Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet Explorergoes nonresponsive


  • Please log in to reply

#1
Carver239

Carver239

    Member

  • Member
  • PipPip
  • 13 posts
My computer is very slow, even during the startup. When surffing the internet it is extreamly slow and Internet Explorer goes nonresponsive. I am using Windows XP. Can you help me clean this up? Any help will be greatly appreciated.

OTL logfile created on: 9/24/2012 9:43:34 AM - Run 1
OTL by OldTimer - Version 3.2.66.2 Folder = C:\Documents and Settings\Earl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 95.97 Mb Available Physical Memory | 9.46% Memory free
2.39 Gb Paging File | 1.49 Gb Available in Paging File | 62.29% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 20.52 Gb Free Space | 18.36% Space Free | Partition Type: NTFS

Computer Name: EARL-UI0F03F9Z3 | User Name: Earl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/24 09:43:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Earl\Desktop\OTL.exe
PRC - [2012/09/03 20:19:47 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/09/03 20:19:28 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/07/26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/30 21:43:30 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/07/25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/06/18 21:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/05 18:17:14 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/12/05 18:09:48 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/12/05 18:01:24 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/12/05 17:42:18 | 000,249,856 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
PRC - [2006/01/17 11:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/03 20:20:04 | 000,564,832 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/03 20:19:50 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/09/03 20:19:47 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
MOD - [2012/09/03 20:19:28 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/09/03 20:19:20 | 001,734,240 | ---- | M] () -- C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
MOD - [2012/06/14 08:29:18 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/05/10 08:34:08 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/10 00:23:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/10 00:23:30 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/10 00:23:17 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/07/09 20:58:18 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2009/06/18 21:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2007/12/05 18:17:14 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2007/12/05 18:09:48 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
MOD - [2007/12/05 18:09:12 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2007/12/05 18:09:12 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2006/08/02 01:26:20 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/08/02 01:24:54 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service -- (avast! Web Scanner)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service -- (avast! Mail Scanner)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/03 20:19:47 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/06/26 11:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/05 18:17:14 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/12/05 18:01:24 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/12/05 17:42:18 | 000,249,856 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2006/01/17 11:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\AegisP.sys -- (AegisP)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\7197302drv.sys -- (7197302drv)
DRV - [2012/09/03 20:19:55 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/02/20 18:29:38 | 000,005,760 | ---- | M] (Lenovo) [Kernel | Disabled | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\WAM.sys -- (WAM)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/07/01 11:19:03 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/06/26 10:27:40 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/11/26 13:18:18 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008/11/26 13:17:36 | 000,111,184 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/11/26 13:17:25 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/11/26 13:16:38 | 000,050,864 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/11/26 13:16:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/11/26 13:15:35 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/12/14 06:04:24 | 000,551,680 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/12/05 17:42:20 | 000,046,656 | ---- | M] (Lenovo) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2007/08/10 14:52:44 | 004,603,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/05/22 15:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006/09/08 18:01:20 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/08/30 15:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/08/02 02:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/02/27 06:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/17 11:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/01/17 11:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/01/17 11:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/01/17 11:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/01/17 11:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/11/16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 19:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/17 17:16:50 | 010,446,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2005/03/29 19:02:22 | 000,116,594 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://everythingy.com/ie/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://everythingy.com/news.phpht [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000000fb0d2402b
IE - HKCU\..\SearchScopes\{3F00AD72-339A-4EE9-B036-24C3B93D9153}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{466BDFD6-2DDB-4ADF-B124-34B9974258E3}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{485CDCEA-9BC6-4366-8CDE-A897D6B96442}: "URL" = http://www.everythin...{inputEncoding}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7_____en
IE - HKCU\..\SearchScopes\{7048D4EA-4B47-4DBF-8E2B-CEFF9BE13C78}: "URL" = http://www.everythin...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-07-23 15:53:22&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9640E2C1-C9E3-469D-855B-39277321CDE7}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.coupon...q={searchTerms}
IE - HKCU\..\SearchScopes\{F09FC790-EFC3-469A-93A1-4CEA897B7A1F}: "URL" = http://www.everythin...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.3.37: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.3.37: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.3.37: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.3.37: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Earl\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.2.5.32\ [2012/09/03 20:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/16 15:18:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/30 21:44:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/17 09:39:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/16 15:18:19 | 000,000,000 | ---D | M]

[2011/04/01 10:52:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/19 14:46:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Earl\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnceEx: [ContentMerger] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll File not found
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter...oad/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238557606531 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E428CC9-04B6-4362-952A-31CD8285B0B3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Earl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Earl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\opnmLfGy) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/19 22:49:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6db13772-3e87-11de-9e80-000fb0d2402b}\Shell - "" = AutoRun
O33 - MountPoints2\{6db13772-3e87-11de-9e80-000fb0d2402b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6db13772-3e87-11de-9e80-000fb0d2402b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{de804924-1fa3-11dd-9b27-0016cff43dc0}\Shell - "" = AutoRun
O33 - MountPoints2\{de804924-1fa3-11dd-9b27-0016cff43dc0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de804924-1fa3-11dd-9b27-0016cff43dc0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/24 09:43:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Earl\Desktop\OTL.exe
[2012/09/17 09:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/09/03 20:19:55 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/24 09:43:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Earl\Desktop\OTL.exe
[2012/09/24 09:25:05 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E1A4C851-AB0E-4AFD-AA1B-A0A42D7CBC36}.job
[2012/09/24 09:03:28 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1417001333-562591055-1801674531-1004UA.job
[2012/09/24 08:35:45 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-562591055-1801674531-1004.job
[2012/09/24 08:35:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-562591055-1801674531-1004.job
[2012/09/24 08:31:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/24 08:31:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/23 22:33:05 | 095,595,689 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/09/23 09:33:41 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Earl\Desktop\Microsoft Office PowerPoint 2003.lnk
[2012/09/22 17:59:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1417001333-562591055-1801674531-1004Core.job
[2012/09/22 15:44:51 | 000,484,806 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/22 15:44:51 | 000,081,036 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/18 18:27:23 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\Earl\Desktop\Microsoft Works Calendar.lnk
[2012/09/16 18:19:39 | 000,381,354 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/09/15 12:29:50 | 000,015,184 | ---- | M] () -- C:\Documents and Settings\Earl\Application Data\wklnhst.dat
[2012/09/13 09:53:59 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Earl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/13 01:39:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/10 11:01:09 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Earl\My Documents\spider.sav
[2012/09/03 20:19:55 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/17 20:06:35 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-562591055-1801674531-1004.job
[2012/09/17 20:06:34 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-562591055-1801674531-1004.job
[2012/08/25 09:52:58 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Earl\Local Settings\Application Data\dt.dat
[2012/07/20 16:03:21 | 000,001,920 | ---- | C] () -- C:\Documents and Settings\Earl\elists.db
[2012/05/01 08:53:54 | 000,381,228 | ---- | C] () -- C:\Documents and Settings\Earl\Local Settings\Application Data\rx_image32.Cache
[2012/03/16 16:05:58 | 000,207,256 | ---- | C] () -- C:\WINDOWS\hpwins28.dat.temp
[2012/03/16 15:51:50 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat.temp
[2012/03/16 15:02:25 | 000,206,559 | ---- | C] () -- C:\WINDOWS\hpwins28.dat
[2012/03/16 15:02:25 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat
[2012/02/14 18:25:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/07 22:53:22 | 000,123,087 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2012/01/07 22:53:22 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2012/01/07 22:35:41 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/07/09 20:58:18 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011/07/09 20:58:18 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2011/04/28 22:43:02 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ANNOUNCE.INI
[2011/03/07 16:21:29 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Earl\Application Data\winscp.rnd
[2011/02/19 21:02:07 | 000,200,794 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1417001333-562591055-1801674531-1004-0.dat
[2011/02/19 06:55:56 | 000,200,794 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/11/15 13:25:15 | 000,315,038 | ---- | C] () -- C:\Documents and Settings\Earl\Application Data\fontlst2.opf
[2010/11/15 13:09:30 | 000,172,128 | R--- | C] () -- C:\WINDOWS\_isusr32.dll
[2010/11/15 13:09:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2010/11/05 17:41:30 | 000,015,184 | ---- | C] () -- C:\Documents and Settings\Earl\Application Data\wklnhst.dat
[2008/08/25 10:48:43 | 000,122,264 | ---- | C] () -- C:\Documents and Settings\Earl\Local Settings\Application Data\rx_audio.Cache
[2008/01/30 11:01:47 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Earl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/29 21:33:00 | 004,281,776 | ---- | C] () -- C:\Documents and Settings\Earl\Local Settings\Application Data\rx_image.Cache

========== ZeroAccess Check ==========

[2008/01/19 23:41:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/09/11 11:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2012/09/03 20:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/09/23 11:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/01/07 22:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/02/15 14:24:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/15 13:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Desktop Document Manager
[2011/02/19 05:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2009/01/05 14:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/02/28 13:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/07/26 03:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Libronix DLS
[2009/01/29 17:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2012/09/24 09:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/08/03 20:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/07/11 17:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2012/04/26 13:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
[2011/10/24 20:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softouch
[2011/11/05 17:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2012/07/30 10:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2012/04/25 16:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/11/21 16:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/11/01 08:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Worship Him Power Edition
[2009/12/02 14:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/07 22:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/02/11 10:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\AVG
[2011/09/23 11:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\AVG Secure Search
[2011/02/15 14:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\AVG10
[2011/09/23 11:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\AVG2012
[2012/01/07 22:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\Babylon
[2010/11/15 13:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\Desktop Document Manager
[2009/07/01 11:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\Downloaded Installations
[2008/08/04 14:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\EPSON
[2011/03/01 13:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\GARMIN
[2009/06/14 07:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\Image Zone Express
[2009/01/05 14:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\iolo
[2008/07/26 03:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\Leadertech
[2008/07/26 03:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\Lenovo
[2008/07/26 03:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\Libronix DLS
[2012/02/27 19:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\OpenSong
[2010/11/15 13:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\Sharp
[2012/04/25 16:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\Simple Star
[2009/11/21 14:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\SmartDraw
[2008/07/26 03:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\Softouch
[2009/04/11 15:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\SwordSearcher 5
[2011/12/10 12:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\TeamViewer
[2010/11/05 17:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\Template
[2012/07/09 19:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl\Application Data\Toolbar4

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4

< End of report >


OTL Extras logfile created on: 9/24/2012 9:43:34 AM - Run 1
OTL by OldTimer - Version 3.2.66.2 Folder = C:\Documents and Settings\Earl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 95.97 Mb Available Physical Memory | 9.46% Memory free
2.39 Gb Paging File | 1.49 Gb Available in Paging File | 62.29% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 20.52 Gb Free Space | 18.36% Space Free | Partition Type: NTFS

Computer Name: EARL-UI0F03F9Z3 | User Name: Earl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{0763E426-FB61-4CD3-B8C7-01A0F37CAAEB}" = Fingerprint Sensor Minimum Install
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12BE3579-A34B-47BD-A65C-82B1754E71E1}" = D4100
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus CX6000 Scanner Driver Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C97C9C5-1AF3-41B0-B61C-185C06C75EE6}" = D4100_Help
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5F81DD92-6A2F-11D4-903E-00E0293397B7}" = Libronix Digital Library System
"{5F81DD9B-6A2F-11D4-903E-00E0293397B7}" = LibronixUpdate
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = Integrated Camera
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{AD708DF0-9F04-4CB3-821A-85804A833B4D}" = ArcSoft Camera Suite
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6270F59-57C0-4924-B5EB-E79616B5590F}" = Garmin City Navigator North America NT 2011.40 Update
"{CA0AF735-4583-413E-897F-E91A237EE2E1}" = Libronix DLS Shortcuts
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D1AE6D4D-C37A-487d-83D8-C333125B2459}" = HP Photosmart and Deskjet 7.0 Software
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG" = AVG 2012
"Bicycle Card Games 1.0" = Bicycle Card Games
"ClickArt Christian Value 1.0" = ClickArt® Christian Value
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnlineBible" = Online Bible 12.20.02
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"PhotoRecord" = Canon PhotoRecord
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 15.0" = RealPlayer
"Signature995" = Signature995
"Silent Package Run-Time Sample" = EPSON CX6000 Series User's Guide
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"The Weather Channel Toolbar" = The Weather Channel Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winscp3_is1" = WinSCP 4.3.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OnlineBible" = Online Bible 12.20.02

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 1/19/2009 9:50:29 PM | Computer Name = EARL-UI0F03F9Z3 | Source = avast! | ID = 33554522
Description =

Error - 1/19/2009 9:50:30 PM | Computer Name = EARL-UI0F03F9Z3 | Source = avast! | ID = 33554522
Description =

Error - 1/20/2009 9:36:05 AM | Computer Name = EARL-UI0F03F9Z3 | Source = avast! | ID = 33554522
Description =

Error - 1/20/2009 9:36:05 AM | Computer Name = EARL-UI0F03F9Z3 | Source = avast! | ID = 33554522
Description =

Error - 1/20/2009 1:03:35 PM | Computer Name = EARL-UI0F03F9Z3 | Source = avast! | ID = 33554522
Description =

Error - 1/20/2009 1:03:35 PM | Computer Name = EARL-UI0F03F9Z3 | Source = avast! | ID = 33554522
Description =

Error - 1/20/2009 4:41:25 PM | Computer Name = EARL-UI0F03F9Z3 | Source = avast! | ID = 33554522
Description =

Error - 1/20/2009 4:41:25 PM | Computer Name = EARL-UI0F03F9Z3 | Source = avast! | ID = 33554522
Description =

Error - 1/20/2009 5:19:54 PM | Computer Name = EARL-UI0F03F9Z3 | Source = avast! | ID = 33554522
Description =

Error - 1/20/2009 5:19:54 PM | Computer Name = EARL-UI0F03F9Z3 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 9/21/2012 8:44:27 AM | Computer Name = EARL-UI0F03F9Z3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/22/2012 9:32:52 AM | Computer Name = EARL-UI0F03F9Z3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/22/2012 12:13:04 PM | Computer Name = EARL-UI0F03F9Z3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/22/2012 12:13:05 PM | Computer Name = EARL-UI0F03F9Z3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/22/2012 2:59:06 PM | Computer Name = EARL-UI0F03F9Z3 | Source = Google Update | ID = 20
Description =

Error - 9/22/2012 6:23:56 PM | Computer Name = EARL-UI0F03F9Z3 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.65.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/22/2012 6:23:56 PM | Computer Name = EARL-UI0F03F9Z3 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.65.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/23/2012 7:10:45 AM | Computer Name = EARL-UI0F03F9Z3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/23/2012 7:10:45 AM | Computer Name = EARL-UI0F03F9Z3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/23/2012 7:10:46 AM | Computer Name = EARL-UI0F03F9Z3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/22/2012 3:43:03 PM | Computer Name = EARL-UI0F03F9Z3 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2}

to the user EARL-UI0F03F9Z3\Earl SID (S-1-5-21-1417001333-562591055-1801674531-1004).
This security permission can be modified using the Component Services administrative
tool.

Error - 9/22/2012 3:43:03 PM | Computer Name = EARL-UI0F03F9Z3 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2}

to the user EARL-UI0F03F9Z3\Earl SID (S-1-5-21-1417001333-562591055-1801674531-1004).
This security permission can be modified using the Component Services administrative
tool.

Error - 9/22/2012 3:43:03 PM | Computer Name = EARL-UI0F03F9Z3 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2}

to the user EARL-UI0F03F9Z3\Earl SID (S-1-5-21-1417001333-562591055-1801674531-1004).
This security permission can be modified using the Component Services administrative
tool.

Error - 9/22/2012 4:19:58 PM | Computer Name = EARL-UI0F03F9Z3 | Source = Service Control Manager | ID = 7000
Description = The AEGIS Protocol (IEEE 802.1x) v3.5.3.0 service failed to start
due to the following error: %%2

Error - 9/22/2012 4:19:58 PM | Computer Name = EARL-UI0F03F9Z3 | Source = Service Control Manager | ID = 7000
Description = The PCASp50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 9/23/2012 7:04:41 AM | Computer Name = EARL-UI0F03F9Z3 | Source = Service Control Manager | ID = 7000
Description = The AEGIS Protocol (IEEE 802.1x) v3.5.3.0 service failed to start
due to the following error: %%2

Error - 9/23/2012 7:04:41 AM | Computer Name = EARL-UI0F03F9Z3 | Source = Service Control Manager | ID = 7000
Description = The PCASp50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 9/23/2012 9:25:28 AM | Computer Name = EARL-UI0F03F9Z3 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 0019D24500F5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/24/2012 8:33:45 AM | Computer Name = EARL-UI0F03F9Z3 | Source = Service Control Manager | ID = 7000
Description = The AEGIS Protocol (IEEE 802.1x) v3.5.3.0 service failed to start
due to the following error: %%2

Error - 9/24/2012 8:33:45 AM | Computer Name = EARL-UI0F03F9Z3 | Source = Service Control Manager | ID = 7000
Description = The PCASp50 NDIS Protocol Driver service failed to start due to the
following error: %%2


< End of report >
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello Carver239,

Welcome to Geekstogo.

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Next

Download AdwCleaner from here to your desktop
  • Click on the green downward facing arrow on the right to commence download.
  • Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

After that

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

So when you return please post
  • aswMBR. log
  • AdwCleaner log
  • MBAM scan report

  • 0

#3
Carver239

Carver239

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
This is my 2nd attempt so I hope it works this time.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-28 12:31:47
-----------------------------
12:31:47.156 OS Version: Windows 5.1.2600 Service Pack 3
12:31:47.156 Number of processors: 2 586 0xE08
12:31:47.156 ComputerName: EARL-UI0F03F9Z3 UserName: Earl
12:31:51.750 Initialize success
12:37:58.750 AVAST engine defs: 12092800
12:43:01.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:43:01.171 Disk 0 Vendor: FUJITSU_MHV2120BH_PL 0084002A Size: 114473MB BusType: 3
12:43:01.187 Disk 0 MBR read successfully
12:43:01.187 Disk 0 MBR scan
12:43:01.234 Disk 0 unknown MBR code
12:43:01.234 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
12:43:01.250 Disk 0 scanning sectors +234420480
12:43:01.312 Disk 0 scanning C:\WINDOWS\system32\drivers
12:43:21.468 Service scanning
12:44:04.109 Modules scanning
12:44:16.796 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
12:44:19.390 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
12:44:19.390 Disk 0 trace - called modules:
12:44:19.515 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
12:44:19.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87185ab8]
12:44:19.515 3 CLASSPNP.SYS[f751cfd7] -> nt!IofCallDriver -> \Device\00000085[0x87189278]
12:44:19.515 5 ACPI.sys[f7393620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87158940]
12:44:23.125 AVAST engine scan C:\WINDOWS
12:44:48.328 AVAST engine scan C:\WINDOWS\system32
12:49:27.000 AVAST engine scan C:\WINDOWS\system32\drivers
12:49:53.265 AVAST engine scan C:\Documents and Settings\Earl
13:10:59.296 File: C:\Documents and Settings\Earl\Local Settings\Temp\SkypeSetup.exe **HIDDEN**
13:11:00.578 File: C:\Documents and Settings\Earl\Local Settings\Temp\stubhelper.dll **HIDDEN**
13:11:04.265 File: C:\Documents and Settings\Earl\Local Settings\Temp\ToolbarInstaller.exe **HIDDEN**
13:11:20.078 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\ashBase.dll **HIDDEN**
13:11:20.921 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\ashSSqlt.dll **HIDDEN**
13:11:21.578 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\ashSXML.dll **HIDDEN**
13:11:22.203 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\ashTask.dll **HIDDEN**
13:11:23.390 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswAux.dll **HIDDEN**
13:11:25.437 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswCmnB.dll **HIDDEN**
13:11:26.609 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswCmnOS.dll **HIDDEN**
13:11:28.171 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswCmnS.dll **HIDDEN**
13:11:30.421 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswEngin.dll **HIDDEN**
13:11:31.140 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswRes.dll **HIDDEN**
13:11:31.859 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswScan.dll **HIDDEN**
13:11:34.156 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\data\aswar0.dll **HIDDEN**
13:11:36.468 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\data\clnr0.dll **HIDDEN**
13:11:37.500 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\data\exts0.dll **HIDDEN**
13:11:39.265 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\data\uiaux0.dll **HIDDEN**
13:11:40.000 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\data\updldr0.bin **HIDDEN**
13:11:40.843 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\english\Base.dll **HIDDEN**
13:11:41.625 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\msvcp71.dll **HIDDEN**
13:11:42.453 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\msvcr71.dll **HIDDEN**
13:11:45.437 File: C:\Documents and Settings\Earl\Local Settings\Temp\_uninstall\_uninstall5564 **HIDDEN**
13:11:48.140 File: C:\Documents and Settings\Earl\Local Settings\Temp\{CD4F1242-7EB5-490C-8861-348FDC1F8B67}\{673E2CB8-8306-4F99-9DF9-6492C2F57072}\difxapi.dll **HIDDEN**
13:11:51.437 File: C:\Documents and Settings\Earl\Local Settings\Temp\~rnsetup\GEMSETUP\pnrs3260.dll **HIDDEN**
13:12:06.093 AVAST engine scan C:\Documents and Settings\All Users
13:20:49.140 Scan finished successfully
13:22:47.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Earl\Desktop\MBR.dat"
13:22:47.671 The log file has been saved successfully to "C:\Documents and Settings\Earl\Desktop\aswMBR -2.txt"



Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.28.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Earl :: EARL-UI0F03F9Z3 [administrator]

9/28/2012 1:52:18 PM
mbam-log-2012-09-28 (13-52-18).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 324872
Time elapsed: 1 hour(s), 40 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello again Carver239,

A file to check and another OTL scan using the latest version.

Now

Please go to Virus Total

Click on the button Choose File

Copy/paste this file and path into the white box beside File Name in the window that pops up:

C:\Documents and Settings\Earl\Desktop\MBR.dat

Press Scan it- this will submit the file for testing.

Please wait for all the scanners to finish then copy and paste the results in your next response.

Next

Delete your copy of OTL and download the latest version.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    /md5start
    services.*
    wbemess.dill
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    consrv.dll
    qmgr.dll
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %USERPROFILE%\..|smtmp;true;true;true /FP 
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.

    o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post back here.

  • 0

#5
Carver239

Carver239

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
When i go to the virus tool and clidk on the Choose File button it takes me the the Malwarebites Folder. I paste C:\Documents and Settings\Earl\Desktop\MBR.dat into the file ame box. Then a message pops up that says "File not found."

Now what do I do?
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hmm...

Leave my last instructions and do this instead:

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • Click on Scan

    Posted Image
  • Wait for the scan to finish.
  • The report is created on your desktop.
  • Click on the Delete button

    Posted Image
  • The report is created on your desktop.
  • Next click on the ShortcutsFix button.

    Posted Image
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of all the RKreport.txt files from your desktop in your next Reply.
  • 0

#7
Carver239

Carver239

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Nothing was working so I went back and tried the Virus Total scan and this time it worked.

This is the scan:
SHA256: 1daeb28e5f536ebf0875e09573386beca6838d05ef320c2aefe646c7fc6ad8f8
SHA1: 3eadc02d0460a0881ab87db1b1ffb8c315f4d645
MD5: 75d613b45a3bb93209dc0d0a1e9edcf0
File size: 512 bytes ( 512 bytes )
File name: MBR.dat
File type: unknown
Detection ratio: 0 / 42
Analysis date: 2012-10-03 14:11:03 UTC ( 3 minutes ago )

00More detailsAntivirus Result Update
AhnLab-V3 - 20121003
AntiVir - 20121003
Antiy-AVL - 20121002
Avast - 20121003
AVG - 20121003
BitDefender - 20121003
ByteHero - 20121003
CAT-QuickHeal - 20121002
ClamAV - 20121003
Commtouch - 20121003
Comodo - 20121003
DrWeb - 20121003
Emsisoft - 20120919
eSafe - 20121002
eScan - 20121002
ESET-NOD32 - 20121003
F-Prot - 20120926
F-Secure - 20121003
Fortinet - 20121003
GData - 20121003
Ikarus - 20121003
Jiangmin - 20121002
K7AntiVirus - 20121002
Kaspersky - 20121003
McAfee - 20121003
McAfee-GW-Edition - 20121003
Microsoft - 20121003
Norman - 20121003
nProtect - 20121003
Panda - 20121002
PCTools - 20121003
Rising - 20120928
Sophos - 20121003
SUPERAntiSpyware - 20120911
Symantec - 20121003
TheHacker - 20121001
TotalDefense - 20121003
TrendMicro - 20121003
TrendMicro-HouseCall - 20121003
VBA32 - 20121003
VIPRE - 20121002
ViRobot - 20121003

Comments
Votes
Additional information
No comments


OTL logfile created on: 10/3/2012 10:32:56 AM - Run 2
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\Earl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 174.26 Mb Available Physical Memory | 17.18% Memory free
2.39 Gb Paging File | 1.24 Gb Available in Paging File | 51.82% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 23.99 Gb Free Space | 21.46% Space Free | Partition Type: NTFS

Computer Name: EARL-UI0F03F9Z3 | User Name: Earl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/03 10:29:52 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Earl\Desktop\OTL.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/07/26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/30 21:43:30 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/07/25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/06/18 21:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/05 18:17:14 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/12/05 18:09:48 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/12/05 18:01:24 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/12/05 17:42:18 | 000,249,856 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
PRC - [2006/01/17 11:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 08:29:18 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/05/10 08:34:08 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/10 00:23:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/10 00:23:30 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/10 00:23:17 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/07/09 20:58:18 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2009/06/18 21:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2007/12/05 18:17:14 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2007/12/05 18:09:48 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
MOD - [2007/12/05 18:09:12 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2007/12/05 18:09:12 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2006/08/02 01:26:20 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/08/02 01:24:54 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service -- (avast! Web Scanner)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service -- (avast! Mail Scanner)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/06/26 11:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/05 18:17:14 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/12/05 18:01:24 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/12/05 17:42:18 | 000,249,856 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2006/01/17 11:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\AegisP.sys -- (AegisP)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\7197302drv.sys -- (7197302drv)
DRV - [2012/09/03 20:19:55 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/07/01 11:19:03 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/06/26 10:27:40 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/11/26 13:18:18 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008/11/26 13:17:36 | 000,111,184 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/11/26 13:17:25 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/11/26 13:16:38 | 000,050,864 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/11/26 13:16:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/11/26 13:15:35 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/12/14 06:04:24 | 000,551,680 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/12/05 17:42:20 | 000,046,656 | ---- | M] (Lenovo) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2007/08/10 14:52:44 | 004,603,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/05/22 15:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006/09/08 18:01:20 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/08/30 15:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/08/02 02:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/02/27 06:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/17 11:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/01/17 11:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/01/17 11:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/01/17 11:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/01/17 11:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/11/16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 19:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/17 17:16:50 | 010,446,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2005/03/29 19:02:22 | 000,116,594 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://everythingy.com/ie/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://everythingy.com/news.phpht [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKCU\..\SearchScopes\{3F00AD72-339A-4EE9-B036-24C3B93D9153}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{466BDFD6-2DDB-4ADF-B124-34B9974258E3}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{485CDCEA-9BC6-4366-8CDE-A897D6B96442}: "URL" = http://www.everythin...{inputEncoding}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7_____en
IE - HKCU\..\SearchScopes\{7048D4EA-4B47-4DBF-8E2B-CEFF9BE13C78}: "URL" = http://www.everythin...q={searchTerms}
IE - HKCU\..\SearchScopes\{9640E2C1-C9E3-469D-855B-39277321CDE7}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{F09FC790-EFC3-469A-93A1-4CEA897B7A1F}: "URL" = http://www.everythin...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.3.37: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.3.37: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.3.37: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.3.37: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Earl\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/16 15:18:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/30 21:44:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/17 09:39:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/16 15:18:19 | 000,000,000 | ---D | M]

[2011/04/01 10:52:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/19 14:46:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Earl\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnceEx: [ContentMerger] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Unable to open value key File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll File not found
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter...oad/tgctlcm.cab (Reg Error: Unable to open value key)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Unable to open value key)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238557606531 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Unable to open value key)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E428CC9-04B6-4362-952A-31CD8285B0B3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Earl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Earl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\opnmLfGy) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/19 22:49:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6db13772-3e87-11de-9e80-000fb0d2402b}\Shell - "" = AutoRun
O33 - MountPoints2\{6db13772-3e87-11de-9e80-000fb0d2402b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6db13772-3e87-11de-9e80-000fb0d2402b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{de804924-1fa3-11dd-9b27-0016cff43dc0}\Shell - "" = AutoRun
O33 - MountPoints2\{de804924-1fa3-11dd-9b27-0016cff43dc0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de804924-1fa3-11dd-9b27-0016cff43dc0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Unable to open value key File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/03 10:29:40 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Earl\Desktop\OTL.exe
[2012/09/30 16:16:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Earl\Desktop\aswMBR.exe
[2012/09/30 15:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\WiseConvert
[2012/09/27 00:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/09/27 00:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/09/17 09:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/09/03 20:19:55 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/03 10:29:52 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Earl\Desktop\OTL.exe
[2012/10/03 09:55:09 | 096,372,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/10/03 08:59:25 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1417001333-562591055-1801674531-1004UA.job
[2012/10/03 08:45:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-562591055-1801674531-1004.job
[2012/10/03 08:45:22 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E1A4C851-AB0E-4AFD-AA1B-A0A42D7CBC36}.job
[2012/10/03 08:45:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-562591055-1801674531-1004.job
[2012/10/03 08:42:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/02 17:59:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1417001333-562591055-1801674531-1004Core.job
[2012/10/02 13:31:27 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Earl\Desktop\Microsoft Office PowerPoint 2003.lnk
[2012/10/02 10:05:44 | 000,004,626 | ---- | M] () -- C:\WINDOWS\MSWORKS3.INI
[2012/10/01 18:38:16 | 000,386,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/09/30 19:47:00 | 000,513,501 | ---- | M] () -- C:\Documents and Settings\Earl\Desktop\adwcleaner.exe
[2012/09/30 19:36:16 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Earl\Desktop\MBR.dat
[2012/09/30 16:16:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Earl\Desktop\aswMBR.exe
[2012/09/30 16:06:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/28 13:50:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/22 15:44:51 | 000,484,806 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/22 15:44:51 | 000,081,036 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/18 18:27:23 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\Earl\Desktop\Microsoft Works Calendar.lnk
[2012/09/15 12:29:50 | 000,015,184 | ---- | M] () -- C:\Documents and Settings\Earl\Application Data\wklnhst.dat
[2012/09/13 09:53:59 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Earl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/13 01:39:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/10 11:01:09 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Earl\My Documents\spider.sav
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/03 20:19:55 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/30 19:46:57 | 000,513,501 | ---- | C] () -- C:\Documents and Settings\Earl\Desktop\adwcleaner.exe
[2012/09/30 19:36:16 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Earl\Desktop\MBR.dat
[2012/09/17 20:06:35 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-562591055-1801674531-1004.job
[2012/09/17 20:06:34 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-562591055-1801674531-1004.job
[2012/08/25 09:52:58 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Earl\Local Settings\Application Data\dt.dat
[2012/07/20 16:03:21 | 000,001,920 | ---- | C] () -- C:\Documents and Settings\Earl\elists.db
[2012/05/01 08:53:54 | 000,381,228 | ---- | C] () -- C:\Documents and Settings\Earl\Local Settings\Application Data\rx_image32.Cache
[2012/03/16 16:05:58 | 000,207,256 | ---- | C] () -- C:\WINDOWS\hpwins28.dat.temp
[2012/03/16 15:51:50 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat.temp
[2012/03/16 15:02:25 | 000,206,559 | ---- | C] () -- C:\WINDOWS\hpwins28.dat
[2012/03/16 15:02:25 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat
[2012/02/14 18:25:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/07 22:53:22 | 000,123,087 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2012/01/07 22:53:22 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2012/01/07 22:35:41 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/07/09 20:58:18 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011/07/09 20:58:18 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2011/04/28 22:43:02 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ANNOUNCE.INI
[2011/03/07 16:21:29 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Earl\Application Data\winscp.rnd
[2011/02/19 21:02:07 | 000,200,794 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1417001333-562591055-1801674531-1004-0.dat
[2011/02/19 06:55:56 | 000,200,794 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/11/15 13:25:15 | 000,315,038 | ---- | C] () -- C:\Documents and Settings\Earl\Application Data\fontlst2.opf
[2010/11/15 13:09:30 | 000,172,128 | R--- | C] () -- C:\WINDOWS\_isusr32.dll
[2010/11/15 13:09:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2010/11/05 17:41:30 | 000,015,184 | ---- | C] () -- C:\Documents and Settings\Earl\Application Data\wklnhst.dat
[2008/08/25 10:48:43 | 000,122,264 | ---- | C] () -- C:\Documents and Settings\Earl\Local Settings\Application Data\rx_audio.Cache
[2008/01/30 11:01:47 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Earl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/29 21:33:00 | 004,281,776 | ---- | C] () -- C:\Documents and Settings\Earl\Local Settings\Application Data\rx_image.Cache

========== ZeroAccess Check ==========

[2008/01/19 23:41:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/09/30 19:48:25 | 000,000,721 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2012/09/30 23:55:17 | 000,000,780 | ---- | M] () -- C:\AdwCleaner[S3].txt
[2008/01/19 22:49:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/12/10 12:24:05 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/01/19 22:49:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/13 17:54:32 | 000,000,402 | ---- | M] () -- C:\inferno.log
[2008/01/19 22:49:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/04/05 16:10:28 | 000,000,928 | -H-- | M] () -- C:\IPH.PH
[2008/01/19 22:49:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2009/01/03 10:31:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/10/03 08:41:43 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2004/08/04 07:00:00 | 000,260,272 | RHS- | M] () -- C:\peldr
[2010/02/21 15:12:24 | 000,010,418 | ---- | M] () -- C:\Rescued document 1.txt
[2012/04/01 00:12:22 | 000,002,652 | ---- | M] () -- C:\Rescued document 2.txt
[2010/02/21 11:37:33 | 000,009,303 | ---- | M] () -- C:\Rescued document.txt
[2008/01/20 00:43:08 | 000,000,542 | ---- | M] () -- C:\RHDSetup.log
[2008/01/20 01:35:02 | 000,000,086 | ---- | M] () -- C:\setup.log
[2012/10/03 08:45:07 | 002,553,574 | ---- | M] () -- C:\sysiclog.txt
[2012/08/23 19:16:53 | 000,000,954 | ---- | M] () -- C:\twacker.log
[2006/06/19 17:08:17 | 000,000,054 | ---- | M] () -- C:\ut.bat
[2006/06/21 23:03:22 | 000,000,056 | ---- | M] () -- C:\ut9x.bat
[2004/08/04 07:00:00 | 000,000,010 | ---- | M] () -- C:\WIN51
[2004/08/04 07:00:00 | 000,000,010 | ---- | M] () -- C:\WIN51IP
[2004/08/04 07:00:00 | 000,000,010 | ---- | M] () -- C:\WIN51IP.SP2
[2009/04/23 15:16:26 | 000,000,002 | ---- | M] () -- C:\wizard.txt
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: QMGR.DLL >
[2004/08/04 01:56:46 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2003/07/16 16:44:24 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2011/09/05 13:04:56 | 000,584,808 | ---- | M] () MD5=B3B25937514C772FD2490108B91CE17F -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DLL >
[2007/06/14 14:42:34 | 000,020,480 | ---- | M] ( ) MD5=17AD4A8A51AECE2EC20D8CF7994BC9F4 -- C:\Program Files\Common Files\Lenovo\InvAgent\local\collect\services.dll
[2006/11/24 16:19:24 | 000,020,480 | ---- | M] ( ) MD5=17AD4A8A51AECE2EC20D8CF7994BC9F4 -- C:\Program Files\Lenovo\System Update\egather\local\collect\services.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 01:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.LNK >
[2012/09/14 12:52:01 | 000,001,602 | ---- | M] () MD5=B4882CF71DE552C4AF0C90C6B21086B8 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2003/07/16 16:44:24 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 01:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 01:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"Type" = 32
"Start" = 3
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = Background Intelligent Transfer Service
"DependOnService" = Rpcss [binary data] -- [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
"DependOnGroup" = [binary data]
"ObjectName" = LocalSystem
"Description" = Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = C:\WINDOWS\system32\qmgr.dll -- [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Enum]
"0" = Root\LEGACY_BITS\0000
"Count" = 1
"NextInstance" = 1

< %systemroot%\System32\config\*.sav >
[2008/01/19 17:37:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/01/19 17:37:25 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/01/19 17:37:25 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-09-22 19:47:13

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/07/16 16:36:18 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/07/16 16:36:18 | 000,094,208 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4

< End of report >


I cannot find the Extras.txt notepad file

Again, thanks for helping with this as I am totally lost.
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello Carver239,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#9
Carver239

Carver239

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
After the initial scan it says it found 246 threats (all medium risk). When I hit the continue button it just rescans my computer again. I cannot find any log of the scan.
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

I cannot find any log of the scan.


Should be at C:\ in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt

Have a look and see if you can find it. If not come back and tell me. :)
  • 0

Advertisements


#11
Carver239

Carver239

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I still cann't find it. I'll keep trying.
  • 0

#12
Carver239

Carver239

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I think I found it!

14:55:17.0312 1784 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:55:17.0765 1784 ============================================================
14:55:17.0765 1784 Current date / time: 2012/10/03 14:55:17.0765
14:55:17.0765 1784 SystemInfo:
14:55:17.0765 1784
14:55:17.0765 1784 OS Version: 5.1.2600 ServicePack: 3.0
14:55:17.0765 1784 Product type: Workstation
14:55:17.0765 1784 ComputerName: EARL-UI0F03F9Z3
14:55:17.0765 1784 UserName: Earl
14:55:17.0765 1784 Windows directory: C:\WINDOWS
14:55:17.0765 1784 System windows directory: C:\WINDOWS
14:55:17.0765 1784 Processor architecture: Intel x86
14:55:17.0765 1784 Number of processors: 2
14:55:17.0765 1784 Page size: 0x1000
14:55:17.0765 1784 Boot type: Normal boot
14:55:17.0765 1784 ============================================================
14:55:20.0843 1784 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:55:20.0875 1784 ============================================================
14:55:20.0875 1784 \Device\Harddisk0\DR0:
14:55:20.0875 1784 MBR partitions:
14:55:20.0875 1784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
14:55:20.0875 1784 ============================================================
14:55:20.0921 1784 C: <-> \Device\Harddisk0\DR0\Partition1
14:55:20.0937 1784 ============================================================
14:55:20.0937 1784 Initialize success
14:55:20.0937 1784 ============================================================
14:57:42.0703 3488 Deinitialize success
  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello Carver239,

Hmm... that looks as if it didn't finish. From the aswMBR log it looked like you had an MBR infection but I was reluctant to go ahead and fix that without confirmation (it's a risky move unless you are certain) from VirusTotal. We did get that although not conclusively. TDSSKiller might have done the job for us but it looks like the infection might have stopped it.

Before we move on let's run aswMBR again and see if TDSSKiller did manage any change.

Double click the aswMBR.exe to run it.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#14
Carver239

Carver239

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here it is.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-30 16:16:55
-----------------------------
16:16:55.609 OS Version: Windows 5.1.2600 Service Pack 3
16:16:55.609 Number of processors: 2 586 0xE08
16:16:55.625 ComputerName: EARL-UI0F03F9Z3 UserName: Earl
16:16:57.515 Initialize success
16:20:28.187 AVAST engine defs: 12093001
16:21:14.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:21:14.734 Disk 0 Vendor: FUJITSU_MHV2120BH_PL 0084002A Size: 114473MB BusType: 3
16:21:14.875 Disk 0 MBR read successfully
16:21:14.875 Disk 0 MBR scan
16:21:15.250 Disk 0 unknown MBR code
16:21:15.328 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
16:21:15.468 Disk 0 scanning sectors +234420480
16:21:15.968 Disk 0 scanning C:\WINDOWS\system32\drivers
16:22:12.546 Service scanning
16:22:49.453 Modules scanning
16:22:56.265 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
16:23:01.906 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
16:23:01.906 Disk 0 trace - called modules:
16:23:01.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:23:01.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871c9ab8]
16:23:01.968 3 CLASSPNP.SYS[f751cfd7] -> nt!IofCallDriver -> \Device\00000084[0x87143030]
16:23:01.984 5 ACPI.sys[f7393620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8717a940]
16:23:04.515 AVAST engine scan C:\WINDOWS
16:23:25.187 AVAST engine scan C:\WINDOWS\system32
16:28:22.031 AVAST engine scan C:\WINDOWS\system32\drivers
16:28:45.218 AVAST engine scan C:\Documents and Settings\Earl
16:47:59.375 File: C:\Documents and Settings\Earl\Local Settings\Temp\nsw122.tmp.tbWise.dll **HIDDEN**
16:48:05.078 File: C:\Documents and Settings\Earl\Local Settings\Temp\SkypeSetup.exe **HIDDEN**
16:48:05.734 File: C:\Documents and Settings\Earl\Local Settings\Temp\stubhelper.dll **HIDDEN**
16:48:06.484 File: C:\Documents and Settings\Earl\Local Settings\Temp\tbedrs.dll **HIDDEN**
16:48:08.750 File: C:\Documents and Settings\Earl\Local Settings\Temp\ToolbarInstaller.exe **HIDDEN**
16:48:16.953 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\ashBase.dll **HIDDEN**
16:48:17.453 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\ashSSqlt.dll **HIDDEN**
16:48:17.859 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\ashSXML.dll **HIDDEN**
16:48:18.187 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\ashTask.dll **HIDDEN**
16:48:18.734 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswAux.dll **HIDDEN**
16:48:19.093 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswCmnB.dll **HIDDEN**
16:48:19.500 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswCmnOS.dll **HIDDEN**
16:48:19.812 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswCmnS.dll **HIDDEN**
16:48:20.468 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswEngin.dll **HIDDEN**
16:48:20.968 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswRes.dll **HIDDEN**
16:48:21.234 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswScan.dll **HIDDEN**
16:48:22.421 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\data\aswar0.dll **HIDDEN**
16:48:23.421 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\data\clnr0.dll **HIDDEN**
16:48:24.093 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\data\exts0.dll **HIDDEN**
16:48:25.203 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\data\uiaux0.dll **HIDDEN**
16:48:25.812 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\data\updldr0.bin **HIDDEN**
16:48:26.531 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\english\Base.dll **HIDDEN**
16:48:26.953 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\msvcp71.dll **HIDDEN**
16:48:27.453 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\msvcr71.dll **HIDDEN**
16:48:29.546 File: C:\Documents and Settings\Earl\Local Settings\Temp\_uninstall\_uninstall5564 **HIDDEN**
16:48:31.203 File: C:\Documents and Settings\Earl\Local Settings\Temp\{CD4F1242-7EB5-490C-8861-348FDC1F8B67}\{673E2CB8-8306-4F99-9DF9-6492C2F57072}\difxapi.dll **HIDDEN**
16:48:33.812 File: C:\Documents and Settings\Earl\Local Settings\Temp\~rnsetup\GEMSETUP\pnrs3260.dll **HIDDEN**
16:48:45.640 AVAST engine scan C:\Documents and Settings\All Users
16:56:46.843 Scan finished successfully
19:36:16.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Earl\Desktop\MBR.dat"
19:36:16.187 The log file has been saved successfully to "C:\Documents and Settings\Earl\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-04 09:10:12
-----------------------------
09:10:12.875 OS Version: Windows 5.1.2600 Service Pack 3
09:10:12.875 Number of processors: 2 586 0xE08
09:10:12.875 ComputerName: EARL-UI0F03F9Z3 UserName: Earl
09:10:16.718 Initialize success
09:14:34.890 AVAST engine defs: 12100302
09:23:17.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:23:17.359 Disk 0 Vendor: FUJITSU_MHV2120BH_PL 0084002A Size: 114473MB BusType: 3
09:23:17.390 Disk 0 MBR read successfully
09:23:17.390 Disk 0 MBR scan
09:23:17.437 Disk 0 unknown MBR code
09:23:17.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
09:23:17.453 Disk 0 scanning sectors +234420480
09:23:17.546 Disk 0 scanning C:\WINDOWS\system32\drivers
09:23:51.265 Service scanning
09:24:28.890 Modules scanning
09:24:37.078 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
09:24:39.921 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
09:24:39.921 Disk 0 trace - called modules:
09:24:40.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:24:40.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87159ab8]
09:24:40.031 3 CLASSPNP.SYS[f751cfd7] -> nt!IofCallDriver -> \Device\00000084[0x871a2650]
09:24:40.031 5 ACPI.sys[f7393620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8717a940]
09:24:41.593 AVAST engine scan C:\WINDOWS
09:25:05.062 AVAST engine scan C:\WINDOWS\system32
09:30:21.000 AVAST engine scan C:\WINDOWS\system32\drivers
09:30:46.375 AVAST engine scan C:\Documents and Settings\Earl
09:49:30.609 File: C:\Documents and Settings\Earl\Local Settings\Temp\nsw122.tmp.tbWise.dll **HIDDEN**
09:49:36.062 File: C:\Documents and Settings\Earl\Local Settings\Temp\SkypeSetup.exe **HIDDEN**
09:49:36.687 File: C:\Documents and Settings\Earl\Local Settings\Temp\stubhelper.dll **HIDDEN**
09:49:37.500 File: C:\Documents and Settings\Earl\Local Settings\Temp\tbedrs.dll **HIDDEN**
09:49:39.921 File: C:\Documents and Settings\Earl\Local Settings\Temp\ToolbarInstaller.exe **HIDDEN**
09:49:47.640 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\ashBase.dll **HIDDEN**
09:49:48.000 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\ashSSqlt.dll **HIDDEN**
09:49:48.328 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\ashSXML.dll **HIDDEN**
09:49:48.656 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\ashTask.dll **HIDDEN**
09:49:49.390 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswAux.dll **HIDDEN**
09:49:50.046 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswCmnB.dll **HIDDEN**
09:49:50.343 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswCmnOS.dll **HIDDEN**
09:49:50.625 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswCmnS.dll **HIDDEN**
09:49:51.062 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswEngin.dll **HIDDEN**
09:49:51.593 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswRes.dll **HIDDEN**
09:49:52.046 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\aswScan.dll **HIDDEN**
09:49:53.062 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\data\aswar0.dll **HIDDEN**
09:49:53.953 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\data\clnr0.dll **HIDDEN**
09:49:54.515 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\data\exts0.dll **HIDDEN**
09:49:55.765 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\data\uiaux0.dll **HIDDEN**
09:49:56.203 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\data\updldr0.bin **HIDDEN**
09:49:56.703 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\english\Base.dll **HIDDEN**
09:49:57.078 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\msvcp71.dll **HIDDEN**
09:49:57.437 File: C:\Documents and Settings\Earl\Local Settings\Temp\_av4_\msvcr71.dll **HIDDEN**
09:49:59.453 File: C:\Documents and Settings\Earl\Local Settings\Temp\_uninstall\_uninstall5564 **HIDDEN**
09:50:01.187 File: C:\Documents and Settings\Earl\Local Settings\Temp\{CD4F1242-7EB5-490C-8861-348FDC1F8B67}\{673E2CB8-8306-4F99-9DF9-6492C2F57072}\difxapi.dll **HIDDEN**
09:50:04.390 File: C:\Documents and Settings\Earl\Local Settings\Temp\~rnsetup\GEMSETUP\pnrs3260.dll **HIDDEN**
09:50:15.750 AVAST engine scan C:\Documents and Settings\All Users
09:58:39.140 Scan finished successfully
09:59:39.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Earl\Desktop\MBR.dat"
09:59:39.937 The log file has been saved successfully to "C:\Documents and Settings\Earl\Desktop\aswMBR.txt"
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hi Carver239,

Please run RogueKiller and post back the log.

See post #6 above for the instructions.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP