Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

searchsafer


  • Please log in to reply

#1
peejaygee

peejaygee

    Member

  • Member
  • PipPip
  • 39 posts
hi. for some time now my home page has been set to chatzum/searchsafer. It has'nt seemed to effect my machines performance much until the last few days, it has become significatly slower. i have run various anti-virus programs such as avg but they all just seem to close down about half way through. i have reinstalled firefox and got rid of searchsafer as my home page but if anything it has gotten alot slower. Also I keep getting these messages which say "an error has occured" and system not responding. Any help would be greatly appreciated.








OTL logfile created on: 09/08/2012 15:01:44 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = c:\Users\paul 2\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 63.61% Memory free
4.10 Gb Paging File | 3.13 Gb Available in Paging File | 76.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.54 Gb Total Space | 213.06 Gb Free Space | 74.10% Space Free | Partition Type: NTFS
Drive D: | 10.55 Gb Total Space | 1.80 Gb Free Space | 17.04% Space Free | Partition Type: NTFS

Computer Name: PAUL-PC | User Name: paul 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/09 14:46:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- c:\Users\paul 2\Downloads\OTL(1).exe
PRC - [2012/08/08 22:03:50 | 001,118,304 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/08/08 18:20:21 | 000,927,840 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcfgex.exe
PRC - [2011/10/01 01:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 01:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/02/28 15:44:25 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/20 09:39:12 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/01/20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe
PRC - [2009/01/20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe
PRC - [2008/12/24 01:18:20 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/08 22:03:50 | 001,118,304 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/08/08 18:20:22 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\SiteSafety.dll
MOD - [2012/02/22 20:29:42 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2012/02/22 20:27:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2012/02/22 20:27:36 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll
MOD - [2012/02/22 20:27:35 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll
MOD - [2012/02/22 20:27:35 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/22 20:27:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2012/02/22 20:25:56 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2012/02/22 20:25:39 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2012/02/22 20:25:29 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2012/02/22 20:25:13 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2012/02/22 20:25:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
MOD - [2012/02/22 20:24:59 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
MOD - [2012/02/22 20:24:40 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
MOD - [2012/02/22 20:24:25 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
MOD - [2012/02/22 20:24:21 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2012/02/22 20:24:12 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008/11/18 20:03:14 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/11/18 19:57:08 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/11/18 19:57:06 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/11/18 19:56:58 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/11/18 19:56:56 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/11/18 19:56:40 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/11/18 19:56:40 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/11/18 19:56:40 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008/07/27 19:22:54 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2008/07/27 19:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/07/27 19:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/01/21 03:24:29 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2007/08/14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2006/11/02 10:46:09 | 000,167,936 | ---- | M] () -- C:\Windows\System32\msjint40.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/08 18:20:21 | 000,927,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe -- (vToolbarUpdater12.2.0)
SRV - [2012/07/14 01:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/10/01 01:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 01:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/08/24 13:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/01/20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe -- (STacSV)
SRV - [2009/01/20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/24 01:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 21:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ax0bw0fi)
DRV - [2012/08/08 18:20:24 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/10/01 01:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 01:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 01:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 01:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/10/24 23:43:24 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/01/20 09:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/23 12:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/12/20 08:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/09/22 06:49:36 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.chatzu...q={searchTerms}
IE - HKLM\..\SearchScopes\{D55C3E3D-7558-4D69-BF55-13EA5B6A199E}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKLM\..\SearchScopes\{F304A406-DF59-4420-A8BC-6A357E233831}: "URL" = http://uk.search.yah...p06&type=ie2008

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2790392
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-08-08 22:03:52&v=11.0.0.10&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKCU\..\SearchScopes\{D55C3E3D-7558-4D69-BF55-13EA5B6A199E}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKCU\..\SearchScopes\{F304A406-DF59-4420-A8BC-6A357E233831}: "URL" = http://uk.search.yah...p06&type=ie2008
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...3:52&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hotbar\bin\11.0.78.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/08 18:16:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.0.0.10\ [2012/08/08 22:04:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/09 12:21:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/20 00:19:55 | 000,000,000 | ---D | M]

[2012/05/19 13:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul 2\AppData\Roaming\Mozilla\Extensions
[2012/08/09 09:40:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul 2\AppData\Roaming\Mozilla\Firefox\Profiles\yl4r7yzt.default\extensions
[2012/08/08 13:34:34 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\paul 2\AppData\Roaming\Mozilla\Firefox\Profiles\yl4r7yzt.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/08/08 13:35:11 | 000,000,000 | ---D | M] (WiseConvert Community Toolbar) -- C:\Users\paul 2\AppData\Roaming\Mozilla\Firefox\Profiles\yl4r7yzt.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}
[2012/08/08 14:07:55 | 000,002,306 | ---- | M] () -- C:\Users\paul 2\AppData\Roaming\Mozilla\Firefox\Profiles\yl4r7yzt.default\searchplugins\askcomsearch.xml
[2012/05/30 08:45:36 | 000,000,925 | ---- | M] () -- C:\Users\paul 2\AppData\Roaming\Mozilla\Firefox\Profiles\yl4r7yzt.default\searchplugins\conduit.xml
[2012/07/12 23:33:47 | 000,000,641 | ---- | M] () -- C:\Users\paul 2\AppData\Roaming\Mozilla\Firefox\Profiles\yl4r7yzt.default\searchplugins\search-web.xml
[2012/08/09 12:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/08 14:05:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/08 18:16:00 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/08/08 22:04:02 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.0.0.10
[2012/07/14 01:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/08 22:03:47 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/14 01:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/14 01:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\paul 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\paul 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\paul 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpmlnedpdikbgdghljdepnljfpkhccn\1.0.0_0\
CHR - Extension: No name found = C:\Users\paul 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: No name found = C:\Users\paul 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb\1.0.6_0\
CHR - Extension: No name found = C:\Users\paul 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.7.1_0\
CHR - Extension: No name found = C:\Users\paul 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC9AC7EB-763C-4D0E-888A-79FB8EA56FAA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/09 12:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/09 08:24:39 | 000,000,000 | ---D | C] -- C:\Users\paul 2\AppData\Roaming\uTorrent
[2012/08/08 22:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/08/08 18:24:58 | 000,000,000 | ---D | C] -- C:\Users\paul 2\AppData\Roaming\AVG2012
[2012/08/08 18:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/08 18:20:55 | 000,000,000 | ---D | C] -- C:\Users\paul 2\AppData\Local\AVG Secure Search
[2012/08/08 18:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/08/08 18:20:24 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/08/08 18:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/08/08 18:15:42 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/08/08 18:15:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/08/08 18:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/08 18:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/08/08 16:57:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/08/08 16:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/08 14:45:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/08 14:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/08/08 14:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/08 14:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/08/08 14:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/12 22:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ChessBase
[2012/07/12 22:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\ChatZum Toolbar
[2012/07/12 22:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ChessBase
[2012/07/12 16:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/07/12 13:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Home and Business (English)
[2012/07/12 13:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/07/12 13:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2012/07/11 00:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2012/07/11 00:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/09 14:56:14 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/08/09 14:56:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 14:56:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 14:55:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/09 14:55:50 | 2075,054,080 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/09 14:13:33 | 000,025,088 | ---- | M] () -- C:\Users\paul 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/09 14:12:46 | 000,006,080 | ---- | M] () -- C:\Users\paul 2\AppData\Local\d3d9caps.dat
[2012/08/09 13:08:54 | 103,289,042 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/09 12:21:23 | 000,000,830 | ---- | M] () -- C:\Users\paul 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/09 12:21:23 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/09 11:54:54 | 000,320,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/09 09:48:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/08/09 09:48:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/08/08 18:20:56 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/08 18:20:24 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/08/08 15:26:03 | 216,417,990 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/22 00:28:53 | 000,609,640 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/22 00:28:53 | 000,108,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/09 14:12:15 | 2075,054,080 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/09 13:08:54 | 103,289,042 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/09 12:21:23 | 000,000,830 | ---- | C] () -- C:\Users\paul 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/09 12:21:23 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/09 12:21:23 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/09 09:48:36 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/08/09 09:48:36 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/08/08 18:20:56 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/10 17:25:14 | 000,006,080 | ---- | C] () -- C:\Users\paul 2\AppData\Local\d3d9caps.dat
[2012/05/19 13:27:34 | 000,025,088 | ---- | C] () -- C:\Users\paul 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/14 18:46:21 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/06/30 08:45:36 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== LOP Check ==========

[2012/08/08 18:25:01 | 000,000,000 | ---D | M] -- C:\Users\paul 2\AppData\Roaming\AVG2012
[2012/06/23 11:17:16 | 000,000,000 | ---D | M] -- C:\Users\paul 2\AppData\Roaming\BitTorrent
[2012/08/09 11:52:43 | 000,000,000 | ---D | M] -- C:\Users\paul 2\AppData\Roaming\uTorrent
[2012/08/09 14:54:58 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by peejaygee, 09 August 2012 - 11:05 AM.

  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello peejaygee and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • Do not put your logs inside <Quote> and/or <Code> *important*
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.

# Step 1 #
Download the adwCleaner
  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

# Step 2 #
Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
peejaygee

peejaygee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
hi. i have completed the first scan but the second scan keeps crashing my system.

# AdwCleaner v1.800 - Logfile created 08/11/2012 at 10:05:21
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# User : paul 2 - PAUL-PC
# Running from : C:\Users\paul 2\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18000

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\paul 2\AppData\Roaming\Mozilla\Firefox\Profiles\yl4r7yzt.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\paul 2\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [943 octets] - [11/08/2012 10:05:21]

########## EOF - C:\AdwCleaner[S1].txt - [1070 octets] ##########
  • 0

#4
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

hi. i have completed the first scan but the second scan keeps crashing my system.

Ok.

# Step 1 #
  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic

# Step 2 #
Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

The report has the following format: MBRCheck_Date_Time.
For example: MBRCheck_05.13.12_22.35.11
  • 0

#5
peejaygee

peejaygee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ61 Notebook PC
Logical Drives Mask: 0x0001003c

Kernel Drivers (total 195):
0x81C13000 \SystemRoot\system32\ntkrnlpa.exe
0x81FCE000 \SystemRoot\system32\hal.dll
0x80407000 \SystemRoot\system32\kdcom.dll
0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8046F000 \SystemRoot\system32\PSHED.dll
0x80480000 \SystemRoot\system32\BOOTVID.dll
0x80488000 \SystemRoot\system32\CLFS.SYS
0x804C9000 \SystemRoot\system32\CI.dll
0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068C000 \SystemRoot\System32\Drivers\spkn.sys
0x8078D000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80796000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x805A9000 \SystemRoot\system32\drivers\acpi.sys
0x807BC000 \SystemRoot\system32\drivers\msisadrv.sys
0x807C4000 \SystemRoot\system32\drivers\pci.sys
0x807EB000 \SystemRoot\system32\drivers\isapnp.sys
0x82209000 \SystemRoot\system32\drivers\mpio.sys
0x82225000 \SystemRoot\System32\drivers\partmgr.sys
0x82234000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82237000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82241000 \SystemRoot\system32\drivers\volmgr.sys
0x82250000 \SystemRoot\System32\drivers\volmgrx.sys
0x8229A000 \SystemRoot\system32\drivers\intelide.sys
0x822A1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x822AF000 \SystemRoot\system32\drivers\aliide.sys
0x822B6000 \SystemRoot\system32\drivers\amdide.sys
0x822BD000 \SystemRoot\system32\drivers\cmdide.sys
0x822C5000 \SystemRoot\System32\drivers\mountmgr.sys
0x822D5000 \SystemRoot\system32\drivers\msdsm.sys
0x822EF000 \SystemRoot\system32\drivers\nvraid.sys
0x8230A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8232B000 \SystemRoot\system32\drivers\pciide.sys
0x82332000 \SystemRoot\system32\drivers\viaide.sys
0x8233A000 \SystemRoot\system32\drivers\iastorv.sys
0x823DB000 \SystemRoot\system32\drivers\atapi.sys
0x83401000 \SystemRoot\system32\drivers\ataport.SYS
0x8341F000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x83439000 \SystemRoot\system32\drivers\storport.sys
0x8347A000 \SystemRoot\system32\drivers\msahci.sys
0x83484000 \SystemRoot\system32\drivers\hpcisss.sys
0x8348F000 \SystemRoot\system32\drivers\adp94xx.sys
0x834F9000 \SystemRoot\system32\drivers\adpahci.sys
0x83545000 \SystemRoot\system32\drivers\adpu160m.sys
0x83560000 \SystemRoot\system32\drivers\adpu320.sys
0x83586000 \SystemRoot\system32\drivers\djsvs.sys
0x8359A000 \SystemRoot\system32\drivers\arc.sys
0x835B0000 \SystemRoot\system32\drivers\arcsas.sys
0x8360F000 \SystemRoot\system32\drivers\elxstor.sys
0x836A3000 \SystemRoot\system32\drivers\i2omp.sys
0x836AD000 \SystemRoot\system32\drivers\iirsp.sys
0x836BD000 \SystemRoot\system32\drivers\iteatapi.sys
0x836C9000 \SystemRoot\system32\drivers\iteraid.sys
0x836D5000 \SystemRoot\system32\drivers\lsi_fc.sys
0x836EF000 \SystemRoot\system32\drivers\lsi_sas.sys
0x83707000 \SystemRoot\system32\drivers\megasas.sys
0x83711000 \SystemRoot\system32\drivers\megasr.sys
0x837C8000 \SystemRoot\system32\drivers\mraid35x.sys
0x837D3000 \SystemRoot\system32\drivers\nfrd960.sys
0x837E1000 \SystemRoot\system32\drivers\nvstor.sys
0x88208000 \SystemRoot\system32\drivers\ql2300.sys
0x88340000 \SystemRoot\system32\drivers\ql40xx.sys
0x88395000 \SystemRoot\system32\drivers\sisraid2.sys
0x883A2000 \SystemRoot\system32\drivers\sisraid4.sys
0x883B7000 \SystemRoot\system32\drivers\symc8xx.sys
0x883C3000 \SystemRoot\system32\drivers\sym_hi.sys
0x883CE000 \SystemRoot\system32\drivers\sym_u3.sys
0x88401000 \SystemRoot\system32\drivers\uliahci.sys
0x8843D000 \SystemRoot\system32\drivers\ulsata.sys
0x8845E000 \SystemRoot\system32\drivers\ulsata2.sys
0x8848A000 \SystemRoot\system32\drivers\vsmraid.sys
0x884AB000 \SystemRoot\system32\drivers\fltmgr.sys
0x884DD000 \SystemRoot\system32\drivers\fileinfo.sys
0x884ED000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8860F000 \SystemRoot\system32\drivers\ndis.sys
0x8871A000 \SystemRoot\system32\drivers\msrpc.sys
0x88745000 \SystemRoot\system32\drivers\NETIO.SYS
0x8880A000 \SystemRoot\System32\drivers\tcpip.sys
0x888F3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88A08000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88B17000 \SystemRoot\system32\drivers\wd.sys
0x88B1F000 \SystemRoot\system32\drivers\volsnap.sys
0x88B58000 \SystemRoot\System32\Drivers\spldr.sys
0x88B60000 \SystemRoot\system32\drivers\sbp2port.sys
0x88B75000 \SystemRoot\System32\Drivers\mup.sys
0x88B84000 \SystemRoot\System32\drivers\ecache.sys
0x88BAB000 \SystemRoot\system32\drivers\disk.sys
0x88BBC000 \SystemRoot\system32\drivers\crcdisk.sys
0x88BC5000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x88BCC000 \SystemRoot\system32\DRIVERS\avgidshx.sys
0x88BF2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8890E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x88A00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C600000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8CCFB000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CD9A000 \SystemRoot\System32\drivers\watchdog.sys
0x8CDA7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8CDB2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CDF0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8891D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CE0D000 \SystemRoot\system32\DRIVERS\athr.sys
0x8CF1B000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8CF40000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CF53000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8CF58000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CF63000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CF94000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CF96000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CFA1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CFB9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8CFBF000 \SystemRoot\System32\Drivers\atmrknj9.SYS
0x8CFF7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8892F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CE00000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8895D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x88974000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8897F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x889A2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x889B1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x889C5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x889DA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CE0B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8877F000 \SystemRoot\system32\DRIVERS\ks.sys
0x889EA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x887A9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x887B6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x887EA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8855E000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x885C2000 \SystemRoot\system32\DRIVERS\portcls.sys
0x883D9000 \SystemRoot\system32\DRIVERS\drmk.sys
0x835C6000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x88600000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x889F4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x88800000 \SystemRoot\System32\Drivers\Null.SYS
0x885EF000 \SystemRoot\System32\Drivers\Beep.SYS
0x837EE000 \??\C:\Windows\system32\drivers\avgtpx86.sys
0x88200000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x83600000 \SystemRoot\System32\drivers\vga.sys
0x8D004000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D025000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D02D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D035000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D040000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D04E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D057000 \SystemRoot\system32\DRIVERS\avgfwd6x.sys
0x8D065000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D07B000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D08F000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8D0D7000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D109000 \SystemRoot\system32\drivers\afd.sys
0x8D151000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D167000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D175000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D188000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D1C4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D1CE000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D60F000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8D647000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D65E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8D67F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8D695000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D6A2000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D6AD000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x95410000 \SystemRoot\System32\win32k.sys
0x8D6B7000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D6C1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95630000 \SystemRoot\System32\TSDDD.dll
0x95650000 \SystemRoot\System32\cdd.dll
0x8D6D0000 \SystemRoot\system32\drivers\luafv.sys
0x8D6EB000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x8D6F4000 \SystemRoot\system32\drivers\spsys.sys
0x8D7A3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D7B3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D7DD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8D7E7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9980F000 \SystemRoot\system32\drivers\HTTP.sys
0x9987C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x99899000 \SystemRoot\system32\DRIVERS\bowser.sys
0x998B2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x998C7000 \SystemRoot\system32\drivers\mrxdav.sys
0x998E7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99906000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9993F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99957000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9997F000 \SystemRoot\System32\DRIVERS\srv.sys
0x999E6000 \SystemRoot\system32\DRIVERS\avgidsshimx.sys
0xAB60E000 \SystemRoot\system32\drivers\peauth.sys
0xAB6EC000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAB6F6000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0xAB78A000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0xAB7C0000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAB7CC000 \SystemRoot\system32\DRIVERS\avgidsfilterx.sys
0xAB7D1000 \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
0xAB7F2000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x77990000 \Windows\System32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
388 C:\Windows\System32\smss.exe
680 csrss.exe
724 C:\Windows\System32\wininit.exe
744 csrss.exe
776 C:\Windows\System32\services.exe
792 C:\Windows\System32\lsass.exe
804 C:\Windows\System32\lsm.exe
872 C:\Windows\System32\winlogon.exe
972 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe
1372 C:\Windows\System32\audiodg.exe
1416 C:\Windows\System32\SLsvc.exe
1476 C:\Windows\System32\svchost.exe
1596 C:\Windows\System32\svchost.exe
1924 C:\Windows\System32\spoolsv.exe
1936 C:\Windows\System32\dwm.exe
1944 C:\Windows\System32\taskeng.exe
2012 C:\Windows\explorer.exe
2040 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe
1548 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1684 C:\Program Files\AVG\AVG2012\avgfws.exe
1832 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
652 C:\Program Files\Bonjour\mDNSResponder.exe
2060 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2168 C:\Windows\System32\svchost.exe
2284 C:\Program Files\SMINST\BLService.exe
2316 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2584 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
2628 C:\Windows\System32\svchost.exe
2652 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
2676 C:\Windows\System32\svchost.exe
2708 C:\Windows\System32\SearchIndexer.exe
2756 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
3448 C:\Windows\System32\igfxtray.exe
3472 C:\Windows\System32\hkcmd.exe
3484 C:\Windows\System32\igfxsrvc.exe
3552 C:\Windows\System32\taskeng.exe
3784 C:\Windows\System32\igfxpers.exe
3816 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3844 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3852 C:\Program Files\IDT\WDM\sttray.exe
3880 C:\Program Files\HP\QuickPlay\QPService.exe
4004 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2752 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2784 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2824 C:\Program Files\Common Files\Java\Java Update\jusched.exe
292 C:\Program Files\AVG\AVG2012\avgtray.exe
2916 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
840 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
980 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
3752 WmiPrvSE.exe
4048 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
1608 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
3252 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4860 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5492 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4504 C:\Windows\System32\wuauclt.exe
4768 C:\Program Files\AVG\AVG2012\avgcfgex.exe
4052 C:\Windows\System32\SearchProtocolHost.exe
5688 C:\Windows\System32\SearchFilterHost.exe
4204 C:\Users\paul 2\Downloads\MBRCheck(1).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`e2500000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: WDCWD3200BEVT-60ZCT1, Rev: 13.01A13

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Attached Files


  • 0

#6
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

# Step 1 #
Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb
    IE - HKLM\..\SearchScopes\{D55C3E3D-7558-4D69-BF55-13EA5B6A199E}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
    IE - HKCU\..\SearchScopes\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb
    IE - HKCU\..\SearchScopes\{D55C3E3D-7558-4D69-BF55-13EA5B6A199E}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
    
    :Files
    Type C:\Windows\DeleteOnReboot.bat /c
    
    :Commands
    [CREATERESTOREPOINT]
    [REBOOT]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

# Step 2 #
Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:


Enter 1 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):


Enter 0 and press Enter

The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see a Dumped successfully message. Type -1 and press Enter twice to exit the program. Save the dump.dat file to your desktop then attach it on your next reply.

If you don't have permission to attach the dump.dat, compress the file using Winrar and try again.
  • 0

#7
peejaygee

peejaygee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D55C3E3D-7558-4D69-BF55-13EA5B6A199E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D55C3E3D-7558-4D69-BF55-13EA5B6A199E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D55C3E3D-7558-4D69-BF55-13EA5B6A199E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D55C3E3D-7558-4D69-BF55-13EA5B6A199E}\ not found.
========== FILES ==========
< Type C:\Windows\DeleteOnReboot.bat /c >
rmdir /s /q "C:\Program Files\Common Files\AVG Secure Search"
del /f /q "C:\Windows\DeleteOnReboot.bat">nul 2>&1
c:\Users\paul 2\Downloads\cmd.bat deleted successfully.
c:\Users\paul 2\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 08122012_193826


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ61 Notebook PC
Logical Drives Mask: 0x0001003c

Kernel Drivers (total 195):
0x81C4C000 \SystemRoot\system32\ntkrnlpa.exe
0x81C19000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8046B000 \SystemRoot\system32\PSHED.dll
0x8047C000 \SystemRoot\system32\BOOTVID.dll
0x80484000 \SystemRoot\system32\CLFS.SYS
0x804C5000 \SystemRoot\system32\CI.dll
0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80692000 \SystemRoot\System32\Drivers\spia.sys
0x80793000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8079C000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x805A5000 \SystemRoot\system32\drivers\acpi.sys
0x807C2000 \SystemRoot\system32\drivers\msisadrv.sys
0x807CA000 \SystemRoot\system32\drivers\pci.sys
0x807F1000 \SystemRoot\system32\drivers\isapnp.sys
0x82202000 \SystemRoot\system32\drivers\mpio.sys
0x8221E000 \SystemRoot\System32\drivers\partmgr.sys
0x8222D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82230000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8223A000 \SystemRoot\system32\drivers\volmgr.sys
0x82249000 \SystemRoot\System32\drivers\volmgrx.sys
0x82293000 \SystemRoot\system32\drivers\intelide.sys
0x8229A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x822A8000 \SystemRoot\system32\drivers\aliide.sys
0x822AF000 \SystemRoot\system32\drivers\amdide.sys
0x822B6000 \SystemRoot\system32\drivers\cmdide.sys
0x822BE000 \SystemRoot\System32\drivers\mountmgr.sys
0x822CE000 \SystemRoot\system32\drivers\msdsm.sys
0x822E8000 \SystemRoot\system32\drivers\nvraid.sys
0x82303000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82324000 \SystemRoot\system32\drivers\pciide.sys
0x8232B000 \SystemRoot\system32\drivers\viaide.sys
0x82333000 \SystemRoot\system32\drivers\iastorv.sys
0x823D4000 \SystemRoot\system32\drivers\atapi.sys
0x823DC000 \SystemRoot\system32\drivers\ataport.SYS
0x83403000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x8341D000 \SystemRoot\system32\drivers\storport.sys
0x8345E000 \SystemRoot\system32\drivers\msahci.sys
0x83468000 \SystemRoot\system32\drivers\hpcisss.sys
0x83473000 \SystemRoot\system32\drivers\adp94xx.sys
0x834DD000 \SystemRoot\system32\drivers\adpahci.sys
0x83529000 \SystemRoot\system32\drivers\adpu160m.sys
0x83544000 \SystemRoot\system32\drivers\adpu320.sys
0x8356A000 \SystemRoot\system32\drivers\djsvs.sys
0x8357E000 \SystemRoot\system32\drivers\arc.sys
0x83594000 \SystemRoot\system32\drivers\arcsas.sys
0x8360D000 \SystemRoot\system32\drivers\elxstor.sys
0x836A1000 \SystemRoot\system32\drivers\i2omp.sys
0x836AB000 \SystemRoot\system32\drivers\iirsp.sys
0x836BB000 \SystemRoot\system32\drivers\iteatapi.sys
0x836C7000 \SystemRoot\system32\drivers\iteraid.sys
0x836D3000 \SystemRoot\system32\drivers\lsi_fc.sys
0x836ED000 \SystemRoot\system32\drivers\lsi_sas.sys
0x83705000 \SystemRoot\system32\drivers\megasas.sys
0x8370F000 \SystemRoot\system32\drivers\megasr.sys
0x837C6000 \SystemRoot\system32\drivers\mraid35x.sys
0x837D1000 \SystemRoot\system32\drivers\nfrd960.sys
0x837DF000 \SystemRoot\system32\drivers\nvstor.sys
0x8820A000 \SystemRoot\system32\drivers\ql2300.sys
0x88342000 \SystemRoot\system32\drivers\ql40xx.sys
0x88397000 \SystemRoot\system32\drivers\sisraid2.sys
0x883A4000 \SystemRoot\system32\drivers\sisraid4.sys
0x883B9000 \SystemRoot\system32\drivers\symc8xx.sys
0x883C5000 \SystemRoot\system32\drivers\sym_hi.sys
0x883D0000 \SystemRoot\system32\drivers\sym_u3.sys
0x835AA000 \SystemRoot\system32\drivers\uliahci.sys
0x883DB000 \SystemRoot\system32\drivers\ulsata.sys
0x88407000 \SystemRoot\system32\drivers\ulsata2.sys
0x88433000 \SystemRoot\system32\drivers\vsmraid.sys
0x88454000 \SystemRoot\system32\drivers\fltmgr.sys
0x88486000 \SystemRoot\system32\drivers\fileinfo.sys
0x88496000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88602000 \SystemRoot\system32\drivers\ndis.sys
0x8870D000 \SystemRoot\system32\drivers\msrpc.sys
0x88738000 \SystemRoot\system32\drivers\NETIO.SYS
0x88507000 \SystemRoot\System32\drivers\tcpip.sys
0x88772000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8880E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8891D000 \SystemRoot\system32\drivers\wd.sys
0x88925000 \SystemRoot\system32\drivers\volsnap.sys
0x8895E000 \SystemRoot\System32\Drivers\spldr.sys
0x88966000 \SystemRoot\system32\drivers\sbp2port.sys
0x8897B000 \SystemRoot\System32\Drivers\mup.sys
0x8898A000 \SystemRoot\System32\drivers\ecache.sys
0x889B1000 \SystemRoot\system32\drivers\disk.sys
0x889C2000 \SystemRoot\system32\drivers\crcdisk.sys
0x889CB000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x889D2000 \SystemRoot\system32\DRIVERS\avgidshx.sys
0x88800000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8878D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x889F8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8BE01000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8C4FC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C59B000 \SystemRoot\System32\drivers\watchdog.sys
0x8C5A8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C5B3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C5F1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8879C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C80D000 \SystemRoot\system32\DRIVERS\athr.sys
0x8C91B000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8C940000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C953000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8C958000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C963000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C994000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C996000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C9A1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C9B9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8C9BF000 \SystemRoot\System32\Drivers\akh3rr16.SYS
0x8C9F7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x887AE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C800000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x887DC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x887F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CC0B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CC2E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CC3D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CC51000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CC66000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CC76000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CC78000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CCA2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CCAC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CCB9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CCED000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CCFE000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x8CD62000 \SystemRoot\system32\DRIVERS\portcls.sys
0x8CD8F000 \SystemRoot\system32\DRIVERS\drmk.sys
0x8CDB4000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8CDD5000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8CDE3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8CDEC000 \SystemRoot\System32\Drivers\Null.SYS
0x8CDF3000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CC00000 \??\C:\Windows\system32\drivers\avgtpx86.sys
0x885F9000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x837EC000 \SystemRoot\System32\drivers\vga.sys
0x8CE04000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CE25000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CE2D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CE35000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CE40000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CE4E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CE57000 \SystemRoot\system32\DRIVERS\avgfwd6x.sys
0x8CE65000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CE7B000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CE8F000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8CED7000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CF09000 \SystemRoot\system32\drivers\afd.sys
0x8CF51000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CF67000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CF75000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CF88000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CFC4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CFCE000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D40C000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8D444000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D45B000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8D47C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8D492000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D49F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D4AA000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x936E0000 \SystemRoot\System32\win32k.sys
0x8D4B4000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D4BE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93900000 \SystemRoot\System32\TSDDD.dll
0x93920000 \SystemRoot\System32\cdd.dll
0x8D4CD000 \SystemRoot\system32\drivers\luafv.sys
0x8D4E8000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x8D4F1000 \SystemRoot\system32\drivers\spsys.sys
0x8D5A0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D5B0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D5DA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8D5E4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A00E000 \SystemRoot\system32\drivers\HTTP.sys
0x9A07B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A098000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A0B1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A0C6000 \SystemRoot\system32\drivers\mrxdav.sys
0x9A0E6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9A105000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9A13E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9A156000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9A17E000 \SystemRoot\System32\DRIVERS\srv.sys
0x9A1E5000 \SystemRoot\system32\DRIVERS\avgidsshimx.sys
0x97E07000 \SystemRoot\system32\drivers\peauth.sys
0x97EE5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x97EEF000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x97F83000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x97FB9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x97FC5000 \SystemRoot\system32\DRIVERS\avgidsfilterx.sys
0x97FCA000 \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
0x97FEB000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x77D00000 \Windows\System32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
764 csrss.exe
808 C:\Windows\System32\wininit.exe
828 csrss.exe
860 C:\Windows\System32\services.exe
872 C:\Windows\System32\lsass.exe
880 C:\Windows\System32\lsm.exe
992 C:\Windows\System32\winlogon.exe
1060 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe
1448 C:\Windows\System32\audiodg.exe
1492 C:\Windows\System32\SLsvc.exe
1532 C:\Windows\System32\svchost.exe
1652 C:\Windows\System32\svchost.exe
2012 C:\Windows\System32\spoolsv.exe
2040 C:\Windows\System32\svchost.exe
484 C:\Windows\System32\taskeng.exe
696 C:\Windows\System32\dwm.exe
1072 C:\Windows\explorer.exe
1904 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe
492 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1684 C:\Program Files\AVG\AVG2012\avgfws.exe
2176 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
2228 C:\Windows\System32\igfxtray.exe
2252 C:\Program Files\Bonjour\mDNSResponder.exe
2260 C:\Windows\System32\hkcmd.exe
2280 C:\Windows\System32\igfxpers.exe
2336 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2456 C:\Windows\System32\igfxsrvc.exe
2552 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2564 C:\Windows\System32\svchost.exe
2584 C:\Program Files\IDT\WDM\sttray.exe
2644 C:\Program Files\SMINST\BLService.exe
2736 C:\Program Files\CyberLink\Shared files\RichVideo.exe
3032 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
3060 C:\Windows\System32\svchost.exe
3096 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
3192 C:\Windows\System32\svchost.exe
3224 C:\Windows\System32\SearchIndexer.exe
3264 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
3316 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2536 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3080 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2692 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3204 C:\Program Files\AVG\AVG2012\avgtray.exe
3272 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3152 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3644 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3280 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
3852 WmiPrvSE.exe
4100 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
4292 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4376 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
5104 C:\Windows\System32\taskeng.exe
5512 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
6080 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
6068 C:\Windows\System32\wuauclt.exe
6008 C:\Program Files\AVG\AVG2012\avgcfgex.exe
856 C:\Windows\System32\SearchProtocolHost.exe
3584 C:\Windows\System32\SearchFilterHost.exe
5588 C:\Users\paul 2\Downloads\MBRCheck(1).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`e2500000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: WDCWD3200BEVT-60ZCT1, Rev: 13.01A13

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: dump.datDumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!
  • 0

#8
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

I need you to attach the dump.dat file

The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see a Dumped successfully message. Type -1 and press Enter twice to exit the program. Save the dump.dat file to your desktop then attach it on your next reply.

If you don't have permission to attach the dump.dat, compress the file using Winrar and try again.

:thumbsup:
  • 0

#9
peejaygee

peejaygee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Attached File  MBRCheck_08.12.12_23.04.14.txt   15.03KB   37 downloads
  • 0

#10
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

This is not the Dump.dat log.

Please, try again.:

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:


Enter 1 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):


Enter 0 and press Enter

The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see a Dumped successfully message. Type -1 and press Enter twice to exit the program. Save the dump.dat file to your desktop then attach it on your next reply.

If you don't have permission to attach the dump.dat, compress the file using Winrar and try again.


  • 0

Advertisements


#11
peejaygee

peejaygee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Attached File  dump.dat   512bytes   25 downloads
  • 0

#12
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.
  • 0

#13
peejaygee

peejaygee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
my computer seems to be running faster and has not froze however, the chatzum toolbar is still there.

ComboFix 12-08-13.01 - paul 2 13/08/2012 18:13:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1978.983 [GMT 1:00]
Running from: c:\users\paul 2\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 17:21 . 2012-08-13 17:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-13 17:21 . 2012-08-13 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-13 09:26 . 2012-08-13 09:26 -------- d-----w- c:\users\paul 2\AppData\Local\Apple
2012-08-13 09:14 . 2012-08-13 09:14 -------- d-----w- C:\found.000
2012-08-12 21:47 . 2012-08-12 21:47 -------- d-----w- c:\users\paul 2\AppData\Roaming\Media Player Classic
2012-08-12 18:38 . 2012-08-12 18:38 -------- d-----w- C:\_OTL
2012-08-11 09:05 . 2012-08-11 09:05 115 ----a-w- c:\windows\DeleteOnReboot.bat
2012-08-09 07:24 . 2012-08-09 10:52 -------- d-----w- c:\users\paul 2\AppData\Roaming\uTorrent
2012-08-08 17:24 . 2012-08-08 17:25 -------- d-----w- c:\users\paul 2\AppData\Roaming\AVG2012
2012-08-08 17:20 . 2012-08-08 17:20 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-08 17:20 . 2012-08-10 09:37 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-08 17:15 . 2012-08-08 17:15 -------- d-----w- C:\$AVG
2012-08-08 17:15 . 2012-08-13 13:21 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-08 17:15 . 2012-08-08 17:38 -------- d-----w- c:\programdata\AVG2012
2012-08-08 17:10 . 2012-08-08 17:10 -------- d-----w- c:\program files\AVG
2012-08-08 15:57 . 2012-08-13 13:21 -------- d-----w- c:\programdata\MFAData
2012-08-08 15:57 . 2012-08-08 15:57 -------- d--h--w- c:\programdata\Common Files
2012-08-08 13:08 . 2012-08-08 13:08 -------- d-----w- c:\program files\Common Files\Java
2012-08-08 13:05 . 2012-08-08 13:05 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-08 13:05 . 2012-08-08 13:05 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-08 13:01 . 2012-08-08 13:01 -------- d-----w- c:\programdata\McAfee
2012-08-08 10:54 . 2012-08-08 10:54 -------- d-----w- c:\users\Guest\AppData\Roaming\uTorrent
2012-08-07 21:25 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A732662-3FD7-4D3C-A36D-9BD9286A3A89}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-04 03:48 . 2012-07-04 03:48 3861472 ----a-w- C:\chatzum.exe
2012-05-31 11:25 . 2009-12-22 04:59 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-14 00:17 . 2012-08-09 11:21 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-20 483420]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-07 06:31 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2010-07-23 c:\windows\Tasks\HPCeeScheduleForpaul.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-28 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\paul 2\AppData\Roaming\Mozilla\Firefox\Profiles\yl4r7yzt.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-iLivid - c:\program files\iLivid\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-13 18:24
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-13 18:25:40
ComboFix-quarantined-files.txt 2012-08-13 17:25
.
Pre-Run: 235,249,364,992 bytes free
Post-Run: 252,702,859,264 bytes free
.
- - End Of File - - 40EE0E976BEF5E95B1C35CBEBC891AEC
  • 0

#14
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

my computer seems to be running faster and has not froze however, the chatzum toolbar is still there.

Ok. I will remove him now.

  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic


  • 0

#15
peejaygee

peejaygee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
OTL logfile created on: 13/08/2012 19:29:10 - Run 4
OTL by OldTimer - Version 3.2.56.0 Folder = c:\Users\paul 2\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 57.00% Memory free
4.10 Gb Paging File | 3.09 Gb Available in Paging File | 75.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.54 Gb Total Space | 235.62 Gb Free Space | 81.94% Space Free | Partition Type: NTFS
Drive D: | 10.55 Gb Total Space | 1.80 Gb Free Space | 17.04% Space Free | Partition Type: NTFS

Computer Name: PAUL-PC | User Name: paul 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/09 14:46:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- c:\Users\paul 2\Downloads\OTL(1).exe
PRC - [2012/08/08 18:20:21 | 000,927,840 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcfgex.exe
PRC - [2011/10/01 01:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 01:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/02/28 15:44:25 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/20 09:39:12 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/01/20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe
PRC - [2009/01/20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe
PRC - [2008/12/24 01:18:20 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/10/09 16:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/22 20:29:42 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2012/02/22 20:27:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2012/02/22 20:27:36 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll
MOD - [2012/02/22 20:27:35 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll
MOD - [2012/02/22 20:27:35 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/22 20:27:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2012/02/22 20:25:56 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2012/02/22 20:25:39 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2012/02/22 20:25:29 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2012/02/22 20:25:13 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2012/02/22 20:25:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
MOD - [2012/02/22 20:24:59 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
MOD - [2012/02/22 20:24:40 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
MOD - [2012/02/22 20:24:25 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
MOD - [2012/02/22 20:24:21 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2012/02/22 20:24:12 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008/11/18 20:03:14 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/11/18 19:57:08 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/11/18 19:57:06 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/11/18 19:56:58 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/11/18 19:56:56 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/11/18 19:56:40 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/11/18 19:56:40 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/11/18 19:56:40 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008/07/27 19:22:54 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2008/07/27 19:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/07/27 19:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/01/21 03:24:29 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2007/08/14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/08 18:20:21 | 000,927,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe -- (vToolbarUpdater12.2.0)
SRV - [2012/07/14 01:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/10/01 01:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 01:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/08/24 13:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/01/20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe -- (STacSV)
SRV - [2009/01/20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/24 01:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 21:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PAUL2~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (at25ph0u)
DRV - [2012/08/08 18:20:24 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/10/01 01:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 01:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 01:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 01:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/10/24 23:43:24 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/01/20 09:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/23 12:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/12/20 08:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/09/22 06:49:36 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{F304A406-DF59-4420-A8BC-6A357E233831}: "URL" = http://uk.search.yah...p06&type=ie2008

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{F304A406-DF59-4420-A8BC-6A357E233831}: "URL" = http://uk.search.yah...p06&type=ie2008
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/08 18:16:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/10 10:37:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/20 00:19:55 | 000,000,000 | ---D | M]

[2012/05/19 13:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul 2\AppData\Roaming\Mozilla\Extensions
[2012/08/10 10:37:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul 2\AppData\Roaming\Mozilla\Firefox\Profiles\yl4r7yzt.default\extensions
[2012/08/08 14:07:55 | 000,002,306 | ---- | M] () -- C:\Users\paul 2\AppData\Roaming\Mozilla\Firefox\Profiles\yl4r7yzt.default\searchplugins\askcomsearch.xml
[2012/08/09 12:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/08 14:05:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/08 18:16:00 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/07/14 01:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/14 01:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/14 01:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\paul 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\paul 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\paul 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpmlnedpdikbgdghljdepnljfpkhccn\1.0.0_0\
CHR - Extension: No name found = C:\Users\paul 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: No name found = C:\Users\paul 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb\1.0.6_0\
CHR - Extension: No name found = C:\Users\paul 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/08/13 18:23:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC9AC7EB-763C-4D0E-888A-79FB8EA56FAA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/13 19:26:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/13 18:25:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/13 18:12:32 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/13 18:01:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/13 18:01:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/13 18:01:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/13 18:00:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/13 18:00:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/13 10:26:13 | 000,000,000 | ---D | C] -- C:\Users\paul 2\AppData\Local\Apple
[2012/08/13 10:14:12 | 000,000,000 | ---D | C] -- C:\found.000
[2012/08/12 22:50:25 | 000,000,000 | ---D | C] -- C:\Users\paul 2\AppData\Roaming\WinRAR
[2012/08/12 22:47:29 | 000,000,000 | ---D | C] -- C:\Users\paul 2\AppData\Roaming\Media Player Classic
[2012/08/12 19:38:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/09 12:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/09 08:24:39 | 000,000,000 | ---D | C] -- C:\Users\paul 2\AppData\Roaming\uTorrent
[2012/08/08 18:24:58 | 000,000,000 | ---D | C] -- C:\Users\paul 2\AppData\Roaming\AVG2012
[2012/08/08 18:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/08 18:20:24 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/08/08 18:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/08/08 18:15:42 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/08/08 18:15:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/08/08 18:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/08 18:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/08/08 16:57:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/08/08 16:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/08 14:45:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/08 14:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/08/08 14:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/08 14:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/13 19:27:02 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/08/13 19:26:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 19:26:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 19:26:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/13 19:26:26 | 2073,006,080 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/13 18:23:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/13 18:12:11 | 000,001,224 | ---- | M] () -- C:\Users\paul 2\Desktop\ComboFix.exe - Shortcut.lnk
[2012/08/13 15:15:32 | 000,006,080 | ---- | M] () -- C:\Users\paul 2\AppData\Local\d3d9caps.dat
[2012/08/13 14:21:15 | 103,696,573 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/13 11:10:20 | 000,000,696 | ---- | M] () -- C:\Users\paul 2\Desktop\dump.dat - Shortcut.lnk
[2012/08/13 11:08:51 | 000,000,512 | ---- | M] () -- C:\Windows\System32\dump.dat
[2012/08/11 12:36:26 | 169,277,542 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/11 10:05:29 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2012/08/10 11:00:06 | 000,000,512 | ---- | M] () -- C:\Users\paul 2\Documents\MBR.dat
[2012/08/09 14:13:33 | 000,025,088 | ---- | M] () -- C:\Users\paul 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/09 12:21:23 | 000,000,830 | ---- | M] () -- C:\Users\paul 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/09 12:21:23 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/09 11:54:54 | 000,320,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/09 09:48:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/08/09 09:48:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/08/08 18:20:56 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/08 18:20:24 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/07/22 00:28:53 | 000,609,640 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/22 00:28:53 | 000,108,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/13 18:02:51 | 000,001,224 | ---- | C] () -- C:\Users\paul 2\Desktop\ComboFix.exe - Shortcut.lnk
[2012/08/13 18:01:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/13 18:01:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/13 18:01:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/13 18:01:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/13 18:01:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/13 14:21:15 | 103,696,573 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/13 11:07:27 | 000,000,696 | ---- | C] () -- C:\Users\paul 2\Desktop\dump.dat - Shortcut.lnk
[2012/08/12 19:59:01 | 000,000,512 | ---- | C] () -- C:\Windows\System32\dump.dat
[2012/08/11 10:05:26 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2012/08/10 11:00:06 | 000,000,512 | ---- | C] () -- C:\Users\paul 2\Documents\MBR.dat
[2012/08/09 14:12:15 | 2073,006,080 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/09 12:21:23 | 000,000,830 | ---- | C] () -- C:\Users\paul 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/09 12:21:23 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/09 12:21:23 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/09 09:48:36 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/08/09 09:48:36 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/08/08 18:20:56 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/10 17:25:14 | 000,006,080 | ---- | C] () -- C:\Users\paul 2\AppData\Local\d3d9caps.dat
[2012/05/19 13:27:34 | 000,025,088 | ---- | C] () -- C:\Users\paul 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/14 18:46:21 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/06/30 08:45:36 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== LOP Check ==========

[2012/08/08 18:25:01 | 000,000,000 | ---D | M] -- C:\Users\paul 2\AppData\Roaming\AVG2012
[2012/06/23 11:17:16 | 000,000,000 | ---D | M] -- C:\Users\paul 2\AppData\Roaming\BitTorrent
[2012/08/09 11:52:43 | 000,000,000 | ---D | M] -- C:\Users\paul 2\AppData\Roaming\uTorrent
[2012/08/13 19:25:27 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP