Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

screensaver and power settings suddenly not working [Solved]

Started by arwier , May 15 2012 09:46 PM

  • This topic is locked This topic is locked

#1
arwier
Posted 15 May 2012 - 09:46 PM

arwier

    Member

  • Member
  • PipPip
  • 78 posts
My computer has been a little slow for some time now in my opinion but as of about a week ago I noticed my screensaver never starts and it doesn't shut down the monitor as it is supposed to I have tried changing screensavers and reapplying the power settings but to no avail if you could see what the problem might be I would greatly appreciate it and thank you in advance

here is my otl log

OTL logfile created on: 5/15/2012 9:56:29 PM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Art\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 50.36% Memory free
3.60 Gb Paging File | 2.98 Gb Available in Paging File | 82.76% Paging File free
Paging file location(s): C:\pagefile.sys 2301 2301 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.45 Gb Total Space | 27.73 Gb Free Space | 41.11% Space Free | Partition Type: NTFS
Drive D: | 6.00 Gb Total Space | 1.84 Gb Free Space | 30.69% Space Free | Partition Type: NTFS
Drive F: | 0.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ARTS | User Name: Art | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/15 21:55:01 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/28 02:53:14 | 000,404,568 | ---- | M] (LG Electronics) -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/22 12:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/06/22 12:17:08 | 000,846,056 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/06/22 12:15:44 | 002,637,824 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/10/29 16:12:22 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/05/06 11:14:22 | 000,020,549 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/15 14:12:02 | 001,759,232 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12051501\algo.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\SYSTEM32\HPBHEALR.DLL
MOD - [2001/05/06 11:14:24 | 000,765,952 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hotspot\jvm.dll
MOD - [2001/05/06 11:14:22 | 000,086,093 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\java.dll
MOD - [2001/05/06 11:14:22 | 000,053,326 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\zip.dll
MOD - [2001/05/06 11:14:22 | 000,053,319 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\verify.dll
MOD - [2001/05/06 11:14:22 | 000,032,841 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\net.dll
MOD - [2001/05/06 11:14:22 | 000,028,753 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hpi.dll
MOD - [2001/05/06 11:14:22 | 000,020,549 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/22 12:17:08 | 000,846,056 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/07/25 15:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\lxcgcoms.exe -- (lxcg_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\is3srv.sys -- (is3srv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 17:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/09 22:11:05 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011/11/09 22:10:54 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vididr.sys -- (vididr)
DRV - [2011/11/09 22:10:37 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53)
DRV - [2011/11/09 22:10:27 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys -- (SBRE)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\revoflt.sys -- (Revoflt)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgp.sys -- (motccgp)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007/02/15 19:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2004/03/19 17:41:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)
DRV - [2004/03/19 17:41:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/07/24 21:21:10 | 000,334,248 | ---- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GT891x1.sys -- (DCamUSBDXGTech) Fashion Cam 01 Dual-Mode DSC (Video Camera)
DRV - [2001/07/05 12:13:14 | 000,018,088 | ---- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GT890X.SYS -- (GT890x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...=AVB3DF&pc=AVBR
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....&q={searchTerms}
IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = http://www.ask.com/w...&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...260142657588155
IE - HKCU\..\SearchScopes\{DDC8D966-465C-2856-0BFE-6F4974176253}: "URL" = http://www.bing.com/...030&form=ZGAIDF
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/25 10:31:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 14:25:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/08/28 16:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Art\Application Data\Mozilla\Extensions
[2012/05/08 03:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\y71no38n.default\extensions
[2012/05/08 03:34:38 | 000,000,000 | ---D | M] (ShopToWin17) -- C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\y71no38n.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4}
[2011/11/13 14:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incre...260142657588155
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\Art\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_Splendid = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\

O1 HOSTS File: ([2011/10/09 22:49:17 | 000,000,352 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1270494171107 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.200 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD92E848-ECFB-4F6D-BD2D-6D9DB5578BF2}: DhcpNameServer = 192.168.2.200 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Art\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Art\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/20 12:58:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 04:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\HU2011
[2012/05/08 03:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/05/08 03:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Local Settings\Application Data\visi_coupon
[2012/05/08 03:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Local Settings\Application Data\WeatherBug
[2012/05/08 03:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\WeatherBug
[2012/05/08 03:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\WeatherBug
[2012/05/08 03:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2012/05/08 03:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2012/05/05 14:31:46 | 000,000,000 | ---D | C] -- C:\Downloads

========== Files - Modified Within 30 Days ==========

[2012/05/15 22:05:18 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4628B742-69B3-471E-A4C8-1A2448CF0BD5}.job
[2012/05/15 21:55:01 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe
[2012/05/15 21:47:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/15 21:38:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/15 07:56:26 | 000,000,982 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/05/15 06:38:00 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/15 04:35:19 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2012/05/15 04:35:06 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/05/15 04:32:23 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/05/15 04:30:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2012/05/15 04:30:46 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\WinMaximizer-Art-Startup.job
[2012/05/15 04:30:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/05/15 04:30:08 | 1608,585,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/15 04:05:30 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Disk Defrag Sheduled Defragmentation.job
[2012/05/14 19:39:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 20:45:27 | 000,001,067 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\LGMobile Support Tool.lnk
[2012/05/11 22:02:37 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Art\Start Menu\Programs\Startup\Webshots.lnk
[2012/05/11 20:48:05 | 000,005,169 | ---- | M] () -- C:\Documents and Settings\Art\My Documents\bitpim.csv
[2012/05/10 19:34:42 | 000,005,312 | ---- | M] () -- C:\Documents and Settings\Art\bitpim.csv
[2012/05/09 04:57:00 | 000,611,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 04:26:29 | 000,506,604 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/05/09 04:26:29 | 000,094,866 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/05/09 04:21:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/08 03:46:12 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\Freecell.lnk
[2012/05/08 03:35:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\WeatherBug.lnk
[2012/05/05 14:54:37 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\Art\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/05/05 14:54:37 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/04/19 19:16:40 | 000,017,354 | ---- | M] () -- C:\Documents and Settings\Art\My Documents\3 wheeler pats list.ods

========== Files Created - No Company Name ==========

[2012/05/11 20:48:05 | 000,005,169 | ---- | C] () -- C:\Documents and Settings\Art\My Documents\bitpim.csv
[2012/05/10 19:34:42 | 000,005,312 | ---- | C] () -- C:\Documents and Settings\Art\bitpim.csv
[2012/05/10 11:37:05 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\BitPim.lnk
[2012/05/08 03:43:51 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2012/05/08 03:35:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\WeatherBug.lnk
[2012/05/05 14:32:15 | 000,001,067 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\LGMobile Support Tool.lnk
[2012/04/19 14:28:51 | 000,017,354 | ---- | C] () -- C:\Documents and Settings\Art\My Documents\3 wheeler pats list.ods
[2012/02/15 19:31:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/09 15:00:48 | 004,346,880 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2012/01/07 17:22:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2012/01/07 17:21:50 | 006,366,094 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-53.dll
[2012/01/07 17:21:50 | 001,007,151 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-53.dll
[2012/01/07 17:21:50 | 000,354,979 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll
[2012/01/07 17:21:50 | 000,203,306 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll
[2012/01/07 17:21:50 | 000,138,727 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-2.dll
[2011/12/20 13:50:04 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/12/20 13:49:56 | 000,099,328 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2011/12/20 13:49:54 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/12/20 13:49:54 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/12/20 13:49:52 | 001,525,248 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/12/20 13:49:52 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/12/20 13:49:52 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/12/20 13:49:50 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/12/20 13:49:50 | 000,260,608 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/12/20 13:49:50 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/12/18 18:40:18 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[2011/11/06 17:15:42 | 000,000,100 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/07 05:55:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2011/10/07 05:55:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2011/10/01 23:54:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/27 12:08:09 | 000,013,379 | ---- | C] () -- C:\Program Files\QUICKENW.QIF
[2011/09/21 21:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/09/08 09:00:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011/09/08 09:00:48 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011/09/08 09:00:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011/09/08 09:00:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011/09/08 09:00:34 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011/09/08 09:00:24 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011/09/08 09:00:10 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011/09/08 09:00:06 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011/09/08 08:59:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011/09/08 08:59:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2011/09/04 21:53:07 | 000,042,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2011/08/27 23:45:49 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\GkSui16.EXE
[2011/08/21 11:23:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/08/21 11:23:40 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/05/30 08:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/23 02:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/06 17:47:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2011/03/06 17:39:16 | 000,041,016 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/06 17:38:36 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2011/02/26 23:49:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\GTCODEC.DLL
[2011/02/26 23:49:17 | 000,000,598 | ---- | C] () -- C:\WINDOWS\FashionCam01.ini
[2011/02/26 23:49:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\AVIMaker.INI
[2011/02/26 21:51:47 | 000,001,042 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat
[2011/01/18 22:50:21 | 000,000,398 | ---- | C] () -- C:\Documents and Settings\Art\Application Data\burnaware.ini
[2010/12/19 12:36:42 | 000,136,210 | ---- | C] () -- C:\WINDOWS\hpwins10.dat
[2010/12/19 12:36:08 | 000,010,376 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat
[2010/11/16 18:23:54 | 000,000,613 | ---- | C] () -- C:\WINDOWS\wizards.ini
[2010/10/12 00:15:56 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/03 08:23:59 | 000,000,300 | ---- | C] () -- C:\WINDOWS\sporting.ini
[2010/09/26 11:08:43 | 000,000,535 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/09/21 17:08:01 | 000,006,172 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2010/08/29 06:24:52 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2010/08/18 14:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2010/08/08 12:17:18 | 000,000,571 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2010/08/08 12:17:16 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
[2010/06/12 20:44:29 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Art\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/11/09 22:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/04/07 07:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2011/09/30 19:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/16 06:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2010/09/25 23:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/08/28 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2012/03/30 01:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Tool
[2011/08/07 19:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E222
[2010/04/25 18:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garden Planner
[2011/10/02 10:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/05/11 21:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/09/05 10:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/02/23 13:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/11/10 19:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfAdventures
[2011/02/26 23:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/05/08 03:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2010/09/25 23:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2012/04/06 09:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/10/09 22:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/08/03 19:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/17 13:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V CAST Media Manager
[2011/10/09 23:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinMaximizer
[2011/02/16 13:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/12/16 06:32:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0B944FF9-D61F-4D53-99D1-CBD889A971D0}
[2011/11/09 22:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Acronis
[2010/04/18 03:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\AGI
[2010/04/06 03:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Auslogics
[2011/11/10 19:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Awem
[2012/01/08 08:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\ElevatedDiagnostics
[2011/06/10 01:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Ewen Chia's My Free Website Builder
[2010/05/01 21:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Garden Planner
[2011/04/03 17:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\GetRightToGo
[2011/10/23 10:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\GlarySoft
[2011/09/11 11:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\gtk-2.0
[2012/05/08 04:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\HU2011
[2011/09/11 11:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Image Zone Express
[2011/11/06 17:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Intermedia Software
[2011/03/06 10:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\iolo
[2011/09/27 20:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Neopets Toolbar
[2010/10/29 18:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\OpenOffice.org
[2010/10/10 12:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Opera
[2011/09/11 11:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Preclick
[2011/09/11 10:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Printer Info Cache
[2011/05/19 18:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\SumatraPDF
[2011/08/28 12:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Tific
[2010/08/11 12:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\VS Revo Group
[2012/05/08 03:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\WeatherBug
[2010/04/07 07:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Webshots
[2011/04/12 22:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Windows Desktop Search
[2011/07/28 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Windows Search
[2012/05/15 04:05:30 | 000,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Disk Defrag Sheduled Defragmentation.job
[2012/05/15 04:32:23 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2012/05/15 04:30:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\PC Optimizer Pro startups.job
[2012/05/15 22:05:18 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4628B742-69B3-471E-A4C8-1A2448CF0BD5}.job
[2012/05/15 04:30:46 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\WinMaximizer-Art-Startup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:6511340FFA8A30C3
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:307AA992

< End of report >
  • 0

Advertisements

#2
arwier
Posted 15 May 2012 - 09:54 PM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I also remember I did try downloading and running a game which as part of the install it installed weatherbug and some shopping programs which I imediatly uninstalled as best I could exept the weatherbug I uninstalled the game as well it was a deer hunting game and I don't remember the name of it
  • 0

#3
Crowbar
Posted 17 May 2012 - 06:14 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello arwier and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them.
You get an advantage as you have 2 people examining your issue.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Sorry about the delay, I just happened to notice you replied to your own topic, as we mostly look for zero replies to posts.
I would like you to run another set of scans for me and I will work up a fix, I do see some adware on your computer after a quick look at your OTL log.

Step 1
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
C:\windows\*. /RP /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs in your next response

Step 2
Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the [Scan] button to start scan
Posted Image

On completion of the scan click [Save log], save it to your desktop and post in your next reply

In your next reply I would like to see:
  • OTL log - there won't be a new extras.txt, but you can also post the original one, it should be on your desktop
  • aswMBR log

  • 0

#4
arwier
Posted 17 May 2012 - 11:08 AM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
thank you for replying and no problem with any delays there may be I ran the scans you asked for but olt has not given me the extras.txt file either time but here is two of the logs you asked for

OTL logfile created on: 5/17/2012 7:19:12 AM - Run 3
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Art\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 53.70% Memory free
3.60 Gb Paging File | 3.07 Gb Available in Paging File | 85.21% Paging File free
Paging file location(s): C:\pagefile.sys 2301 2301 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.45 Gb Total Space | 27.57 Gb Free Space | 40.87% Space Free | Partition Type: NTFS
Drive D: | 6.00 Gb Total Space | 1.84 Gb Free Space | 30.69% Space Free | Partition Type: NTFS
Drive F: | 0.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ARTS | User Name: Art | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/17 07:18:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/28 02:53:14 | 000,404,568 | ---- | M] (LG Electronics) -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/22 12:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/06/22 12:17:08 | 000,846,056 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/06/22 12:15:44 | 002,637,824 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/10/29 16:12:22 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/08 13:38:16 | 003,474,848 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\3.1.5.7617\Webshots.scr
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/05/06 11:14:22 | 000,020,549 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/16 14:46:16 | 001,759,232 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12051601\algo.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\SYSTEM32\HPBHEALR.DLL
MOD - [2001/05/06 11:14:24 | 000,765,952 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hotspot\jvm.dll
MOD - [2001/05/06 11:14:22 | 000,086,093 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\java.dll
MOD - [2001/05/06 11:14:22 | 000,053,326 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\zip.dll
MOD - [2001/05/06 11:14:22 | 000,053,319 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\verify.dll
MOD - [2001/05/06 11:14:22 | 000,032,841 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\net.dll
MOD - [2001/05/06 11:14:22 | 000,028,753 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hpi.dll
MOD - [2001/05/06 11:14:22 | 000,020,549 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/22 12:17:08 | 000,846,056 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/07/25 15:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\lxcgcoms.exe -- (lxcg_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\is3srv.sys -- (is3srv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 17:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/09 22:11:05 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011/11/09 22:10:54 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vididr.sys -- (vididr)
DRV - [2011/11/09 22:10:37 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53)
DRV - [2011/11/09 22:10:27 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys -- (SBRE)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\revoflt.sys -- (Revoflt)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgp.sys -- (motccgp)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007/02/15 19:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2004/03/19 17:41:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)
DRV - [2004/03/19 17:41:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/07/24 21:21:10 | 000,334,248 | ---- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GT891x1.sys -- (DCamUSBDXGTech) Fashion Cam 01 Dual-Mode DSC (Video Camera)
DRV - [2001/07/05 12:13:14 | 000,018,088 | ---- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GT890X.SYS -- (GT890x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
IE - HKU\S-1-5-19\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....&q={searchTerms}
IE - HKU\S-1-5-19\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
IE - HKU\S-1-5-20\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....&q={searchTerms}
IE - HKU\S-1-5-20\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...=AVB3DF&pc=AVBR
IE - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....&q={searchTerms}
IE - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = http://www.ask.com/w...&q={searchTerms}
IE - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...260142657588155
IE - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\..\SearchScopes\{DDC8D966-465C-2856-0BFE-6F4974176253}: "URL" = http://www.bing.com/...030&form=ZGAIDF
IE - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....?p={searchTerms}
IE - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/25 10:31:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 14:25:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/08/28 16:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Art\Application Data\Mozilla\Extensions
[2012/05/08 03:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\y71no38n.default\extensions
[2012/05/08 03:34:38 | 000,000,000 | ---D | M] (ShopToWin17) -- C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\y71no38n.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4}
[2011/11/13 14:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incre...260142657588155
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\Art\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_Splendid = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\

O1 HOSTS File: ([2011/10/09 22:49:17 | 000,000,352 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-1341004652-1547256042-501489391-1007..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-21-1341004652-1547256042-501489391-1007..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1164634.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1270494171107 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.200 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD92E848-ECFB-4F6D-BD2D-6D9DB5578BF2}: DhcpNameServer = 192.168.2.200 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Art\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Art\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/20 12:58:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "WZCSVC"
MsConfig - Services: "VSS"
MsConfig - Services: "UPS"
MsConfig - Services: "srservice"
MsConfig - Services: "mnmsrvc"
MsConfig - Services: "FastUserSwitchingCompatibility"
MsConfig - Services: "ERSvc"
MsConfig - Services: "Browser"
MsConfig - Services: "WSearch"
MsConfig - Services: "TrkWks"
MsConfig - Services: "SwPrv"
MsConfig - Services: "stisvc"
MsConfig - Services: "seclogon"
MsConfig - Services: "RDSessMgr"
MsConfig - Services: "RasMan"
MsConfig - Services: "RasAuto"
MsConfig - Services: "Dot3svc"
MsConfig - Services: "CiSvc"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpReg: HLBackupScheduler - hkey= - key= - C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 04:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\HU2011
[2012/05/08 03:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/05/08 03:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Local Settings\Application Data\visi_coupon
[2012/05/08 03:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Local Settings\Application Data\WeatherBug
[2012/05/08 03:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\WeatherBug
[2012/05/08 03:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\WeatherBug
[2012/05/08 03:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2012/05/08 03:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2012/05/05 14:31:46 | 000,000,000 | ---D | C] -- C:\Downloads

========== Files - Modified Within 30 Days ==========

[2012/05/17 07:18:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe
[2012/05/17 07:03:24 | 000,000,982 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/05/17 06:38:01 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/17 06:38:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/17 04:04:36 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Disk Defrag Sheduled Defragmentation.job
[2012/05/17 03:20:10 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4628B742-69B3-471E-A4C8-1A2448CF0BD5}.job
[2012/05/16 21:41:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/16 12:33:48 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Art\Start Menu\Programs\Startup\Webshots.lnk
[2012/05/15 04:35:19 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2012/05/15 04:35:06 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/05/15 04:32:23 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/05/15 04:30:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2012/05/15 04:30:46 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\WinMaximizer-Art-Startup.job
[2012/05/15 04:30:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/05/15 04:30:08 | 1608,585,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 19:39:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 20:45:27 | 000,001,067 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\LGMobile Support Tool.lnk
[2012/05/11 20:48:05 | 000,005,169 | ---- | M] () -- C:\Documents and Settings\Art\My Documents\bitpim.csv
[2012/05/10 19:34:42 | 000,005,312 | ---- | M] () -- C:\Documents and Settings\Art\bitpim.csv
[2012/05/09 04:57:00 | 000,611,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 04:26:29 | 000,506,604 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/05/09 04:26:29 | 000,094,866 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/05/09 04:21:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/08 03:46:12 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\Freecell.lnk
[2012/05/08 03:35:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\WeatherBug.lnk
[2012/05/05 14:54:37 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\Art\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/05/05 14:54:37 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/04/19 19:16:40 | 000,017,354 | ---- | M] () -- C:\Documents and Settings\Art\My Documents\3 wheeler pats list.ods

========== Files Created - No Company Name ==========

[2012/05/11 20:48:05 | 000,005,169 | ---- | C] () -- C:\Documents and Settings\Art\My Documents\bitpim.csv
[2012/05/10 19:34:42 | 000,005,312 | ---- | C] () -- C:\Documents and Settings\Art\bitpim.csv
[2012/05/10 11:37:05 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\BitPim.lnk
[2012/05/08 03:43:51 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2012/05/08 03:35:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\WeatherBug.lnk
[2012/05/05 14:32:15 | 000,001,067 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\LGMobile Support Tool.lnk
[2012/04/19 14:28:51 | 000,017,354 | ---- | C] () -- C:\Documents and Settings\Art\My Documents\3 wheeler pats list.ods
[2012/02/15 19:31:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/09 15:00:48 | 004,346,880 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2012/01/07 17:22:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2012/01/07 17:21:50 | 006,366,094 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-53.dll
[2012/01/07 17:21:50 | 001,007,151 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-53.dll
[2012/01/07 17:21:50 | 000,354,979 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll
[2012/01/07 17:21:50 | 000,203,306 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll
[2012/01/07 17:21:50 | 000,138,727 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-2.dll
[2011/12/20 13:50:04 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/12/20 13:49:56 | 000,099,328 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2011/12/20 13:49:54 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/12/20 13:49:54 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/12/20 13:49:52 | 001,525,248 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/12/20 13:49:52 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/12/20 13:49:52 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/12/20 13:49:50 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/12/20 13:49:50 | 000,260,608 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/12/20 13:49:50 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/12/18 18:40:18 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[2011/11/06 17:15:42 | 000,000,100 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/07 05:55:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2011/10/07 05:55:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2011/10/01 23:54:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/27 12:08:09 | 000,013,379 | ---- | C] () -- C:\Program Files\QUICKENW.QIF
[2011/09/21 21:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/09/08 09:00:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011/09/08 09:00:48 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011/09/08 09:00:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011/09/08 09:00:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011/09/08 09:00:34 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011/09/08 09:00:24 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011/09/08 09:00:10 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011/09/08 09:00:06 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011/09/08 08:59:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011/09/08 08:59:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2011/09/04 21:53:07 | 000,042,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2011/08/27 23:45:49 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\GkSui16.EXE
[2011/08/21 11:23:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/08/21 11:23:40 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/05/30 08:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/23 02:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/06 17:47:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2011/03/06 17:39:16 | 000,041,016 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/06 17:38:36 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2011/02/26 23:49:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\GTCODEC.DLL
[2011/02/26 23:49:17 | 000,000,598 | ---- | C] () -- C:\WINDOWS\FashionCam01.ini
[2011/02/26 23:49:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\AVIMaker.INI
[2011/02/26 21:51:47 | 000,001,042 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat
[2011/01/18 22:50:21 | 000,000,398 | ---- | C] () -- C:\Documents and Settings\Art\Application Data\burnaware.ini
[2010/12/19 12:36:42 | 000,136,210 | ---- | C] () -- C:\WINDOWS\hpwins10.dat
[2010/12/19 12:36:08 | 000,010,376 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat
[2010/11/16 18:23:54 | 000,000,613 | ---- | C] () -- C:\WINDOWS\wizards.ini
[2010/10/12 00:15:56 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/03 08:23:59 | 000,000,300 | ---- | C] () -- C:\WINDOWS\sporting.ini
[2010/09/26 11:08:43 | 000,000,535 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/09/21 17:08:01 | 000,006,172 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2010/08/29 06:24:52 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2010/08/18 14:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2010/08/08 12:17:18 | 000,000,571 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2010/08/08 12:17:16 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
[2010/06/12 20:44:29 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Art\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/09/24 16:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2011/09/24 16:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Webshots
[2011/09/19 05:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2011/09/19 05:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2011/11/09 22:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/04/07 07:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2011/09/30 19:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/16 06:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2010/09/25 23:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/08/28 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2012/03/30 01:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Tool
[2011/08/07 19:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E222
[2010/04/25 18:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garden Planner
[2011/10/02 10:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/05/11 21:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/09/05 10:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/02/23 13:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/11/10 19:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfAdventures
[2011/02/26 23:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/05/08 03:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2010/09/25 23:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2012/04/06 09:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/10/09 22:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/08/03 19:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/17 13:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V CAST Media Manager
[2011/10/09 23:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinMaximizer
[2011/02/16 13:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/12/16 06:32:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0B944FF9-D61F-4D53-99D1-CBD889A971D0}
[2011/11/09 22:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Acronis
[2010/04/18 03:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\AGI
[2010/04/06 03:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Auslogics
[2011/11/10 19:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Awem
[2012/01/08 08:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\ElevatedDiagnostics
[2011/06/10 01:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Ewen Chia's My Free Website Builder
[2010/05/01 21:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Garden Planner
[2011/04/03 17:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\GetRightToGo
[2011/10/23 10:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\GlarySoft
[2011/09/11 11:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\gtk-2.0
[2012/05/08 04:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\HU2011
[2011/09/11 11:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Image Zone Express
[2011/11/06 17:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Intermedia Software
[2011/03/06 10:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\iolo
[2011/09/27 20:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Neopets Toolbar
[2010/10/29 18:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\OpenOffice.org
[2010/10/10 12:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Opera
[2011/09/11 11:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Preclick
[2011/09/11 10:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Printer Info Cache
[2011/05/19 18:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\SumatraPDF
[2011/08/28 12:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Tific
[2010/08/11 12:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\VS Revo Group
[2012/05/08 03:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\WeatherBug
[2010/04/07 07:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Webshots
[2011/04/12 22:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Windows Desktop Search
[2011/07/28 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Windows Search
[2010/04/06 08:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2011/09/09 06:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2012/05/17 04:04:36 | 000,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Disk Defrag Sheduled Defragmentation.job
[2012/05/15 04:32:23 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2012/05/15 04:30:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\PC Optimizer Pro startups.job
[2012/05/17 03:20:10 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4628B742-69B3-471E-A4C8-1A2448CF0BD5}.job
[2012/05/15 04:30:46 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\WinMaximizer-Art-Startup.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\svchost.exe
[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = System32\DRIVERS\netbt.sys -- [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
"DhcpNodeType" = 8
"EnableProxy" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{BCEF58F1-678B-4CF3-81B1-42C9041073AF}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{BD92E848-ECFB-4F6D-BD2D-6D9DB5578BF2}]
"NameServerList" = [binary data]
"NetbiosOptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F1107D55-F085-4820-81B9-4EF15C564736}]
"NameServerList" = [binary data]
"RASFlags" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{FA682C52-60A2-46E2-9E1C-4893C61441AB}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = System32\DRIVERS\netbios.sys -- [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 03 01 04 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/03/19 17:45:12 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/05 01:53:18 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/05 01:53:18 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/05 01:53:18 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/05 01:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/05 01:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/05 01:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2004/03/19 17:39:54 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/05 01:53:18 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/05 01:53:18 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/05 01:53:18 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/05 01:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/05 01:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/05 01:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2004/03/19 17:39:54 | 000,094,208 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: ARTS
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E CD-ROM 0 B
Volume 1 F LABELS CDFS DVD-ROM 1024 KB
Volume 2 C NTFS Partition 67 GB Healthy System
Volume 3 D Music + NTFS Partition 6142 MB Healthy

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:6511340FFA8A30C3
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:307AA992

< End of report >


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-17 07:49:28
-----------------------------
07:49:28.765 OS Version: Windows 5.1.2600 Service Pack 3
07:49:28.765 Number of processors: 1 586 0x209
07:49:28.765 ComputerName: ARTS UserName: Art
07:49:29.234 Initialize success
07:49:29.578 AVAST engine defs: 12051601
07:49:44.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
07:49:44.015 Disk 0 Vendor: WDC_WD800BB-55JKC0 05.01C05 Size: 76319MB BusType: 3
07:49:44.015 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
07:49:44.015 Disk 1 Vendor: ST36423A 3.05 Size: 6149MB BusType: 3
07:49:44.062 Disk 0 MBR read successfully
07:49:44.062 Disk 0 MBR scan
07:49:44.062 Disk 0 unknown MBR code
07:49:44.078 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 78 MB offset 63
07:49:44.093 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 69068 MB offset 160650
07:49:44.125 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 7169 MB offset 141612975
07:49:44.140 Disk 0 scanning sectors +156296385
07:49:44.250 Disk 0 scanning C:\WINDOWS\system32\drivers
07:50:14.156 Service scanning
07:50:49.546 Modules scanning
07:51:17.015 Disk 0 trace - called modules:
07:51:17.046 ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:51:17.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2c3ab8]
07:51:17.062 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8a29d9e0]
07:51:17.078 5 vsflt53.sys[f74efc2b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a2c4d98]
07:51:17.625 AVAST engine scan C:\WINDOWS
07:51:48.453 AVAST engine scan C:\WINDOWS\system32
07:57:11.968 AVAST engine scan C:\WINDOWS\system32\drivers
07:57:59.937 AVAST engine scan C:\Documents and Settings\Art
08:09:13.953 AVAST engine scan C:\Documents and Settings\All Users
08:10:34.578 Scan finished successfully
11:57:48.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Art\Desktop\MBR.dat"
11:57:48.359 The log file has been saved successfully to "C:\Documents and Settings\Art\Desktop\aswMBR.txt"
  • 0

#5
Crowbar
Posted 19 May 2012 - 09:13 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello arwier,
I do see some adware in your logs and will remove it.

I would love to see the extras.txt file, and it should be right on your desktop. If it's not there I can have you generate a new one.

I see you have at least one P2P (Peer to Peer) programs, I must warn you that the files you download

I notice that you have one or more P2P (Peer to Peer) file sharing programs installed on your computer.
  • Bearshare
This is a very easy way to get infected, as many of the files that can be downloaded with these P2P programs are infected with all sorts of malware.
You put your system at a very big risk by downloading these files, and that is why we recommend
that you remove these programs from your computer.
If you do not want to remove them, please DO NOT use them while we are cleaning your machine.

If you need any help removing them I will be glad to assist you.

I also see that you have used a few registry cleaners / optimizers. These type programs will at best do nothing, and at worst can break Windows to the point of it not booting. I advise you to refrain from using these type of programs on your computer.

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKU\S-1-5-19\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....&q={searchTerms}
IE - HKU\S-1-5-20\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....&q={searchTerms}
IE - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....&q={searchTerms}
IE - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = http://www.ask.com/w...&q={searchTerms}
IE - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...260142657588155
[2012/05/08 03:34:38 | 000,000,000 | ---D | M] (ShopToWin17) -- C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\y71no38n.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4}
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incre...260142657588155
O3 - HKU\S-1-5-21-1341004652-1547256042-501489391-1007\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[2012/05/08 03:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2011/10/09 23:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinMaximizer
[2012/05/15 04:30:46 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\WinMaximizer-Art-Startup.job
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:6511340FFA8A30C3
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:307AA992

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3

Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

In your next reply I would like to see:
  • OTL fix log
  • Extras.txt file contents if you can locate it
  • New OTL log
  • Malwarebytes log
  • ESET online scan log

  • 0

#6
arwier
Posted 21 May 2012 - 07:18 AM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I apologise for the delay in responding but my internet connection went down inbetween when I started the last steps and when I finished them it should be up again today and I will post the logs as soon as it is thank you for your patience also olt never gave me the extras text anytime I have run it
  • 0

#7
Crowbar
Posted 21 May 2012 - 10:31 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
No problem, take your time. I will be here when you are ready to continue. If you topic happens to get closed, just PM me and I will have it re-opened. Don't worry about the Extras.txt file.
  • 0

#8
arwier
Posted 23 May 2012 - 08:17 PM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
OTL logfile created on: 5/19/2012 4:11:05 PM - Run 4
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Art\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 55.46% Memory free
3.60 Gb Paging File | 3.16 Gb Available in Paging File | 87.62% Paging File free
Paging file location(s): C:\pagefile.sys 2301 2301 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.45 Gb Total Space | 29.28 Gb Free Space | 43.42% Space Free | Partition Type: NTFS
Drive D: | 6.00 Gb Total Space | 1.84 Gb Free Space | 30.69% Space Free | Partition Type: NTFS
Drive F: | 0.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 18.06 Gb Total Space | 14.35 Gb Free Space | 79.47% Space Free | Partition Type: NTFS
Drive Y: | 18.53 Gb Total Space | 16.71 Gb Free Space | 90.14% Space Free | Partition Type: NTFS
Drive Z: | 18.10 Gb Total Space | 14.37 Gb Free Space | 79.35% Space Free | Partition Type: NTFS

Computer Name: ARTS | User Name: Art | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/17 07:18:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/22 12:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/06/22 12:17:08 | 000,846,056 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/06/22 12:15:44 | 002,637,824 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/10/29 16:12:22 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/08 13:38:16 | 003,474,848 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\3.1.5.7617\Webshots.scr
PRC - [2009/03/08 04:31:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msfeedssync.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/05/06 11:14:22 | 000,020,549 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/19 01:45:03 | 001,761,280 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12051900\algo.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\SYSTEM32\HPBHEALR.DLL
MOD - [2001/05/06 11:14:24 | 000,765,952 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hotspot\jvm.dll
MOD - [2001/05/06 11:14:22 | 000,086,093 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\java.dll
MOD - [2001/05/06 11:14:22 | 000,053,326 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\zip.dll
MOD - [2001/05/06 11:14:22 | 000,053,319 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\verify.dll
MOD - [2001/05/06 11:14:22 | 000,032,841 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\net.dll
MOD - [2001/05/06 11:14:22 | 000,028,753 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hpi.dll
MOD - [2001/05/06 11:14:22 | 000,020,549 | ---- | M] () -- c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/22 12:17:08 | 000,846,056 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/07/25 15:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\lxcgcoms.exe -- (lxcg_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\is3srv.sys -- (is3srv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/19 12:42:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 17:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/09 22:11:05 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011/11/09 22:10:54 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vididr.sys -- (vididr)
DRV - [2011/11/09 22:10:37 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53)
DRV - [2011/11/09 22:10:27 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys -- (SBRE)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\revoflt.sys -- (Revoflt)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgp.sys -- (motccgp)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007/02/15 19:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2004/03/19 17:41:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)
DRV - [2004/03/19 17:41:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/07/24 21:21:10 | 000,334,248 | ---- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GT891x1.sys -- (DCamUSBDXGTech) Fashion Cam 01 Dual-Mode DSC (Video Camera)
DRV - [2001/07/05 12:13:14 | 000,018,088 | ---- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GT890X.SYS -- (GT890x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...=AVB3DF&pc=AVBR
IE - HKCU\..\SearchScopes\{DDC8D966-465C-2856-0BFE-6F4974176253}: "URL" = http://www.bing.com/...030&form=ZGAIDF
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/25 10:31:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 14:25:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/08/28 16:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Art\Application Data\Mozilla\Extensions
[2012/05/19 12:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\y71no38n.default\extensions
[2011/11/13 14:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incre...260142657588155
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\Art\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_Splendid = C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\

O1 HOSTS File: ([2011/10/09 22:49:17 | 000,000,352 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1270494171107 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.200 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD92E848-ECFB-4F6D-BD2D-6D9DB5578BF2}: DhcpNameServer = 192.168.2.200 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Art\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Art\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/20 12:58:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/19 12:42:13 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/19 12:33:43 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Art\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/17 07:35:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Art\Desktop\aswMBR.exe
[2012/05/08 04:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\HU2011
[2012/05/08 03:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/05/08 03:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Local Settings\Application Data\visi_coupon
[2012/05/08 03:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Local Settings\Application Data\WeatherBug
[2012/05/08 03:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Application Data\WeatherBug
[2012/05/08 03:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Art\Start Menu\Programs\WeatherBug
[2012/05/08 03:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2012/05/05 14:31:46 | 000,000,000 | ---D | C] -- C:\Downloads
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/19 16:11:17 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4628B742-69B3-471E-A4C8-1A2448CF0BD5}.job
[2012/05/19 15:38:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/19 12:42:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/19 12:40:39 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2012/05/19 12:39:38 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/05/19 12:38:40 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/05/19 12:38:25 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/19 12:38:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2012/05/19 12:36:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/05/19 12:36:50 | 1608,585,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/19 12:35:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/19 12:33:50 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Art\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/19 12:31:12 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Art\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/19 09:00:17 | 000,000,982 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/05/19 04:06:46 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Disk Defrag Sheduled Defragmentation.job
[2012/05/19 02:39:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/17 11:57:48 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\MBR.dat
[2012/05/17 07:36:11 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Art\Desktop\aswMBR.exe
[2012/05/17 07:18:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Art\Desktop\OTL.exe
[2012/05/16 12:33:48 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Art\Start Menu\Programs\Startup\Webshots.lnk
[2012/05/13 20:45:27 | 000,001,067 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\LGMobile Support Tool.lnk
[2012/05/11 20:48:05 | 000,005,169 | ---- | M] () -- C:\Documents and Settings\Art\My Documents\bitpim.csv
[2012/05/10 19:34:42 | 000,005,312 | ---- | M] () -- C:\Documents and Settings\Art\bitpim.csv
[2012/05/09 04:57:00 | 000,611,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 04:26:29 | 000,506,604 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/05/09 04:26:29 | 000,094,866 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/05/09 04:21:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/08 03:46:12 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\Freecell.lnk
[2012/05/08 03:35:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\Art\Desktop\WeatherBug.lnk
[2012/05/05 14:54:37 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\Art\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/05/05 14:54:37 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/04/19 19:16:40 | 000,017,354 | ---- | M] () -- C:\Documents and Settings\Art\My Documents\3 wheeler pats list.ods
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/17 11:57:48 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\MBR.dat
[2012/05/11 20:48:05 | 000,005,169 | ---- | C] () -- C:\Documents and Settings\Art\My Documents\bitpim.csv
[2012/05/10 19:34:42 | 000,005,312 | ---- | C] () -- C:\Documents and Settings\Art\bitpim.csv
[2012/05/10 11:37:05 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\BitPim.lnk
[2012/05/08 03:43:51 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2012/05/08 03:35:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\WeatherBug.lnk
[2012/05/05 14:32:15 | 000,001,067 | ---- | C] () -- C:\Documents and Settings\Art\Desktop\LGMobile Support Tool.lnk
[2012/02/15 19:31:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/09 15:00:48 | 004,346,880 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2012/01/07 17:22:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2012/01/07 17:21:50 | 006,366,094 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-53.dll
[2012/01/07 17:21:50 | 001,007,151 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-53.dll
[2012/01/07 17:21:50 | 000,354,979 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll
[2012/01/07 17:21:50 | 000,203,306 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll
[2012/01/07 17:21:50 | 000,138,727 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-2.dll
[2011/12/20 13:50:04 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/12/20 13:49:56 | 000,099,328 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2011/12/20 13:49:54 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/12/20 13:49:54 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/12/20 13:49:52 | 001,525,248 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/12/20 13:49:52 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/12/20 13:49:52 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/12/20 13:49:50 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/12/20 13:49:50 | 000,260,608 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/12/20 13:49:50 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/12/18 18:40:18 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[2011/11/06 17:15:42 | 000,000,100 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/07 05:55:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2011/10/07 05:55:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2011/10/01 23:54:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/27 12:08:09 | 000,013,379 | ---- | C] () -- C:\Program Files\QUICKENW.QIF
[2011/09/21 21:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/09/08 09:00:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011/09/08 09:00:48 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011/09/08 09:00:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011/09/08 09:00:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011/09/08 09:00:34 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011/09/08 09:00:24 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011/09/08 09:00:10 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011/09/08 09:00:06 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011/09/08 08:59:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011/09/08 08:59:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2011/09/04 21:53:07 | 000,042,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2011/08/27 23:45:49 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\GkSui16.EXE
[2011/08/21 11:23:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/08/21 11:23:40 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/05/30 08:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/23 02:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/06 17:47:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2011/03/06 17:39:16 | 000,041,016 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/06 17:38:36 | 000,634,087 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2011/02/26 23:49:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\GTCODEC.DLL
[2011/02/26 23:49:17 | 000,000,598 | ---- | C] () -- C:\WINDOWS\FashionCam01.ini
[2011/02/26 23:49:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\AVIMaker.INI
[2011/02/26 21:51:47 | 000,001,042 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat
[2011/01/18 22:50:21 | 000,000,398 | ---- | C] () -- C:\Documents and Settings\Art\Application Data\burnaware.ini
[2010/12/19 12:36:42 | 000,136,210 | ---- | C] () -- C:\WINDOWS\hpwins10.dat
[2010/12/19 12:36:08 | 000,010,376 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat
[2010/11/16 18:23:54 | 000,000,613 | ---- | C] () -- C:\WINDOWS\wizards.ini
[2010/10/12 00:15:56 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/03 08:23:59 | 000,000,300 | ---- | C] () -- C:\WINDOWS\sporting.ini
[2010/09/26 11:08:43 | 000,000,535 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/09/21 17:08:01 | 000,006,172 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2010/08/29 06:24:52 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2010/08/18 14:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2010/08/08 12:17:18 | 000,000,571 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2010/08/08 12:17:16 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
[2010/06/12 20:44:29 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Art\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/11/09 22:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/04/07 07:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2011/09/30 19:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/16 06:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2010/09/25 23:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/08/28 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2012/03/30 01:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Tool
[2011/08/07 19:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E222
[2010/04/25 18:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garden Planner
[2011/10/02 10:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/05/11 21:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/09/05 10:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/02/23 13:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/11/10 19:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfAdventures
[2011/02/26 23:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/05/08 03:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2010/09/25 23:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2012/04/06 09:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/10/09 22:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/08/03 19:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/17 13:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V CAST Media Manager
[2011/02/16 13:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/12/16 06:32:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0B944FF9-D61F-4D53-99D1-CBD889A971D0}
[2011/11/09 22:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Acronis
[2010/04/18 03:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\AGI
[2010/04/06 03:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Auslogics
[2011/11/10 19:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Awem
[2012/01/08 08:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\ElevatedDiagnostics
[2011/06/10 01:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Ewen Chia's My Free Website Builder
[2010/05/01 21:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Garden Planner
[2011/04/03 17:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\GetRightToGo
[2011/10/23 10:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\GlarySoft
[2011/09/11 11:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\gtk-2.0
[2012/05/08 04:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\HU2011
[2011/09/11 11:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Image Zone Express
[2011/11/06 17:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Intermedia Software
[2011/03/06 10:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\iolo
[2011/09/27 20:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Neopets Toolbar
[2010/10/29 18:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\OpenOffice.org
[2010/10/10 12:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Opera
[2011/09/11 11:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Preclick
[2011/09/11 10:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Printer Info Cache
[2011/05/19 18:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\SumatraPDF
[2011/08/28 12:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Tific
[2010/08/11 12:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\VS Revo Group
[2012/05/08 03:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\WeatherBug
[2010/04/07 07:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Webshots
[2011/04/12 22:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Windows Desktop Search
[2011/07/28 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Art\Application Data\Windows Search
[2012/05/19 04:06:46 | 000,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Disk Defrag Sheduled Defragmentation.job
[2012/05/19 12:38:40 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2012/05/19 12:38:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\PC Optimizer Pro startups.job
[2012/05/19 16:11:17 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4628B742-69B3-471E-A4C8-1A2448CF0BD5}.job

========== Purity Check ==========



< End of report >
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.19.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Art :: ARTS [administrator]

5/19/2012 12:46:46 PM
mbam-log-2012-05-19 (12-46-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 215854
Time elapsed: 13 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9465644af88c5d4780221f6e14428059
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-20 12:12:35
# local_time=2012-05-19 07:12:35 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=78405
# found=6
# cleaned=6
# scan_time=8441
D:\misc install\cnet_disk-defrag-setup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\misc install\littlepdf_228.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\misc install\setup_231614.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
D:\misc install\Unlocker1.9.1.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
D:\misc install\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
D:\temp\hunt\jenkatarcade.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


I don't find a new olt log
I finally have my dsl back and am very sorry for the delay my modem went out on me thank you for your patience


  • 0

#9
Crowbar
Posted 24 May 2012 - 05:37 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
No problem about any delay, I am working on your schedule.
I'm having my instructor approve my next post so please give me a little while to get back to you.

Edited by Crowbar, 24 May 2012 - 05:39 AM.

  • 0

#10
Crowbar
Posted 24 May 2012 - 06:58 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi arwier,
Your log file looks much better.
How is your computer running now? Are the power and screensaver settings working now?
Can you go to your power settings and tell me what they are?
Control Panel
Double click Power Options
Tell me what Power Scheme you are using, and what the settings are for that scheme.

Please check your screen saver settings and tell me what they are also.
Control Panel
Double click on Display
Click on the Screen Saver tab
What are the settings here? Does the preview button work?
  • 0

Advertisements

#11
arwier
Posted 24 May 2012 - 10:07 PM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
the power scheme is home.office desktop settings are turn off monitor after 20 min;turn off hard disks, system standby, and system hybernates are all never
screensaver is webshots those settings are wait 5 min and the rest of the settings are quite numerous to list all transitions as well as show picture titles stretch to fit desktop display time 5 sec effect duration short as well as the collections to use and yes the preview does work and always did they just didn't kick in like they were supposed to maybe I didn't clarify it good enough same with the power it just didn't turn off the monitor like it should have but they are now working as expected
  • 0

#12
Crowbar
Posted 25 May 2012 - 09:10 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi arwier,
If I understand correctly, you are saying that your monitor is now shutting off as you expect it to? And your webshots screen saver is now working properly?
  • 0

#13
arwier
Posted 25 May 2012 - 11:08 AM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Yes that is correct thank you very much and if you see nothing else wrong in my logs then it seems to be fixed
  • 0

#14
Crowbar
Posted 25 May 2012 - 12:43 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Very glad to hear your issue is fixed, I would like to run MalwareBytes one time, since you already have it installed, so please hang in there with me a little bit longer. It might find some leftovers that the other scanners might not see. if this log is clean, and you are happy, then we can wrap this up.

  • Please launch MalwareBytes
  • Check for updates, or If an update is found, please update the program
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

In your next reply I would like to see:
  • MalwareBytes log

  • 0

#15
arwier
Posted 25 May 2012 - 04:48 PM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Here is the mbam log you asked for and I will hang in here as long as you wish until you are satisfied we are done


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.25.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Art :: ARTS [administrator]

5/25/2012 5:04:49 PM
mbam-log-2012-05-25 (17-04-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 220417
Time elapsed: 17 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP