Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

gdiplus.dll issues but think it is more than this [Solved]

Started by Magnolia2 , Jun 16 2012 04:49 PM

  • This topic is locked This topic is locked

#1
Magnolia2
Posted 16 June 2012 - 04:49 PM

Magnolia2

    Member

  • Member
  • PipPip
  • 33 posts
I have been using Corel PaintShop Pro X2 for over a year. I have recently installed now fonts, and added some plugins on Firefox 12. The browser hangs up on closing and opening as do many programs. Yesterday I upgraded memory from two 1-GB memory cards (came installed) and added two more PNY DDR2 1-GB memory cards.

When I went to open Corel PSP X2, it hung up on "Initializing Command Manger" and the error message was:
AppName: corel paint shop pro photo.exe
AppVer: 12.5.0.0
ModName: gdiplus.dll
ModVer: 5.2.6002.22791
Offset: 0002edde

I have uninstalled the program, and reinstalled it. Deleted 13 corrupted font files. Defrag'd and rebooted. Same error. Downloaded TuneUp and fixed 474 registry errors and some other things. Then I uninstalled TuneUp.

I downloaded the newest version of PSP X4 and it hung up on the "Initializing Command Manger" with this error message:

AppName: corel paintshop pro.exe
AppVer: 14.0.0.114
ModName: gdiplus.dll
ModVer: 5.2.6002.22791
Offset: 0002edde

I attempted to download Combofix several times but I kept getting redirected to previous pages... finally I right clicked, copied link location and put it in the browser address and was finally able to download and run the file. It deleted my Windows\System32\Cache and another folder.

I use AVG Internet Security 2012 antivirus program.

I rebooted and still could not open it. Because my computer is slow, I am guessing there is a virus or malware infection.

Please help because I really need the graphics software to work, it is my job.

Thank you ,

Sherry



OTL logfile created on: 6/16/2012 5:09:36 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Sherry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 70.36% Memory free
5.08 Gb Paging File | 4.26 Gb Available in Paging File | 83.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 329.92 Gb Free Space | 70.83% Space Free | Partition Type: NTFS
Drive D: | 288.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 37.26 Gb Total Space | 19.14 Gb Free Space | 51.36% Space Free | Partition Type: NTFS
Drive F: | 37.27 Gb Total Space | 21.23 Gb Free Space | 56.97% Space Free | Partition Type: NTFS
Drive G: | 14.83 Gb Total Space | 4.28 Gb Free Space | 28.86% Space Free | Partition Type: FAT32
Drive H: | 14.83 Gb Total Space | 0.12 Gb Free Space | 0.82% Space Free | Partition Type: FAT32
Drive J: | 7.39 Gb Total Space | 5.18 Gb Free Space | 70.01% Space Free | Partition Type: FAT32

Computer Name: MOMMA | User Name: Sherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 17:05:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sherry\Desktop\OTL.exe
PRC - [2012/06/11 20:22:32 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/06/11 20:22:30 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/05/15 22:09:08 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Sherry\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/08/21 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/08/18 16:53:48 | 000,016,712 | R--- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 19:03:51 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012/06/11 20:22:33 | 000,132,664 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/06/11 20:22:32 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
MOD - [2012/06/11 20:22:30 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/05/29 17:51:34 | 003,417,376 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_80c2ffa.dll
MOD - [2012/05/15 22:09:07 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2008/08/18 16:53:48 | 000,016,712 | R--- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2012/06/11 20:22:32 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/05/29 17:51:34 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/05/15 22:09:07 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Sherry\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2010/11/08 16:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 16:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/17 20:06:56 | 000,069,178 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/25 01:18:32 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/06/17 16:49:22 | 004,756,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-re...q={searchTerms}
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-04-16 21:47:21&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...{language}&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...7:21&sap=ku&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sherry\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sherry\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/17 19:56:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/17 19:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/11 08:41:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/27 09:39:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.7\ [2012/06/16 13:05:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/15 22:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/17 16:29:10 | 000,000,000 | ---D | M]

[2011/08/19 13:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherry\Application Data\Mozilla\Extensions
[2012/06/16 13:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions
[2012/03/29 18:59:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/31 07:15:13 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/06/02 12:10:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/03/15 03:18:22 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]
[2012/05/17 23:35:25 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]
[2012/05/17 23:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/10 14:28:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/16 13:05:47 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\11.1.0.7
[2012/05/28 14:32:14 | 000,222,562 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BFNMC7XF.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
[2012/06/02 12:10:36 | 000,089,408 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BFNMC7XF.DEFAULT\EXTENSIONS\{B6F3913D-D2E8-480C-9ACA-C41D3D4C1DB3}.XPI
[2012/06/02 12:10:36 | 000,003,714 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BFNMC7XF.DEFAULT\EXTENSIONS\{C2921BAA-9930-4D73-A203-F69DB688F139}.XPI
[2012/05/18 16:38:08 | 000,088,908 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BFNMC7XF.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
[2012/06/02 12:10:35 | 000,246,025 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BFNMC7XF.DEFAULT\EXTENSIONS\[email protected]
[2012/06/02 12:10:35 | 000,026,302 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BFNMC7XF.DEFAULT\EXTENSIONS\[email protected]
[2011/10/27 16:30:27 | 000,550,833 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BFNMC7XF.DEFAULT\EXTENSIONS\[email protected]
[2012/06/02 12:10:36 | 000,015,824 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BFNMC7XF.DEFAULT\EXTENSIONS\[email protected]
[2011/10/15 23:01:42 | 000,025,950 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BFNMC7XF.DEFAULT\EXTENSIONS\[email protected]
[2012/01/03 12:40:13 | 000,330,316 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BFNMC7XF.DEFAULT\EXTENSIONS\[email protected]
[2012/06/08 21:48:21 | 000,356,956 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BFNMC7XF.DEFAULT\EXTENSIONS\[email protected]
[2012/06/15 01:56:34 | 000,007,838 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BFNMC7XF.DEFAULT\EXTENSIONS\[email protected]
[2011/11/09 16:23:11 | 000,008,001 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BFNMC7XF.DEFAULT\EXTENSIONS\[email protected]
[2012/06/02 12:10:36 | 000,014,186 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BFNMC7XF.DEFAULT\EXTENSIONS\[email protected]
[2012/06/02 12:10:36 | 000,004,404 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BFNMC7XF.DEFAULT\EXTENSIONS\[email protected]
[2012/04/27 09:39:12 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/06/11 08:41:27 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/02/22 10:36:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/15 15:11:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/05/15 22:09:08 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/22 10:36:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/11 20:22:28 | 000,003,693 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/05/15 22:09:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/19 13:11:33 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/05/15 22:09:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Sherry\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Sherry\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Sherry\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Sherry\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Sherry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Sherry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Sherry\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Sherry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Sherry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Sherry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Toolbars = C:\Documents and Settings\Sherry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Documents and Settings\Sherry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/16 15:58:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Sherry\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Sherry\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Sherry\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Sherry\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: netflix.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: netflix.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: netflix.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B01C9604-49A9-4A31-821C-2FA82ACC00AC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sherry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sherry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/11 12:11:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/11/03 23:33:48 | 000,000,029 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/16 17:05:57 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sherry\Desktop\OTL.exe
[2012/06/16 16:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherry\My Documents\Corel PaintShop Pro
[2012/06/16 16:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherry\Local Settings\Application Data\Corel PaintShop Pro
[2012/06/16 16:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Corel PaintShop Pro X4
[2012/06/16 16:18:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/06/16 16:12:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/16 15:31:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/16 15:29:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/16 15:29:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/16 15:29:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/16 15:29:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/16 15:28:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/16 15:28:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sherry\My Documents\My Videos
[2012/06/16 15:28:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/06/16 15:27:36 | 004,559,503 | R--- | C] (Swearware) -- C:\Documents and Settings\Sherry\Desktop\ComboFix.exe
[2012/06/16 13:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Corel Paint Shop Pro Photo X2
[2012/06/16 13:10:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/06/16 13:09:24 | 000,000,000 | ---D | C] -- C:\CorelPainterPhotoEssentials4
[2012/06/16 13:09:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/06/16 13:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Design Manager
[2012/06/16 10:17:28 | 295,206,264 | ---- | C] (Acresso Software Inc.) -- C:\Documents and Settings\Sherry\Desktop\PSPX4_TBYB30EN.exe
[2012/06/14 23:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherry\Application Data\TuneUp Software
[2012/06/14 23:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/06/12 12:06:11 | 000,000,000 | ---D | C] -- C:\Program Files\Design Manager
[2012/06/11 08:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/06/08 23:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/06/08 22:10:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Oil Can
[2012/06/08 22:10:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Haymaker
[2012/06/08 22:10:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Governor
[2012/06/08 22:10:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Canaveral
[2012/06/08 22:10:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Bender
[2012/06/08 22:10:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Airship
[2012/06/07 16:02:43 | 000,000,000 | ---D | C] -- C:\CameraMemoryCardDump_7Jun2012
[2012/06/04 17:44:18 | 000,000,000 | ---D | C] -- C:\GuineaPigs
[2012/05/22 15:04:32 | 000,000,000 | ---D | C] -- C:\LucyTagTutorial
[2012/05/22 12:48:18 | 000,000,000 | ---D | C] -- C:\CorelPSP-X
[2012/05/22 08:29:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Cartoon Style Letters Vector Set
[2012/05/20 16:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherry\Application Data\FileZilla
[2012/05/20 16:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2012/05/20 16:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/05/20 16:13:01 | 000,000,000 | ---D | C] -- C:\FileZilla
[2012/01/04 00:20:40 | 006,950,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[2011/08/22 07:43:19 | 406,919,696 | ---- | C] (Acresso Software Inc. ) -- C:\Program Files\CorelPainter12_TBYB_EN.exe
[2011/08/19 02:33:25 | 065,987,368 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\CorelPainterEssentials4TBYBEN.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/16 17:05:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sherry\Desktop\OTL.exe
[2012/06/16 16:43:20 | 100,520,484 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/06/16 16:20:25 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Corel PaintShop Pro X4.lnk
[2012/06/16 16:15:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/16 16:14:43 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/16 16:14:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/16 16:11:49 | 000,003,350 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2012/06/16 16:11:49 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\FE762073CF.sys
[2012/06/16 15:58:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/16 15:31:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/16 15:27:42 | 004,559,503 | R--- | M] (Swearware) -- C:\Documents and Settings\Sherry\Desktop\ComboFix.exe
[2012/06/16 12:45:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/16 12:45:04 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3240264975-1964901538-269542980-1007UA.job
[2012/06/16 12:45:04 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3240264975-1964901538-269542980-1007Core.job
[2012/06/16 10:24:39 | 295,206,264 | ---- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Sherry\Desktop\PSPX4_TBYB30EN.exe
[2012/06/16 10:00:48 | 000,002,075 | ---- | M] () -- C:\Documents and Settings\Sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro Photo X2.lnk
[2012/06/16 10:00:48 | 000,002,057 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Corel Paint Shop Pro Photo X2.lnk
[2012/06/16 08:09:16 | 001,222,084 | ---- | M] () -- C:\Documents and Settings\Sherry\My Documents\Me_Shannon_Keith1967Bmt.png
[2012/06/15 20:42:51 | 000,155,501 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/06/15 08:38:40 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\Google Chrome.lnk
[2012/06/15 08:38:40 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/15 01:02:08 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\Corel Painter 8.lnk
[2012/06/14 20:54:51 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/06/14 20:51:07 | 002,151,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 23:05:09 | 000,546,504 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 23:05:09 | 000,097,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 21:05:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/12 12:09:44 | 000,004,601 | ---- | M] () -- C:\WINDOWS\xnview.ini
[2012/06/12 12:06:11 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\Dover.lnk
[2012/06/12 12:06:11 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\Design Manager.lnk
[2012/06/11 08:41:28 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/06/10 14:28:13 | 000,034,764 | ---- | M] () -- C:\Documents and Settings\Sherry\Local Settings\Application Data\dt.dat
[2012/06/08 23:37:58 | 000,001,029 | ---- | M] () -- C:\Documents and Settings\Sherry\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/08 23:37:35 | 000,001,015 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\Dropbox.lnk
[2012/06/04 11:55:27 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Sherry\Desktop\Microsoft Office Word 2007.lnk
[2012/06/01 20:17:40 | 000,251,860 | ---- | M] () -- C:\GoogleBlockingRonPaulSite.jpg
[2012/05/28 12:43:02 | 000,625,911 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2012/05/27 09:16:56 | 000,267,264 | ---- | M] () -- C:\Documents and Settings\Sherry\My Documents\AddressLabels-Mom.pub
[2012/05/20 16:14:52 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/16 16:20:25 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Corel PaintShop Pro X4.lnk
[2012/06/16 16:11:49 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\FE762073CF.sys
[2012/06/16 15:31:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/16 15:31:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/16 15:29:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/16 15:29:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/16 15:29:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/16 15:29:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/16 15:29:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/16 10:00:48 | 000,002,075 | ---- | C] () -- C:\Documents and Settings\Sherry\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro Photo X2.lnk
[2012/06/16 10:00:48 | 000,002,057 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Corel Paint Shop Pro Photo X2.lnk
[2012/06/16 08:09:16 | 001,222,084 | ---- | C] () -- C:\Documents and Settings\Sherry\My Documents\Me_Shannon_Keith1967Bmt.png
[2012/06/14 20:54:49 | 000,001,029 | ---- | C] () -- C:\Documents and Settings\Sherry\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/14 20:54:49 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Sherry\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/06/14 20:54:49 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Sherry\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/06/12 12:09:43 | 000,004,601 | ---- | C] () -- C:\WINDOWS\xnview.ini
[2012/06/12 12:06:11 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\Sherry\Desktop\Dover.lnk
[2012/06/12 12:06:11 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Sherry\Start Menu\Programs\Design Manager.lnk
[2012/06/12 12:06:11 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Sherry\Desktop\Design Manager.lnk
[2012/06/10 14:28:13 | 000,034,764 | ---- | C] () -- C:\Documents and Settings\Sherry\Local Settings\Application Data\dt.dat
[2012/06/01 20:17:40 | 000,251,860 | ---- | C] () -- C:\GoogleBlockingRonPaulSite.jpg
[2012/05/31 21:40:19 | 000,002,622 | ---- | C] () -- C:\WINDOWS\Fonts\1ST_READ.COM
[2012/05/27 09:16:56 | 000,267,264 | ---- | C] () -- C:\Documents and Settings\Sherry\My Documents\AddressLabels-Mom.pub
[2012/05/20 16:14:52 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2012/02/15 01:58:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/29 09:26:43 | 000,161,907 | ---- | C] () -- C:\WINDOWS\DP Animation Maker Uninstaller.exe
[2011/09/23 22:19:48 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/09/10 08:32:41 | 000,000,011 | ---- | C] () -- C:\WINDOWS\3DShadow.INI
[2011/08/24 03:54:07 | 000,542,390 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3240264975-1964901538-269542980-1007-0.dat
[2011/08/24 03:54:06 | 000,271,334 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/08/23 01:53:18 | 000,160,595 | ---- | C] () -- C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
[2011/08/22 06:11:28 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[2011/08/21 23:06:22 | 000,044,544 | ---- | C] () -- C:\WINDOWS\AWuninstall.exe
[2011/08/19 03:06:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/08/19 02:42:56 | 000,003,350 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/08/16 20:25:21 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/08/16 20:25:21 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/08/16 20:25:21 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/08/16 20:25:21 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/08/16 20:25:21 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/08/16 20:25:21 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/08/16 20:25:21 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/08/16 20:25:21 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/08/16 20:25:21 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/08/16 20:25:21 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/08/16 20:25:21 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/08/16 20:25:21 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/08/16 20:25:21 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/08/16 20:25:21 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/08/16 20:25:21 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/08/16 20:25:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/08/16 20:24:01 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2011/08/16 18:43:50 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Sherry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/15 07:46:02 | 014,454,784 | ---- | C] () -- C:\WINDOWS\System32\common_res.dll

========== LOP Check ==========

[2011/08/23 00:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alien Skin
[2012/06/11 20:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/04/16 22:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/08/19 13:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/08/19 03:17:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/16 20:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/06/16 16:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/02/17 22:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redfield
[2012/06/14 23:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/06/16 13:09:10 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/12/30 04:50:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
[2011/11/28 21:21:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7D1F40B1-FDA9-48B3-9A00-C43B98B6061B}
[2011/10/24 22:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\Alien Skin
[2011/08/21 22:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\AMPSoft
[2012/04/16 21:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\AVG Secure Search
[2012/04/16 21:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\AVG2012
[2012/06/16 16:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\Dropbox
[2011/12/26 15:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\FamilyTreeMaker
[2012/06/08 14:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\FileZilla
[2011/09/05 22:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\FontCreator
[2011/08/22 05:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\Foxit Software
[2011/12/19 00:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\ImgBurn
[2011/11/03 12:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\inkscape
[2011/08/22 11:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\Jasc
[2011/12/14 23:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\ooVoo Details
[2011/10/11 02:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\Software Informer
[2011/12/04 01:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\TSRWorkshop
[2012/06/14 23:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\TuneUp Software
[2011/11/19 23:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherry\Application Data\uTorrent

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Render
Posted 24 June 2012 - 09:09 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Please remove those two newly installed memory modules and see if you can run program in question.

NEXT...

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#3
Magnolia2
Posted 24 June 2012 - 09:19 AM

Magnolia2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Thank you! I have not resolved the issue. I downloaded and extracted a gdiplus.dll to the Windows\System32 folder. I rebooted, went to Run and typed in "regsvr32 gdiplus.dll". I got a pop up message stating the gdiplus.dll was loaded but the DllRegisterServer did not register it because the entry point was not found. This was a few days ago.

Let me remove the 2 memory modules and see... and then proceed as you suggested if that doesn't solve the problem.
  • 0

#4
Render
Posted 24 June 2012 - 09:20 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes please.
  • 0

#5
Magnolia2
Posted 24 June 2012 - 10:27 AM

Magnolia2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Removing the additional memory cards had no effect. Still getting the error on the PSP

AppName: corel paint shop pro photo.exe
AppVer: 12.5.0.0
ModName: gdiplus.dll
ModVer: 5.2.6002.22791
Offset: 0002edde

Should I reinstall the memory cards before running aswMBR.exe ?

Edited by Magnolia2, 24 June 2012 - 10:28 AM.

  • 0

#6
Render
Posted 24 June 2012 - 10:46 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Yes, you can install memory modules back in.

Googling... it seems this is a common problem. Is most likely caused by a corrupt font(s). If you added fonts or software containing fonts shortly before the issue started, the first place to start is to delete those fonts or the fonts added by the software and see if the error goes away.

Please try to do this above first and if problem will not be resolved then proceed with this:

From the Start menu open your Computer
You should see something like this:

Posted Image

Right click your system partition (usually C) and select Properties

Posted Image

Select Tools tab and then Check now...
The second window will popup
Ensure you have ticks in both boxes
Then click Start
Windows will schedule it for the next boot
Reboot

Once that has completed:

Go to Start > All Programs > Accessories
Right click Command Prompt and select Run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot

Let me know then if there is any improvement
  • 0

#7
Magnolia2
Posted 24 June 2012 - 02:01 PM

Magnolia2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
If you had read my initial posting, you will see that I deleted 13 corrupt font files.... I have researched the issue thoroughly before coming here.

The problem is that the DllRegisterServer can not register the gdiplus.dll because the entry point is missing.

Sorry to bother you.

We are finished here.
  • 0

#8
Render
Posted 24 June 2012 - 04:51 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
As you wish. :)

I recommend you to proceed with disk check and sfc scan.
  • 0

#9
Magnolia2
Posted 24 June 2012 - 06:53 PM

Magnolia2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I did and it produced nothing.....
  • 0

#10
Render
Posted 25 June 2012 - 04:43 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
That's good. Please proceed with aswMBR scan now.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

Advertisements

#11
Magnolia2
Posted 25 June 2012 - 02:34 PM

Magnolia2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-25 15:07:03
-----------------------------
15:07:03.343 OS Version: Windows 5.1.2600 Service Pack 3
15:07:03.343 Number of processors: 2 586 0x403
15:07:03.343 ComputerName: MOMMA UserName:
15:07:06.000 Initialize success
15:08:47.593 AVAST engine defs: 12062500
15:08:54.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
15:08:54.421 Disk 0 Vendor: ST3750640NS 3.AEH Size: 715404MB BusType: 3
15:08:54.437 Disk 0 MBR read successfully
15:08:54.437 Disk 0 MBR scan
15:08:54.468 Disk 0 unknown MBR code
15:08:54.468 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
15:08:54.468 Disk 0 scanning sectors +976768065
15:08:54.546 Disk 0 scanning C:\WINDOWS\system32\drivers
15:08:59.781 Service scanning
15:09:12.109 Modules scanning
15:09:14.640 Disk 0 trace - called modules:
15:09:14.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:09:14.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae9cab8]
15:09:14.656 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000069[0x8aef2f18]
15:09:14.656 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8aeecd98]
15:09:15.671 AVAST engine scan C:\WINDOWS
15:09:24.093 AVAST engine scan C:\WINDOWS\system32
15:11:35.656 AVAST engine scan C:\WINDOWS\system32\drivers
15:11:56.312 AVAST engine scan C:\Documents and Settings\Sherry
15:23:47.312 AVAST engine scan C:\Documents and Settings\All Users
15:27:16.875 Scan finished successfully
15:31:47.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sherry\Desktop\MBR.dat"
15:31:47.453 The log file has been saved successfully to "C:\Documents and Settings\Sherry\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   631bytes   129 downloads

  • 0

#12
Render
Posted 25 June 2012 - 02:45 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

aswMBR log looks good.

Please post Combofix's log. Usually you can find it here: C:\ComboFix.txt

NEXT...

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#13
Magnolia2
Posted 25 June 2012 - 03:30 PM

Magnolia2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
ComboFix 12-06-25.03 - Sherry 06/25/2012 15:57:26.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3319.2744 [GMT -5:00]
Running from: c:\documents and settings\Sherry\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\FE762073CF.sys
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\chrome.manifest
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\chrome\content\background.html
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\chrome\content\browser.xul
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\chrome\content\crossrider.js
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\chrome\content\crossriderapi.js
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\chrome\content\dialog.js
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\chrome\content\lib\faye-browser-min.js
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\chrome\content\manage-apps-style.css
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\chrome\content\manage-apps.html
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\chrome\content\messaging.js
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\chrome\content\options.js
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\chrome\content\options.xul
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\chrome\content\push.html
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\chrome\content\search_dialog.xul
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\chrome\content\update.html
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\defaults\preferences\prefs.js
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\install.rdf
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\locale\en-US\translations.dtd
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\skin\button1.png
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\skin\button2.png
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\skin\button3.png
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\skin\button4.png
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\skin\button5.png
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\skin\crossrider_statusbar.png
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\skin\icon128.png
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\skin\icon16.png
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\skin\icon24.png
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\skin\icon48.png
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\skin\panelarrow-up.png
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\skin\popup.css
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\skin\popup.html
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\skin\popup_binding.xml
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\skin\skin.css
c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\extensions\[email protected]\skin\update.css
c:\documents and settings\Sherry\Local Settings\Application Data\I Want This
c:\documents and settings\Sherry\Local Settings\Application Data\I Want This\Chrome\I Want This.crx
c:\program files\I Want This
c:\program files\I Want This\I Want This.dll
c:\program files\I Want This\I Want This.exe
c:\program files\I Want This\I Want This.ico
c:\program files\I Want This\I Want This.ini
c:\program files\I Want This\I Want ThisGui.exe
c:\program files\I Want This\I Want ThisInstaller.log
c:\program files\I Want This\Uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-24 15:48 . 2012-06-24 15:48 -------- d-----w- c:\program files\Common Files\Protexis
2012-06-20 06:06 . 2012-06-20 06:20 -------- d-----w- c:\documents and settings\Sherry\Application Data\gtk-2.0
2012-06-20 06:05 . 2012-06-20 06:05 -------- d-----w- c:\documents and settings\Sherry\.thumbnails
2012-06-20 06:01 . 2012-06-23 03:25 -------- d-----w- c:\documents and settings\Sherry\.gimp-2.4
2012-06-20 05:59 . 2012-06-20 06:00 -------- d-----w- c:\program files\GIMP-2.0
2012-06-19 22:35 . 2012-06-19 22:35 4967624 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-18 22:40 . 2012-06-18 22:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-18 22:40 . 2012-06-18 22:40 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-17 22:21 . 2012-06-21 11:30 56 --sh--r- c:\windows\system32\CF732076FE.sys
2012-06-17 22:15 . 2012-06-17 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2012-06-17 22:14 . 2012-06-21 11:30 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-06-17 22:12 . 2005-04-04 04:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-06-17 22:12 . 2005-04-04 04:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-06-17 22:12 . 2005-04-04 04:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-06-17 22:12 . 2005-04-04 03:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-06-17 22:12 . 2012-06-17 22:12 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-06-17 22:12 . 2005-04-04 04:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-06-17 22:12 . 2012-06-17 22:12 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-06-17 22:08 . 2012-06-17 22:11 -------- d-----w- c:\documents and settings\Sherry\Application Data\Download Manager
2012-06-17 19:57 . 2012-06-17 19:57 -------- d-----w- c:\windows\system32\wbem\mof\good
2012-06-17 19:57 . 2012-06-17 19:57 -------- d-----w- c:\windows\system32\wbem\mof\bad
2012-06-17 19:46 . 2004-05-04 16:53 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2012-06-16 18:09 . 2012-06-16 18:09 -------- d-----w- C:\CorelPainterPhotoEssentials4
2012-06-16 18:09 . 2012-06-16 18:09 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-15 04:07 . 2012-06-15 04:07 -------- d-----w- c:\documents and settings\Sherry\Application Data\TuneUp Software
2012-06-15 04:06 . 2012-06-15 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2012-06-14 00:05 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 17:06 . 2012-06-16 18:05 -------- d-----w- c:\program files\Design Manager
2012-06-09 04:37 . 2012-06-09 04:37 -------- d-----w- c:\program files\Dropbox
2012-06-07 21:02 . 2012-06-16 18:05 -------- d-----w- C:\CameraMemoryCardDump_7Jun2012
2012-06-04 22:44 . 2012-06-08 15:42 -------- d-----w- C:\GuineaPigs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 13:11 . 2011-08-19 07:42 3350 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2012-06-18 22:40 . 2011-09-12 16:11 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-14 00:03 . 2012-04-08 21:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 00:03 . 2011-08-19 21:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 20:19 . 2009-08-06 23:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2009-03-11 17:09 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2009-03-11 17:09 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2009-03-11 17:09 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2009-08-06 23:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2009-03-11 17:09 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2009-03-11 17:09 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2008-08-21 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2009-08-06 23:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2009-03-11 17:09 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2009-03-11 17:09 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2011-09-07 23:45 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2011-09-07 23:45 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18 . 2011-09-07 23:45 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-08-21 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-08-21 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2008-08-21 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2008-08-21 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-08-21 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-08-21 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2008-08-21 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-03-11 17:07 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-20 19:40 . 2012-06-09 03:10 120 ----a-w- c:\windows\Fonts\SimplytheBest Fonts.url
2012-04-19 09:50 . 2012-04-19 09:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 04:19 . 2012-06-09 03:10 373 ----a-w- c:\windows\Fonts\ReadmeVicF.txt
2012-04-06 17:36 . 2012-06-09 03:10 821 ----a-w- c:\windows\Fonts\ReadmePJL.txt
2012-01-04 05:20 . 2012-01-04 05:20 6950552 ----a-w- c:\program files\Silverlight.exe
2011-08-22 12:54 . 2011-08-22 12:43 406919696 ----a-w- c:\program files\CorelPainter12_TBYB_EN.exe
2011-08-19 07:35 . 2011-08-19 07:33 65987368 ----a-w- c:\program files\CorelPainterEssentials4TBYBEN.exe
2012-05-16 03:09 . 2011-08-19 18:52 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-06-17_20.52.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-06-16 14:59 . 2012-06-16 14:59 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2012-06-24 15:48 . 2012-06-24 15:48 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2012-06-25 18:10 . 2012-06-25 18:10 16384 c:\windows\Temp\Perflib_Perfdata_50c.dat
+ 2012-06-25 18:10 . 2012-06-25 18:10 16384 c:\windows\Temp\Perflib_Perfdata_1cc.dat
+ 2012-06-22 04:22 . 2012-06-02 20:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-06-22 04:22 . 2012-06-02 20:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2009-03-11 17:09 . 2012-06-02 20:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2009-03-11 17:09 . 2012-06-02 20:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-08-21 12:00 . 2012-06-02 20:19 97304 c:\windows\system32\dllcache\cdm.dll
+ 2012-04-27 15:59 . 2012-06-24 20:19 65536 c:\windows\Installer\{F0100437-007E-405A-8CD6-E1E38E68CE76}\ARPPRODUCTICON.exe
- 2012-04-27 15:59 . 2012-04-27 15:59 65536 c:\windows\Installer\{F0100437-007E-405A-8CD6-E1E38E68CE76}\ARPPRODUCTICON.exe
- 2012-06-16 15:00 . 2012-06-16 15:00 22486 c:\windows\Installer\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}\NewShortcut1.73D5A293_D496_4B44_B535_AA8F98088895.exe
+ 2012-06-24 15:50 . 2012-06-24 15:50 22486 c:\windows\Installer\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}\NewShortcut1.73D5A293_D496_4B44_B535_AA8F98088895.exe
+ 2002-07-25 23:13 . 2002-07-25 23:13 24576 c:\windows\Downloaded Program Files\dwusplay.dll
+ 2012-06-18 22:40 . 2012-06-18 22:40 157448 c:\windows\system32\javaws.exe
+ 2012-06-18 22:40 . 2012-06-18 22:40 149256 c:\windows\system32\javaw.exe
+ 2012-06-18 22:40 . 2012-06-18 22:40 149256 c:\windows\system32\java.exe
+ 2009-03-11 17:09 . 2012-06-02 20:19 210968 c:\windows\system32\dllcache\wuweb.dll
+ 2009-03-11 17:09 . 2012-06-02 20:19 329240 c:\windows\system32\dllcache\wucltui.dll
+ 2009-03-11 17:09 . 2012-06-02 20:19 577048 c:\windows\system32\dllcache\wuapi.dll
+ 2012-06-18 22:40 . 2012-06-18 22:40 900096 c:\windows\Installer\189a325.msi
+ 2012-06-24 15:50 . 2012-06-24 15:50 394534 c:\windows\Installer\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}\ARPPRODUCTICON.exe
+ 2005-06-10 15:44 . 2005-06-10 15:44 417792 c:\windows\Downloaded Program Files\isusweb.dll
+ 2002-07-25 23:13 . 2002-07-25 23:13 196608 c:\windows\Downloaded Program Files\dwusplay.exe
+ 2012-06-24 15:48 . 2012-06-24 15:48 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
- 2012-06-16 14:59 . 2012-06-16 14:59 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2009-03-11 08:11 . 2012-06-25 13:37 2129536 c:\windows\system32\FNTCACHE.DAT
+ 2009-03-11 17:09 . 2012-06-02 20:19 1933848 c:\windows\system32\dllcache\wuaueng.dll
+ 2012-06-18 17:42 . 2012-06-18 17:42 2208768 c:\windows\Installer\79bc66.msi
+ 2012-06-24 20:12 . 2012-06-24 20:12 1259008 c:\windows\Installer\21e9a.msi
+ 2012-06-24 15:50 . 2012-06-24 15:50 112241664 c:\windows\Installer\3f12b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 16:28 1307928 ----a-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 01:22 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Sherry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Sherry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Sherry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Sherry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\Sherry\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
.
c:\documents and settings\Sherry\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Sherry\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-8-16 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-8-21 98304]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Sherry\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Sherry\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"1039:TCP"= 1039:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/22/2012 5:25 AM 301248]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/21/2008 7:00 AM 14336]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [3/23/2012 5:57 AM 2321520]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [6/11/2012 8:22 PM 935480]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2/10/2012 11:28 AM 240408]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2/10/2012 11:28 AM 193816]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2012 10:43 AM 136176]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [6/19/2012 5:32 PM 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/31/2012 4:09 PM 158856]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2012 10:43 AM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/15/2012 10:09 PM 129976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-15 15:43]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-15 15:43]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240264975-1964901538-269542980-1007Core.job
- c:\documents and settings\Sherry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-15 23:32]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240264975-1964901538-269542980-1007UA.job
- c:\documents and settings\Sherry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-15 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: netflix.com
Trusted Zone: netflix.com \www
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Sherry\Application Data\Mozilla\Firefox\Profiles\bfnmc7xf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B084689e8-756d-4fd2-9ecf-e4d1e833916a%7D&mid=&ds=AVG&v=11.1.0.7&lang=en&pr=pr&d=2012-04-16%2021%3A47%3A21&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc - BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110011221158} - c:\program files\I Want This\I Want This.dll
AddRemove-I Want This - c:\program files\I Want This\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-25 16:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
.
Completion time: 2012-06-25 16:10:12
ComboFix-quarantined-files.txt 2012-06-25 21:10
ComboFix2.txt 2012-06-17 20:58
ComboFix3.txt 2012-06-16 21:05
.
Pre-Run: 351,130,648,576 bytes free
Post-Run: 351,300,202,496 bytes free
.
- - End Of File - - EDE4F8DA96ABAA8EAD1D6C2B90172DB8
  • 0

#14
Magnolia2
Posted 25 June 2012 - 03:37 PM

Magnolia2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000002fd

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltMgr.sys
0xB9ED9000 sr.sys
0xB9EC2000 KSecDD.sys
0xB9E35000 Ntfs.sys
0xB9E08000 NDIS.sys
0xB9DEE000 Mup.sys
0xBA338000 avgrkx86.sys
0xBA4BC000 avgidshx.sys
0xB9372000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB935E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9336000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9307000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB92E3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA298000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB92CF000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA574000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB92AC000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA580000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\avgfwdx.sys
0xBA682000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA588000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9295000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA308000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA318000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9284000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA108000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA400000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9254000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA118000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB9237000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xB921F000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xBA5D8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB91C1000 \SystemRoot\system32\DRIVERS\update.sys
0xBA5A4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA138000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA408000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xA8C26000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA8C02000 \SystemRoot\system32\drivers\portcls.sys
0xBA158000 \SystemRoot\system32\drivers\drmk.sys
0xBA178000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5E2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA188000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xBA5E4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA762000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5E6000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA418000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA420000 \SystemRoot\System32\drivers\vga.sys
0xBA5E8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5EA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA428000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA430000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA56C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8ADF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8A86000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8A3E000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xA8A18000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA90F9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA198000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA89F0000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA90F1000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA89CE000 \SystemRoot\System32\drivers\afd.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA89A3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA890B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA1E8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA777000 \SystemRoot\System32\Drivers\BANTExt.sys
0xA88D3000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA450000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA8B5E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA8B56000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xBA458000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA460000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA228000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8887000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA886F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA65E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA8997000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA348000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA752000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D9000 \SystemRoot\System32\igxpdx32.DLL
0xBF459000 \SystemRoot\System32\ATMFD.DLL
0xA8753000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA84EA000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8527000 \SystemRoot\system32\drivers\sysaudio.sys
0xA85C7000 \SystemRoot\system32\DRIVERS\avgidsshimx.sys
0xA80AA000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\avgidsfilterx.sys
0xA7C4E000 \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
0xA74B2000 \SystemRoot\System32\Drivers\HTTP.sys
0xA81BA000 \??\C:\DOCUME~1\Sherry\LOCALS~1\Temp\aswMBR.sys
0xBA5BE000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xA7D6E000 \??\C:\DOCUME~1\Sherry\LOCALS~1\Temp\catchme.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 45):
0 System Idle Process
4 System
880 C:\WINDOWS\system32\smss.exe
976 csrss.exe
1000 C:\WINDOWS\system32\winlogon.exe
1044 C:\WINDOWS\system32\services.exe
1056 C:\WINDOWS\system32\lsass.exe
1248 C:\WINDOWS\system32\svchost.exe
1332 svchost.exe
1456 C:\WINDOWS\system32\svchost.exe
1616 svchost.exe
1704 svchost.exe
1880 C:\WINDOWS\system32\spoolsv.exe
460 C:\WINDOWS\system32\svchost.exe
480 C:\Program Files\AVG\AVG2012\avgfws.exe
612 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
1292 C:\Program Files\Java\jre6\bin\jqs.exe
1436 C:\Program Files\Common Files\Motive\McciCMService.exe
128 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
420 C:\WINDOWS\system32\svchost.exe
604 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
2244 C:\WINDOWS\RTHDCPL.exe
2284 C:\WINDOWS\system32\igfxtray.exe
2336 C:\WINDOWS\system32\hkcmd.exe
2368 C:\WINDOWS\system32\igfxpers.exe
2376 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2388 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
2412 C:\Program Files\AVG\AVG2012\avgtray.exe
2444 C:\WINDOWS\system32\igfxsrvc.exe
2452 C:\Program Files\AVG Secure Search\vprot.exe
2460 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2468 C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2500 C:\WINDOWS\system32\ctfmon.exe
2776 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2824 alg.exe
2440 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
3680 C:\WINDOWS\system32\notepad.exe
3620 C:\WINDOWS\explorer.exe
3728 C:\Program Files\AVG\AVG2012\avgidsagent.exe
3568 C:\Program Files\AVG\AVG2012\avgemcx.exe
168 C:\Program Files\AVG\AVG2012\avgnsx.exe
852 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
3252 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
748 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
3460 C:\Documents and Settings\Sherry\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000009`50a60000 (NTFS)

PhysicalDrive0 Model Number: ST3750640NS, Rev: 3.AEH
PhysicalDrive1 Model Number: WD800BB External, Rev: 0602

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: 85562D13BAA03F4C14EFB9AADC58F7B3382DCF47
74 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 2109F29445E77C0BCB56987F39830EB288D04575


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#15
Render
Posted 25 June 2012 - 03:41 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Logs looks good.

If you have Windows XP setup CD I would suggest system repair as described bellow:

We will do system repair. Don't worry system repair won't delete your data, installed programs, personal information, or settings. It just repairs the operating system!
Please, have your Windows XP CD-KEY ready.

  • Boot from your Windows XP CD. Insert the Windows XP CD into your computer's CD-ROM or DVD-ROM drive, and then restart your computer.
  • When the "Press any key to boot from CD" message appears on the screen, press a key to start your computer from the Windows XP CD.

    NOTE: If computer does not boot from CD you must change device boot order in BIOS. Read here for more information.

  • A blue screen will appear and begin loading Windows XP Setup from the CD.
  • When completed loading files, you will be presented with the following "Windows Setup" screen, and your first option. Select "To set up Windows XP now, press ENTER". DO NOT select Recovery Console.

    Posted Image

  • When presented with the screen below. press the F8 key to continue.

    Posted Image

  • Next, Windows Setup will find existing Windows XP installations. You will be asked to repair an existing XP installation, or install a fresh copy of Windows XP.
  • Press the R key.

    Posted Image

  • Windows XP will appear to be installing itself for the first time, but it will retain all of your data and settings.
  • Follow the instructions that appear on the screen to reinstall Windows XP. After you repair Windows XP, you may have to reactivate your copy of Windows XP.
  • Let me know if the problem has been solved.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP