Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP .. "trojan horse patched_c.LZI" problem [Solved]

Started by materelli , Aug 03 2012 08:33 AM

  • This topic is locked This topic is locked

#16
materelli
Posted 03 August 2012 - 02:04 PM

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Once i have done the fix and the log has saved onto flash , do i boot from the flash drive OR do i go back into setup and change boot order to "hardrive" and restart from there ?
  • 0

Advertisements

#17
Essexboy
Posted 03 August 2012 - 02:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Reset the boot order or just remove the flash drive on reboot
  • 0

#18
materelli
Posted 03 August 2012 - 02:29 PM

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Seems like my laptop has gone AWOL (without van dammes bad acting).

I tried to boot as before but i again i kept getting the black screen and white cursor, i tried a couple more times. then i noticed it kept saying "resuming windows" and i thought thats strange as i hadn`t told the laptop to hibernate etc ..

So i powered down the laptop and took the battrey out.

I then went to boot as normal only this time i get "launch startup repair" or "boot windows normally".

I tried "boot normally" and it took me to chckdisk, which i cancelled. It then went to load but to the hellish blue screen and from what i make out something about the system32 file not being there?

Over to you ....
  • 0

#19
Essexboy
Posted 03 August 2012 - 02:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
First launch startup repair and then if the blue screen returns let me know what file it is referencing
  • 0

#20
materelli
Posted 03 August 2012 - 02:58 PM

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
hallelujah, I can see my desktop again! After a couple of startup repairs it`s loaded as normal.

Unfortunately another AVG "trojan horse pathced _c.LZI" warning came up.

What now boss ?
  • 0

#21
Essexboy
Posted 03 August 2012 - 03:00 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we now tread more gently I feel... But the one consolation is that the recovery console is now installed on your system

OK we will start again with a fresh OTL scan .. Ensure all users is selected please. Also does AVG give a file name and location
  • 0

#22
materelli
Posted 03 August 2012 - 04:16 PM

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
AVG says the file is named - "C:\Windows\System32\services.exe" however when i click on details it says
process name: "C:\Windows\System32\svchost.exe"
process ID: 1120

Then another AVG warning with the same file name ""C:\Windows\System32\services.exe" but different process name ..
process name: "C:\Users\Materelli\Desktop\OTL.exe"
process ID: 2884

I ran the OTL however no "extras.txt" was produced only the "otl.txt" ...

OTL logfile created on: 03/08/2012 22:12:03 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Materelli\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.99 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 63.23% Memory free
13.67 Gb Paging File | 11.80 Gb Available in Paging File | 86.33% Paging File free
Paging file location(s): c:\pagefile.sys 10000 40000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 103.11 Gb Free Space | 36.38% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.94 Gb Free Space | 47.37% Space Free | Partition Type: NTFS
Drive E: | 148.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MATERELLI-PC | User Name: Materelli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/03 13:12:00 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Materelli\Desktop\OTL.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/05/14 17:25:30 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/02/23 20:29:43 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/10 13:31:52 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2009/07/23 11:15:59 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 19:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/19 19:36:44 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/06/19 19:36:27 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/06/19 19:36:26 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/06/19 19:36:26 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/06/19 19:36:26 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011/11/20 19:32:12 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/11 07:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/04/11 07:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/26 03:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/10/24 18:17:36 | 001,431,824 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/10/24 17:57:38 | 000,840,976 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/19 17:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/19 17:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 19:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/08/02 21:05:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 19:43:31 | 000,241,664 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Freenet\bin\wrapper-windows-x86-32.exe -- (freenet)
SRV - [2009/03/30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/02/29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/11/01 00:45:16 | 008,399,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETwNv64.sys -- (NETwNv64)
DRV:64bit: - [2011/10/26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2011/10/26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/10/26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/26 02:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/11 16:26:04 | 000,072,280 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/04/29 14:15:42 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREdrv.sys -- (SBRE)
DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SBFWIM.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sbfwim.sys -- (SBFWIMCL)
DRV:64bit: - [2011/02/03 13:36:49 | 000,464,464 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv10.sys -- (acedrv10)
DRV:64bit: - [2011/02/03 13:36:49 | 000,229,664 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acehlp10.sys -- (acehlp10)
DRV:64bit: - [2010/07/12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 17:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009/04/11 06:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/19 17:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008/12/21 18:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/11/25 15:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/10/28 16:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/10/07 18:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2008/09/15 18:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/09/15 18:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/15 18:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/01/21 03:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV - [2011/06/02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0F2D630A-1FF6-4A81-BCA1-71E9054BB3CB}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0F2D630A-1FF6-4A81-BCA1-71E9054BB3CB}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...omplete=1&hl=en
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\..\SearchScopes\{6F198424-0A4A-453B-A959-ECC9D076E4C1}: "URL" = http://search.avg.co...}&ychte=uk&nt=1
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 71.68.37.101:80


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/07 04:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/19 20:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/06 11:29:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/06 11:29:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/04 06:52:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/04 06:52:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 11:50:49 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/08/03 16:52:31 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1307751917-322223060-3447154212-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1307751917-322223060-3447154212-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.5.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4092ADC-5C83-48E9-8CEA-1F4B0BF537BC}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Tranportation_1920x1200.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Tranportation_1920x1200.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/04 06:44:05 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/08/03 19:17:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/03 19:04:49 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/08/03 17:57:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/03 16:11:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/03 13:35:41 | 004,724,629 | ---- | C] (Swearware) -- C:\Users\Materelli\Desktop\ComboFix.exe
[2012/08/03 13:18:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Materelli\Desktop\aswMBR.exe
[2012/08/03 13:11:50 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Materelli\Desktop\OTL.exe
[2012/08/03 00:12:24 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{801465AB-2476-43CC-8549-F60B98A2EB33}
[2012/08/03 00:11:26 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E4F7436B-D03E-4604-ADDA-53DD9894BBC5}
[2012/08/02 12:11:10 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{C46A218D-72E5-4641-BFA2-8F0F3CBB2FC0}
[2012/08/02 12:09:22 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{5BE2BF59-B7F6-4875-ADE1-7036CC23F2B7}
[2012/08/01 23:25:33 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{DB0F3EAD-CCC0-4E78-8EB1-2C462DEC4457}
[2012/08/01 23:24:31 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E88083EF-4B2B-4AE5-8C26-012B8312E3F8}
[2012/08/01 11:23:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E9A2362F-152C-426A-A537-4C5616D668DD}
[2012/08/01 11:22:38 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D2241968-2209-4310-9040-D1D921642B1C}
[2012/07/31 15:21:35 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{53CA325B-28C8-4386-B222-2B7E3922B8C3}
[2012/07/31 15:20:37 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D0080AD8-735E-4617-B95D-D5106B1B3DA4}
[2012/07/31 01:43:32 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E22CD375-006A-4FCE-B2E4-1CEE2BA4D785}
[2012/07/31 01:42:59 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D11A6918-0321-4833-B883-3C8BFA5108E8}
[2012/07/30 14:06:08 | 000,000,000 | ---D | C] -- C:\Users\Materelli\Desktop\removable disk
[2012/07/30 13:42:44 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D6BC594F-D069-4D7B-A387-D66183524822}
[2012/07/30 13:42:29 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D74E012B-3D00-4665-972C-55DE2F9B5C2A}
[2012/07/30 01:42:11 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9D7748E0-3D10-48D6-9456-628714F7BD87}
[2012/07/30 01:41:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{CE2848C2-1949-498B-AA2D-38DC66F595EC}
[2012/07/29 13:41:33 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E7E94CB8-6CFE-4ABF-9819-4EFCA9DA2405}
[2012/07/29 13:38:41 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{7EC2A923-B30A-418A-B2D7-74B93C0CF16F}
[2012/07/29 00:22:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{751CD0F9-4A0F-4933-947A-3F14056306EA}
[2012/07/28 12:22:09 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{99A19B08-E02C-4915-9552-0ECE582A428D}
[2012/07/28 12:20:22 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D1B9B632-A3DD-4991-93AF-8EC43B733244}
[2012/07/28 00:19:53 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4D02B297-94C7-42FE-BB95-BB19D541EE02}
[2012/07/27 12:19:02 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{037A732E-70C9-4C8B-BE1F-5945BEA2AFE2}
[2012/07/27 12:17:19 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{86E90A88-7A07-42E6-AA90-A08CBBE3A37C}
[2012/07/26 22:01:28 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{0D331859-206B-4ED5-B531-7482DBACAF3B}
[2012/07/26 12:50:54 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{8376892A-DE8F-4AE8-BB6C-ED26EA0324CD}
[2012/07/25 23:30:33 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{CB0D7B32-3D0D-4B48-82DC-D9A022CF15E8}
[2012/07/25 23:30:14 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{7BCB3858-29FC-448B-94B3-42098E00E6B2}
[2012/07/25 23:10:27 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Roaming\SharePod
[2012/07/25 23:06:32 | 005,591,552 | ---- | C] (Jeffrey Harris) -- C:\Users\Materelli\Desktop\SharePod.exe
[2012/07/25 11:29:42 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{1BF47978-8AAE-4909-9656-F570EC1883BD}
[2012/07/25 11:28:36 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{DCF845F9-8A41-47AF-A376-9F442FA81BB2}
[2012/07/24 23:03:25 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{976EC6EC-6CC1-408E-A6C6-28A4ED3CB582}
[2012/07/24 23:03:11 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{2EBC7EAF-8E29-44CA-A301-04E3BF86B4F5}
[2012/07/24 11:02:43 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9314C45D-16FD-4172-B05B-B85AC524674C}
[2012/07/24 11:01:39 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{67EA3F70-5A97-4D52-A973-E8E024F64035}
[2012/07/23 15:17:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{AABA0F99-B0BF-449F-BA71-626EDFB3E491}
[2012/07/23 15:16:58 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{02848BB8-8C8A-46A9-B9E6-A56515DB0755}
[2012/07/23 02:19:11 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{2DDF4F29-538E-4FA5-884E-F5B674FCC381}
[2012/07/23 02:18:58 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{EDAC6964-1054-46CB-A739-37D55BF6ED6A}
[2012/07/22 14:18:38 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{CB29C2BC-DF2E-4D66-941A-26BFC6CC3EE5}
[2012/07/22 14:17:32 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{1E9F23C1-66E8-4C76-A379-CEEC0829E55C}
[2012/07/22 01:39:03 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{888134C3-E9D4-46B0-865A-79CEF4ADF234}
[2012/07/22 01:38:49 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E6104F94-A8DB-4933-A181-4D78B46C0B26}
[2012/07/21 13:38:26 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{73718129-BA7B-4996-AFB5-08BDAF637AEC}
[2012/07/21 13:37:41 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{8536A656-3E50-4D50-976D-B27DDA14F6FF}
[2012/07/21 00:33:07 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4B41CA3D-CAE7-4EE1-ACCD-2F70108FAD6B}
[2012/07/21 00:32:55 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{C913E54F-D61D-4EBB-9BED-DB3F381863E8}
[2012/07/20 12:32:18 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{08EFB1F8-5ED2-402D-9541-E81996B2B0CD}
[2012/07/20 12:31:22 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9E384429-28C9-4AC0-BCD8-8FBEA041016A}
[2012/07/19 20:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/19 20:01:09 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{DDA6FB1D-13AA-4994-B321-0CEE8F8F481B}
[2012/07/19 20:00:30 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{22866968-EEDC-4A04-9CC0-434124AAEFCE}
[2012/07/13 11:06:56 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{7E8D9116-FDC7-4666-BB63-9A7BA29B5A36}
[2012/07/13 11:06:19 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E16D384C-D61B-436B-A632-69B280F8120D}
[2012/07/12 12:30:03 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{396CBEB3-0ABD-4BAF-9FDC-8D5F79EEF5AB}
[2012/07/12 12:29:42 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{5657BEF6-6DD6-4B4E-B61A-90A930166C15}
[2012/07/12 11:36:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/12 00:29:14 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{EE0E4460-B54D-4261-B03D-3CC6B64DCE6B}
[2012/07/12 00:28:58 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{04ADA130-3444-4A21-8BE1-CE57D23EAC4E}
[2012/07/11 13:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/11 13:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/11 13:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/11 13:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/07/11 12:28:10 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{15B993DA-ADE8-4646-996F-CD779D4F62F4}
[2012/07/11 12:26:54 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{F2E1F8BF-BE73-4A84-B977-52321FD4B7ED}
[2012/07/11 00:09:25 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{2DDB106F-C5C9-4FB9-84B2-46092EEC8E28}
[2012/07/11 00:09:06 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{52503ACA-1A7D-45FE-BDF2-9A5049B5CD27}
[2012/07/10 12:08:31 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{8F16CA25-C1DE-4DCA-A491-8ECC1A1BA4F5}
[2012/07/10 12:07:04 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4AE01EF0-BBAF-4ED4-B60F-BB17A324BF9D}
[2012/07/09 15:39:24 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{31C77E61-C671-4A43-827C-621FCFBCFAED}
[2012/07/09 15:38:20 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{975A800D-6AD5-4227-B908-0F675AD3AB51}
[2012/07/08 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E15D0E8C-08DB-429D-B738-498FF5FE0215}
[2012/07/08 12:27:34 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{3D943A8A-AB28-4C61-ABEB-2BBED51DE90B}
[2012/07/08 00:27:13 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4F77FFA4-8E03-4878-92B0-21FC65F9C7A5}
[2012/07/08 00:26:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9C97D5FA-5956-4273-B171-27C7FEDAD639}
[2012/07/07 12:26:40 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{74E94D25-6B93-416E-9D1F-5C123F3F8110}
[2012/07/07 12:26:28 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E40BC333-3DAE-4A3F-8861-763E531B42F3}
[2012/07/07 00:26:04 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{A22C4D64-620C-433D-85F6-33B2D006E0CC}
[2012/07/07 00:25:35 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{AFCD2DAA-440C-4D5F-BA1A-50540FFD93AE}
[2012/07/06 12:25:19 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{8AE939EA-7BC1-44A5-A820-DFDC14E8160D}
[2012/07/06 12:24:37 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D0212EDA-634C-405A-9E6D-3BCB46402408}
[2012/07/06 00:24:23 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9C3AD560-56A2-4198-9D8D-7131F91E2960}
[2012/07/06 00:23:23 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E398F453-EF8C-4597-BB17-5C790B679F38}
[2012/07/05 12:22:56 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4017C4C3-B0A4-43FA-BC73-5C417189AA77}
[2012/07/05 12:21:16 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{03F6015F-AC98-4FCC-856A-EDAF23400495}
[2012/07/05 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{0830330E-EA08-4399-9CE7-A417FBC3EFEA}
[2012/07/05 00:02:18 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{FE885F4A-F319-4E43-B4C7-DC85320A39B2}
[2012/01/19 15:31:55 | 019,663,768 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\Materelli\FreeVideoToiPodConverter.exe
[2009/07/23 11:35:08 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Materelli\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/08/03 22:04:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/03 22:04:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/03 22:04:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/03 21:59:53 | 102,883,599 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/03 21:54:06 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 21:54:05 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 21:53:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/03 21:53:46 | 4289,576,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/03 16:52:31 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/03 15:26:47 | 000,000,512 | ---- | M] () -- C:\Users\Materelli\Desktop\MBR.dat
[2012/08/03 13:35:53 | 004,724,629 | ---- | M] (Swearware) -- C:\Users\Materelli\Desktop\ComboFix.exe
[2012/08/03 13:35:35 | 000,756,204 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/03 13:35:35 | 000,645,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/03 13:35:35 | 000,123,804 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/03 13:19:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Materelli\Desktop\aswMBR.exe
[2012/08/03 13:12:00 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Materelli\Desktop\OTL.exe
[2012/08/03 00:10:29 | 001,149,038 | ---- | M] () -- C:\Users\Materelli\Documents\moochiesmenu.pdf
[2012/07/30 19:10:04 | 000,007,397 | ---- | M] () -- C:\Users\Materelli\Desktop\SharePodSettings.xml
[2012/07/30 11:49:02 | 000,227,165 | ---- | M] () -- C:\Users\Materelli\Documents\attachment payment.pdf
[2012/07/28 22:40:20 | 000,000,680 | ---- | M] () -- C:\Users\Materelli\AppData\Local\d3d9caps.dat
[2012/07/25 23:05:28 | 002,141,310 | ---- | M] () -- C:\Users\Materelli\Desktop\SharePod_3.99.zip
[2012/07/20 17:47:31 | 000,389,488 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/19 20:08:43 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/12 16:30:09 | 000,305,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 13:45:00 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/08 12:13:22 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/07/07 18:39:23 | 023,784,819 | ---- | M] () -- C:\Users\Materelli\Documents\text book of medical physiology by guyton.zip
[2012/07/06 13:32:36 | 000,602,557 | ---- | M] () -- C:\Users\Materelli\Documents\Ketosis - CAMBRIDGE guide.pdf
[2012/07/06 12:44:55 | 000,720,628 | ---- | M] () -- C:\Users\Materelli\Documents\Studies on the metabolism of Eskimos.pdf

========== Files Created - No Company Name ==========

[2012/08/03 14:10:50 | 000,000,512 | ---- | C] () -- C:\Users\Materelli\Desktop\MBR.dat
[2012/08/03 00:10:28 | 001,149,038 | ---- | C] () -- C:\Users\Materelli\Documents\moochiesmenu.pdf
[2012/07/30 11:49:01 | 000,227,165 | ---- | C] () -- C:\Users\Materelli\Documents\attachment payment.pdf
[2012/07/25 23:07:26 | 000,007,397 | ---- | C] () -- C:\Users\Materelli\Desktop\SharePodSettings.xml
[2012/07/25 23:05:20 | 002,141,310 | ---- | C] () -- C:\Users\Materelli\Desktop\SharePod_3.99.zip
[2012/07/11 13:45:00 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/07 18:39:15 | 023,784,819 | ---- | C] () -- C:\Users\Materelli\Documents\text book of medical physiology by guyton.zip
[2012/07/06 13:32:36 | 000,602,557 | ---- | C] () -- C:\Users\Materelli\Documents\Ketosis - CAMBRIDGE guide.pdf
[2012/07/06 12:44:55 | 000,720,628 | ---- | C] () -- C:\Users\Materelli\Documents\Studies on the metabolism of Eskimos.pdf
[2012/06/12 11:37:25 | 000,743,178 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/25 22:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/04 22:52:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/04 22:52:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/20 11:28:18 | 000,000,000 | ---- | C] () -- C:\Users\Materelli\AppData\Local\{2322992F-1B59-4BE1-AD80-56752BFB78D8}
[2011/05/20 17:42:55 | 000,002,295 | ---- | C] () -- C:\Users\Materelli\.com.zerog.registry.xml
[2011/02/06 17:04:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/11/27 00:07:21 | 000,000,126 | ---- | C] () -- C:\Users\Materelli\AppData\Roaming\wklnhst.dat
[2009/07/31 21:29:24 | 000,017,920 | ---- | C] () -- C:\Users\Materelli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 12:08:55 | 000,000,680 | ---- | C] () -- C:\Users\Materelli\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/05/24 09:31:17 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Ad-Aware Antivirus
[2011/10/14 12:41:06 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\AVG2012
[2012/07/09 23:56:01 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\BitTorrent
[2012/06/04 17:59:18 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\DVDVideoSoft
[2011/05/15 02:52:59 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/07/24 04:11:18 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\GetRightToGo
[2010/12/10 21:31:31 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\PCDr
[2012/04/18 20:00:46 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\ppstream
[2012/07/25 23:10:27 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\SharePod
[2011/12/07 03:36:33 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Sports Interactive
[2009/09/19 15:28:25 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\StreamTorrent
[2011/05/04 23:31:48 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Temp
[2009/11/27 00:07:26 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Template
[2009/09/07 17:25:33 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\VistaCodecs
[2011/09/09 10:49:02 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Windows Live Writer
[2012/07/08 12:13:22 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/08/03 12:34:21 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/04/25 04:53:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009/04/25 04:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/04/25 04:53:48 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/04/25 04:53:47 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/04/25 04:53:48 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009/04/25 04:53:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/04/25 04:53:47 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/04/25 04:53:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 22:37:24 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\services
[2007/10/02 17:21:30 | 000,005,747 | ---- | M] () MD5=A19E611ABC81E35FA50B604688130858 -- C:\Program Files (x86)\D-Fend Reloaded\NewUserData\FREEDOS\SERVICES
[2007/10/02 17:21:30 | 000,005,747 | ---- | M] () MD5=A19E611ABC81E35FA50B604688130858 -- C:\Users\Materelli\D-Fend Reloaded\VirtualHD\FREEDOS\SERVICES

< MD5 for: SERVICES.CFG >
[2012/04/04 06:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/04/11 08:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 08:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=BC81150939BD52DBC7A08C245F1FB229 -- C:\Windows\SysNative\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 16:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\SysWOW64\en-US\services.exe.mui
[2006/11/02 16:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
[2006/11/02 16:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\SysNative\en-US\services.exe.mui
[2006/11/02 16:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23\services.exe.mui

< MD5 for: SERVICES.EXE.VIR >
[2009/04/11 08:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=BC81150939BD52DBC7A08C245F1FB229 -- C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir

< MD5 for: SERVICES.LNK >
[2008/01/21 04:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 04:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 22:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysWOW64\wbem\services.mof
[2006/09/18 22:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 16:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2006/09/18 22:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2006/11/02 16:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2006/11/02 16:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_fe26f08ab7d12816\services.msc
[2006/09/18 22:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_2b827e27fe185619\services.msc
[2006/11/02 16:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/21 03:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN]
"AutodiscoveryFlags" = -2147483648
"DetectedInterfaceIpCount" = 4
"LastDetectHighDateTime" = 0
"LastDetectLowDateTime" = 0
"LastDetectTime" = 01/01/1601, 00:00:00 UTC
"DetectedInterfaceIps" = fe80::ec4d:63c2:6f40:929%11;fe80::96:30c1:b19e:271b%10;2002:4e61:d8e4::4e61:d8e4;78.97.216.228;
"LastDetectUrl" =

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Materelli\Desktop\joey negro - unknown.mp3:TOC.WMV
@Alternate Data Stream - 55838 bytes -> C:\ProgramData\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 311 bytes -> C:\Users\Materelli\Documents\No Subject.eml:OECustomProperty

< End of report >
  • 0

#23
materelli
Posted 03 August 2012 - 05:17 PM

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Another AVG threat same file name different process ...

process name: "C:\Windows\System32\RacAgent.exe"
process ID: 4212
  • 0

#24
Essexboy
Posted 04 August 2012 - 05:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This time I feel we should replace the file outside of windows and then use combofix

Download the attached fixlist.txt to the same USB drive as FRST

Right click this link and select "save target as.." https://dl.dropbox.c...776/fixlist.txt
Restart the computer as before to the recovery console
Run FRST and click Fix
Posted Image
A log will be generated on the USB drive

Reboot to normal windows

Once there then please run Combofix and post the log along with the FRST fix log
  • 0

#25
materelli
Posted 04 August 2012 - 06:59 AM

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I ran the frst log , it saved to the USB , went to reboot.

It then asks if i want safe mode or windows normally, i select windows normally and now i just get the black screen white cursor (feels like groundhog day).

What next capitano ?
  • 0

Advertisements

#26
Essexboy
Posted 04 August 2012 - 07:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK run windows repair again to see if it will replace the services.exe

I will now search all the prior logs to see if there is a hidden driver that will allow me to replace the file safely, although I am not optimistic on that front as I saw nothing on the first run...

We may have to use DR web from the USB
  • 0

#27
materelli
Posted 04 August 2012 - 07:41 AM

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
i tried to repair and it says "startup repair cannot repair this computer automatically"

problem details -

problem event name - startuprepairV2
problem signature 01 - externalmedia
problem signature 02 - 6.0.6001.18000.6.0.6001.18000
problem signature 03 - 0
problem signature 04 - 65537
problem signature 05 - unknown
problem signature 06 - noharddrive
problem signature 07 - 0
problem signature 08 - 0
problem signature 09 - unknown
problem signature 10 - 1168
OS version - 6.0.6001.2.1.0.256.1
Locale ID - 1033

i then "restarted" after seeing dell etc .. it starts to load windows but then goes to the balck screen white cursor.
  • 0

#28
Essexboy
Posted 04 August 2012 - 10:09 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you able to get to safe mode


Right click the attached link and select Save Target as then copy to the same USB drive as FRST
https://dl.dropbox.c...776/fixlist.txt
Restart the computer as before to the recovery console
Run FRST and click Fix
Posted Image
A log will be generated on the USB drive

Reboot to normal windows

Once there then please run OTL and post the logs along with the FRST fix log
  • 0

#29
materelli
Posted 04 August 2012 - 10:11 AM

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
So you want me to go into safe mode and then run the frst or run the frst then go into safe mode ?
  • 0

#30
Essexboy
Posted 04 August 2012 - 10:12 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Try safe mode first please.. Then if that fails go to FRST
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP