 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\Adobe
[2012/02/22 13:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/22 13:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/02/20 21:20:03 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Press
[2012/02/20 21:20:02 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\Documents\Microsoft Press

========== Files - Modified Within 30 Days ==========

[2012/03/14 11:20:37 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/14 11:20:37 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/14 11:15:15 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 11:15:15 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 11:14:53 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/03/14 11:14:22 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/14 11:14:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/14 11:13:21 | 1339,658,240 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/14 10:14:12 | 007,895,528 | ---- | M] (VS Revo Group ) -- D:\Users\Paul Triska\Desktop\RevoUninProSetup.exe
[2012/03/14 09:32:45 | 091,761,561 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/13 22:13:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/13 21:57:39 | 004,434,769 | R--- | M] (Swearware) -- D:\Users\Paul Triska\Desktop\ComboFix.exe
[2012/03/13 21:51:48 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2012/03/13 21:34:49 | 000,920,096 | ---- | M] () -- D:\Users\Paul Triska\Desktop\Norton_Removal_Tool.exe
[2012/03/13 18:07:30 | 000,379,724 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/13 11:36:55 | 000,337,137 | ---- | M] () -- D:\Users\Paul Triska\Desktop\FSS.exe
[2012/03/12 22:43:19 | 000,000,512 | ---- | M] () -- D:\Users\Paul Triska\Desktop\MBR.dat
[2012/03/12 22:20:51 | 004,730,880 | ---- | M] (AVAST Software) -- D:\Users\Paul Triska\Desktop\aswMBR.exe
[2012/03/12 19:53:57 | 000,594,944 | ---- | M] (OldTimer Tools) -- D:\Users\Paul Triska\Desktop\OTL.exe
[2012/03/08 21:41:31 | 000,011,273 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\SmarThruOptions.xml
[2012/03/07 01:20:38 | 000,049,152 | ---- | M] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t.backup
[2012/03/07 01:20:38 | 000,049,152 | ---- | M] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t
[2012/02/29 11:31:18 | 000,000,811 | ---- | M] () -- D:\Users\Paul Triska\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/29 11:20:21 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/29 11:20:21 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/29 11:20:08 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/27 04:46:56 | 000,000,680 | ---- | M] () -- D:\Users\Paul Triska\AppData\Local\d3d9caps.dat
[2012/02/23 13:20:44 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/02/23 12:33:56 | 000,007,680 | ---- | M] () -- D:\Users\Paul Triska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/14 15:21:29 | 000,328,633 | ---- | M] () -- D:\Users\Paul Triska\Desktop\DipoOlaEnvelopeNote02132012.pdf

========== Files Created - No Company Name ==========

[2012/03/13 22:03:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/13 22:03:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/13 22:03:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/13 22:03:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/13 22:03:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/13 21:34:47 | 000,920,096 | ---- | C] () -- D:\Users\Paul Triska\Desktop\Norton_Removal_Tool.exe
[2012/03/13 11:36:51 | 000,337,137 | ---- | C] () -- D:\Users\Paul Triska\Desktop\FSS.exe
[2012/03/12 22:43:19 | 000,000,512 | ---- | C] () -- D:\Users\Paul Triska\Desktop\MBR.dat
[2012/03/09 00:09:42 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012/03/06 00:24:15 | 000,049,152 | ---- | C] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t.backup
[2012/03/06 00:03:41 | 000,049,152 | ---- | C] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t
[2012/02/29 11:20:08 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/23 13:20:25 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/02/14 15:21:29 | 000,328,633 | ---- | C] () -- D:\Users\Paul Triska\Desktop\DipoOlaEnvelopeNote02132012.pdf
[2012/01/10 23:14:04 | 003,730,356 | ---- | C] () -- C:\ProgramData\SamPCFax000013980001
[2011/11/01 23:54:44 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/10/17 02:08:21 | 000,000,680 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\d3d9caps.dat
[2011/04/07 09:30:08 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2011/04/07 09:30:06 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2011/04/07 09:30:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2011/01/24 02:44:05 | 000,000,000 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\prvlcl.dat
[2011/01/03 22:55:39 | 000,007,680 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 17:18:52 | 000,011,273 | ---- | C] () -- D:\Users\Paul Triska\AppData\Roaming\SmarThruOptions.xml
[2010/12/27 17:18:50 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2010/12/27 17:18:38 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2010/12/27 17:18:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2010/12/27 17:17:47 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/12/27 17:17:42 | 000,116,016 | ---- | C] () -- C:\Windows\Wiainst.exe
[2010/12/27 17:16:55 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sso2ml3.dll
[2010/12/27 17:16:13 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2010/12/04 23:00:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/04 22:35:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/04 22:35:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

========== LOP Check ==========

[2011/12/02 23:57:13 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\AVG
[2011/11/02 23:11:45 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\AVG2012
[2011/08/01 21:10:11 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\Blackberry Desktop
[2011/11/28 01:03:08 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\ConsumerSoft
[2011/11/30 22:16:13 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\EuroTalk
[2011/02/07 05:16:47 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\GlarySoft
[2011/05/13 00:40:53 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\gtk-2.0
[2011/11/28 00:51:09 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\PC Cleaners
[2011/01/12 02:01:32 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\Research In Motion
[2012/03/14 10:54:57 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\Uninstaller Tool(Comodo Forums)
[2011/11/25 00:40:46 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\uTorrent
[2012/03/14 11:14:53 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/03/14 11:07:25 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


I can't really notice any great improvement. LUpdate is not working continues to come up on reboot, speed of loading my regular program is a little better, maybe going forward the differences will become more pronounced.
Regard
P
  • 0

#14
Essexboy
Posted 14 March 2012 - 10:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like most of Comodo has gone, after this run I will search for LUpdate as I can not see it on the logs

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes\{71C63272-91A7-436a-843D-A1C641D1C626}: "URL" = http://search.sharea...q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
    O20 - AppInit_DLLs: (c:\Windows\System32\guard32.dll) - File not found
    [2012/03/14 10:54:52 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Roaming\Uninstaller Tool(Comodo Forums)
    [2012/03/13 21:34:49 | 000,920,096 | ---- | M] () -- D:\Users\Paul Triska\Desktop\Norton_Removal_Tool.exe
    [2012/03/14 10:54:57 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\Uninstaller Tool(Comodo Forums)
    [2011/11/25 00:40:46 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\uTorrent

    :Files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: 
    :filefind 
norton
symantec
lupdate

:regfind
lupdate
norton
symantec

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#15
Valiant108
Posted 14 March 2012 - 03:05 PM

Valiant108

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Here is the OTL log, followed by SystemLook

OTL logfile created on: 14/03/2012 4:43:57 PM - Run 7
OTL by OldTimer - Version 3.2.36.3 Folder = D:\Users\Paul Triska\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.25 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 50.69% Memory free
2.76 Gb Paging File | 1.93 Gb Available in Paging File | 69.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.12 Gb Total Space | 50.84 Gb Free Space | 65.08% Space Free | Partition Type: NTFS
Drive D: | 65.50 Gb Total Space | 54.85 Gb Free Space | 83.74% Space Free | Partition Type: NTFS
Drive F: | 501.73 Mb Total Space | 501.61 Mb Free Space | 99.98% Space Free | Partition Type: FAT
Drive K: | 3.74 Gb Total Space | 3.40 Gb Free Space | 91.00% Space Free | Partition Type: FAT32

Computer Name: PAUL-PC | User Name: Paul Triska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/12 19:53:57 | 000,594,944 | ---- | M] (OldTimer Tools) -- D:\Users\Paul Triska\Desktop\OTL.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/05/27 03:46:57 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
PRC - [2009/08/14 06:03:06 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2009/08/14 06:03:06 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/27 03:46:57 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2011/11/23 13:37:48 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/11 05:33:51 | 001,217,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/02/10 21:48:20 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2009/02/06 03:04:55 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008/06/20 01:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/05/16 12:20:32 | 000,043,008 | ---- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2007/04/03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 30 FF 42 D2 94 CB 01 [binary data]
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes,DefaultScope = {71C63272-91A7-436a-843D-A1C641D1C626}
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...DE-5C1879782426
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{31D5F45F-5005-4134-96F7-5E8BD763A97B}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-10-13 10:05:46&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{A8FB2D5A-21DF-4B75-9805-EC351565FA4B}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://www.google.c...che=2&hl=en-GB"
FF - prefs.js..keyword.URL: "http://search.avg.co...a&lng=en-GB&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 10:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 11:19:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/23 15:28:27 | 000,000,000 | ---D | M]

[2011/04/01 00:02:42 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Extensions
[2012/02/19 17:49:49 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions
[2012/01/25 10:23:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/12 00:18:46 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/01/02 20:29:56 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012/02/19 17:49:49 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\[email protected]
[2011/11/02 22:28:39 | 000,003,700 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\searchplugins\avg-secure-search.xml
[2012/01/02 20:29:53 | 000,003,915 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\searchplugins\sweetim.xml
[2012/03/13 22:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/22 13:47:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/01 10:12:32 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/02/20 11:19:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/22 13:46:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/20 11:19:05 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/20 11:19:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/20 11:19:05 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/20 11:19:05 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/20 11:19:05 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========


O1 HOSTS File: ([2012/03/13 22:13:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7313B9C5-C02A-4D34-AB7E-6E95B1ECA34E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7313B9C5-C02A-4D34-AB7E-6E95B1ECA34E}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB21E204-3C56-4450-B427-6744F6FC44BC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/14 10:17:44 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\VS Revo Group
[2012/03/14 10:17:30 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2012/03/14 10:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2012/03/14 10:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/03/14 10:14:02 | 007,895,528 | ---- | C] (VS Revo Group ) -- D:\Users\Paul Triska\Desktop\RevoUninProSetup.exe
[2012/03/13 22:18:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/13 22:18:46 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\temp
[2012/03/13 22:18:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/13 22:03:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/13 22:03:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/13 22:03:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/13 22:03:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/13 21:59:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/13 21:57:19 | 004,434,769 | R--- | C] (Swearware) -- D:\Users\Paul Triska\Desktop\ComboFix.exe
[2012/03/12 22:20:41 | 004,730,880 | ---- | C] (AVAST Software) -- D:\Users\Paul Triska\Desktop\aswMBR.exe
[2012/03/12 19:53:53 | 000,594,944 | ---- | C] (OldTimer Tools) -- D:\Users\Paul Triska\Desktop\OTL.exe
[2012/03/09 00:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/03/06 16:08:46 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\Desktop\Miscellaneous
[2012/03/02 15:34:46 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\Apple Computer
[2012/03/01 10:56:58 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\Apple
[2012/02/29 11:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2012/02/24 20:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2011
[2012/02/24 16:03:04 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\Adobe
[2012/02/22 13:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/22 13:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/02/20 21:20:03 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Press
[2012/02/20 21:20:02 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\Documents\Microsoft Press

========== Files - Modified Within 30 Days ==========

[2012/03/14 16:44:00 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/14 16:44:00 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/14 16:37:03 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 16:37:03 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 16:36:59 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/03/14 16:36:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/14 16:36:44 | 1341,710,336 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/14 11:14:22 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/14 10:14:12 | 007,895,528 | ---- | M] (VS Revo Group ) -- D:\Users\Paul Triska\Desktop\RevoUninProSetup.exe
[2012/03/14 09:32:45 | 091,761,561 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/13 22:13:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/13 21:57:39 | 004,434,769 | R--- | M] (Swearware) -- D:\Users\Paul Triska\Desktop\ComboFix.exe
[2012/03/13 21:51:48 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2012/03/13 18:07:30 | 000,379,724 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/13 11:36:55 | 000,337,137 | ---- | M] () -- D:\Users\Paul Triska\Desktop\FSS.exe
[2012/03/12 22:43:19 | 000,000,512 | ---- | M] () -- D:\Users\Paul Triska\Desktop\MBR.dat
[2012/03/12 22:20:51 | 004,730,880 | ---- | M] (AVAST Software) -- D:\Users\Paul Triska\Desktop\aswMBR.exe
[2012/03/12 19:53:57 | 000,594,944 | ---- | M] (OldTimer Tools) -- D:\Users\Paul Triska\Desktop\OTL.exe
[2012/03/08 21:41:31 | 000,011,273 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\SmarThruOptions.xml
[2012/03/07 01:20:38 | 000,049,152 | ---- | M] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t.backup
[2012/03/07 01:20:38 | 000,049,152 | ---- | M] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t
[2012/02/29 11:31:18 | 000,000,811 | ---- | M] () -- D:\Users\Paul Triska\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/29 11:20:21 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/29 11:20:21 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/29 11:20:08 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/27 04:46:56 | 000,000,680 | ---- | M] () -- D:\Users\Paul Triska\AppData\Local\d3d9caps.dat
[2012/02/23 13:20:44 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/02/23 12:33:56 | 000,007,680 | ---- | M] () -- D:\Users\Paul Triska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/14 15:21:29 | 000,328,633 | ---- | M] () -- D:\Users\Paul Triska\Desktop\DipoOlaEnvelopeNote02132012.pdf

========== Files Created - No Company Name ==========

[2012/03/13 22:03:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/13 22:03:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/13 22:03:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/13 22:03:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/13 22:03:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/13 11:36:51 | 000,337,137 | ---- | C] () -- D:\Users\Paul Triska\Desktop\FSS.exe
[2012/03/12 22:43:19 | 000,000,512 | ---- | C] () -- D:\Users\Paul Triska\Desktop\MBR.dat
[2012/03/09 00:09:42 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012/03/06 00:24:15 | 000,049,152 | ---- | C] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t.backup
[2012/03/06 00:03:41 | 000,049,152 | ---- | C] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t
[2012/02/29 11:20:08 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/23 13:20:25 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/02/14 15:21:29 | 000,328,633 | ---- | C] () -- D:\Users\Paul Triska\Desktop\DipoOlaEnvelopeNote02132012.pdf
[2012/01/10 23:14:04 | 003,730,356 | ---- | C] () -- C:\ProgramData\SamPCFax000013980001
[2011/11/01 23:54:44 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/10/17 02:08:21 | 000,000,680 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\d3d9caps.dat
[2011/04/07 09:30:08 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2011/04/07 09:30:06 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2011/04/07 09:30:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2011/01/24 02:44:05 | 000,000,000 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\prvlcl.dat
[2011/01/03 22:55:39 | 000,007,680 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 17:18:52 | 000,011,273 | ---- | C] () -- D:\Users\Paul Triska\AppData\Roaming\SmarThruOptions.xml
[2010/12/27 17:18:50 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2010/12/27 17:18:38 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2010/12/27 17:18:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2010/12/27 17:17:47 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/12/27 17:17:42 | 000,116,016 | ---- | C] () -- C:\Windows\Wiainst.exe
[2010/12/27 17:16:55 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sso2ml3.dll
[2010/12/27 17:16:13 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2010/12/04 23:00:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/04 22:35:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/04 22:35:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

========== LOP Check ==========

[2011/12/02 23:57:13 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\AVG
[2011/11/02 23:11:45 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\AVG2012
[2011/08/01 21:10:11 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\Blackberry Desktop
[2011/11/28 01:03:08 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\ConsumerSoft
[2011/11/30 22:16:13 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\EuroTalk
[2011/02/07 05:16:47 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\GlarySoft
[2011/05/13 00:40:53 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\gtk-2.0
[2011/11/28 00:51:09 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\PC Cleaners
[2011/01/12 02:01:32 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\Research In Motion
[2012/03/14 16:36:59 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/03/14 16:35:25 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >



XXXXXXXXXXXXXXXXXXXXXXX

OTL logfile created on: 14/03/2012 4:43:57 PM - Run 7
OTL by OldTimer - Version 3.2.36.3 Folder = D:\Users\Paul Triska\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.25 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 50.69% Memory free
2.76 Gb Paging File | 1.93 Gb Available in Paging File | 69.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.12 Gb Total Space | 50.84 Gb Free Space | 65.08% Space Free | Partition Type: NTFS
Drive D: | 65.50 Gb Total Space | 54.85 Gb Free Space | 83.74% Space Free | Partition Type: NTFS
Drive F: | 501.73 Mb Total Space | 501.61 Mb Free Space | 99.98% Space Free | Partition Type: FAT
Drive K: | 3.74 Gb Total Space | 3.40 Gb Free Space | 91.00% Space Free | Partition Type: FAT32

Computer Name: PAUL-PC | User Name: Paul Triska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/12 19:53:57 | 000,594,944 | ---- | M] (OldTimer Tools) -- D:\Users\Paul Triska\Desktop\OTL.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/05/27 03:46:57 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
PRC - [2009/08/14 06:03:06 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2009/08/14 06:03:06 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/27 03:46:57 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2011/11/23 13:37:48 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/11 05:33:51 | 001,217,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/02/10 21:48:20 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2009/02/06 03:04:55 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008/06/20 01:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/05/16 12:20:32 | 000,043,008 | ---- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2007/04/03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 30 FF 42 D2 94 CB 01 [binary data]
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes,DefaultScope = {71C63272-91A7-436a-843D-A1C641D1C626}
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...DE-5C1879782426
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{31D5F45F-5005-4134-96F7-5E8BD763A97B}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-10-13 10:05:46&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\..\SearchScopes\{A8FB2D5A-21DF-4B75-9805-EC351565FA4B}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://www.google.c...che=2&hl=en-GB"
FF - prefs.js..keyword.URL: "http://search.avg.co...a&lng=en-GB&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 10:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 11:19:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/23 15:28:27 | 000,000,000 | ---D | M]

[2011/04/01 00:02:42 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Extensions
[2012/02/19 17:49:49 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions
[2012/01/25 10:23:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/12 00:18:46 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/01/02 20:29:56 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012/02/19 17:49:49 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\extensions\[email protected]
[2011/11/02 22:28:39 | 000,003,700 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\searchplugins\avg-secure-search.xml
[2012/01/02 20:29:53 | 000,003,915 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\Mozilla\Firefox\Profiles\agdw8zja.default\searchplugins\sweetim.xml
[2012/03/13 22:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/22 13:47:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/01 10:12:32 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/02/20 11:19:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/22 13:46:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/20 11:19:05 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/20 11:19:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/20 11:19:05 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/20 11:19:05 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/20 11:19:05 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========


O1 HOSTS File: ([2012/03/13 22:13:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1713625300-749561461-3066383747-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7313B9C5-C02A-4D34-AB7E-6E95B1ECA34E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7313B9C5-C02A-4D34-AB7E-6E95B1ECA34E}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB21E204-3C56-4450-B427-6744F6FC44BC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/14 10:17:44 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\VS Revo Group
[2012/03/14 10:17:30 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2012/03/14 10:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2012/03/14 10:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/03/14 10:14:02 | 007,895,528 | ---- | C] (VS Revo Group ) -- D:\Users\Paul Triska\Desktop\RevoUninProSetup.exe
[2012/03/13 22:18:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/13 22:18:46 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\temp
[2012/03/13 22:18:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/13 22:03:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/13 22:03:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/13 22:03:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/13 22:03:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/13 21:59:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/13 21:57:19 | 004,434,769 | R--- | C] (Swearware) -- D:\Users\Paul Triska\Desktop\ComboFix.exe
[2012/03/12 22:20:41 | 004,730,880 | ---- | C] (AVAST Software) -- D:\Users\Paul Triska\Desktop\aswMBR.exe
[2012/03/12 19:53:53 | 000,594,944 | ---- | C] (OldTimer Tools) -- D:\Users\Paul Triska\Desktop\OTL.exe
[2012/03/09 00:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/03/06 16:08:46 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\Desktop\Miscellaneous
[2012/03/02 15:34:46 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\Apple Computer
[2012/03/01 10:56:58 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\Apple
[2012/02/29 11:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2012/02/24 20:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2011
[2012/02/24 16:03:04 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Local\Adobe
[2012/02/22 13:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/22 13:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/02/20 21:20:03 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Press
[2012/02/20 21:20:02 | 000,000,000 | ---D | C] -- D:\Users\Paul Triska\Documents\Microsoft Press

========== Files - Modified Within 30 Days ==========

[2012/03/14 16:44:00 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/14 16:44:00 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/14 16:37:03 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 16:37:03 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 16:36:59 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/03/14 16:36:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/14 16:36:44 | 1341,710,336 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/14 11:14:22 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/14 10:14:12 | 007,895,528 | ---- | M] (VS Revo Group ) -- D:\Users\Paul Triska\Desktop\RevoUninProSetup.exe
[2012/03/14 09:32:45 | 091,761,561 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/13 22:13:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/13 21:57:39 | 004,434,769 | R--- | M] (Swearware) -- D:\Users\Paul Triska\Desktop\ComboFix.exe
[2012/03/13 21:51:48 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2012/03/13 18:07:30 | 000,379,724 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/13 11:36:55 | 000,337,137 | ---- | M] () -- D:\Users\Paul Triska\Desktop\FSS.exe
[2012/03/12 22:43:19 | 000,000,512 | ---- | M] () -- D:\Users\Paul Triska\Desktop\MBR.dat
[2012/03/12 22:20:51 | 004,730,880 | ---- | M] (AVAST Software) -- D:\Users\Paul Triska\Desktop\aswMBR.exe
[2012/03/12 19:53:57 | 000,594,944 | ---- | M] (OldTimer Tools) -- D:\Users\Paul Triska\Desktop\OTL.exe
[2012/03/08 21:41:31 | 000,011,273 | ---- | M] () -- D:\Users\Paul Triska\AppData\Roaming\SmarThruOptions.xml
[2012/03/07 01:20:38 | 000,049,152 | ---- | M] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t.backup
[2012/03/07 01:20:38 | 000,049,152 | ---- | M] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t
[2012/02/29 11:31:18 | 000,000,811 | ---- | M] () -- D:\Users\Paul Triska\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/29 11:20:21 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/29 11:20:21 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/29 11:20:08 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/27 04:46:56 | 000,000,680 | ---- | M] () -- D:\Users\Paul Triska\AppData\Local\d3d9caps.dat
[2012/02/23 13:20:44 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/02/23 12:33:56 | 000,007,680 | ---- | M] () -- D:\Users\Paul Triska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/14 15:21:29 | 000,328,633 | ---- | M] () -- D:\Users\Paul Triska\Desktop\DipoOlaEnvelopeNote02132012.pdf

========== Files Created - No Company Name ==========

[2012/03/13 22:03:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/13 22:03:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/13 22:03:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/13 22:03:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/13 22:03:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/13 11:36:51 | 000,337,137 | ---- | C] () -- D:\Users\Paul Triska\Desktop\FSS.exe
[2012/03/12 22:43:19 | 000,000,512 | ---- | C] () -- D:\Users\Paul Triska\Desktop\MBR.dat
[2012/03/09 00:09:42 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012/03/06 00:24:15 | 000,049,152 | ---- | C] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t.backup
[2012/03/06 00:03:41 | 000,049,152 | ---- | C] () -- D:\Users\Paul Triska\Documents\PaulTriska.11t
[2012/02/29 11:20:08 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/23 13:20:25 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/02/14 15:21:29 | 000,328,633 | ---- | C] () -- D:\Users\Paul Triska\Desktop\DipoOlaEnvelopeNote02132012.pdf
[2012/01/10 23:14:04 | 003,730,356 | ---- | C] () -- C:\ProgramData\SamPCFax000013980001
[2011/11/01 23:54:44 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/10/17 02:08:21 | 000,000,680 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\d3d9caps.dat
[2011/04/07 09:30:08 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2011/04/07 09:30:06 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2011/04/07 09:30:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2011/01/24 02:44:05 | 000,000,000 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\prvlcl.dat
[2011/01/03 22:55:39 | 000,007,680 | ---- | C] () -- D:\Users\Paul Triska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 17:18:52 | 000,011,273 | ---- | C] () -- D:\Users\Paul Triska\AppData\Roaming\SmarThruOptions.xml
[2010/12/27 17:18:50 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2010/12/27 17:18:38 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2010/12/27 17:18:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2010/12/27 17:17:47 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/12/27 17:17:42 | 000,116,016 | ---- | C] () -- C:\Windows\Wiainst.exe
[2010/12/27 17:16:55 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sso2ml3.dll
[2010/12/27 17:16:13 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2010/12/04 23:00:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/04 22:35:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/04 22:35:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

========== LOP Check ==========

[2011/12/02 23:57:13 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\AVG
[2011/11/02 23:11:45 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\AVG2012
[2011/08/01 21:10:11 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\Blackberry Desktop
[2011/11/28 01:03:08 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\ConsumerSoft
[2011/11/30 22:16:13 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\EuroTalk
[2011/02/07 05:16:47 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\GlarySoft
[2011/05/13 00:40:53 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\gtk-2.0
[2011/11/28 00:51:09 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\PC Cleaners
[2011/01/12 02:01:32 | 000,000,000 | ---D | M] -- D:\Users\Paul Triska\AppData\Roaming\Research In Motion
[2012/03/14 16:36:59 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/03/14 16:35:25 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Regards
Paul
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP