Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Zero Access + AVG Miniport Drivers [Solved]


  • This topic is locked This topic is locked

#1
elguapo

elguapo

    Member

  • Member
  • PipPip
  • 19 posts
Boots up, wireless adaptor connects but can't acquire address, times out and disconnects. Check of device drivers showed all but two network adaptors disabled. Cannot uninstall the drivers or delete hardware for redetect. All wireless adaptors removed and LAN is not connected. My son spotted "Zero Access" somewhere during the detection process but I didn't catch it quick enough. User apparently did something which deleted a working copy of AVG.





OTL logfile created on: 10/4/2012 10:08:40 PM - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = F:\moore
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 625.35 Mb Available Physical Memory | 61.13% Memory free
2.41 Gb Paging File | 2.15 Gb Available in Paging File | 89.39% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 38.37 Gb Free Space | 51.53% Space Free | Partition Type: NTFS
Drive E: | 80.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.45 Gb Total Space | 4.48 Gb Free Space | 60.10% Space Free | Partition Type: FAT32

Computer Name: AUSTIN-0FXNWUA1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/04 21:47:02 | 000,601,088 | ---- | M] (OldTimer Tools) -- F:\moore\OTL.exe
PRC - [2011/04/01 18:56:27 | 000,020,480 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2003/04/09 19:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/09 18:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/01 17:56:12 | 000,080,384 | ---- | M] () -- c:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Adobe\sp.DLL
MOD - [2011/11/25 20:34:49 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/04/01 18:56:27 | 000,143,360 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll
MOD - [2011/04/01 18:56:27 | 000,114,688 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll
MOD - [2011/04/01 18:56:27 | 000,049,152 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll
MOD - [2011/04/01 18:56:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll
MOD - [2011/04/01 18:56:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - File not found [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/07/01 17:56:12 | 000,080,384 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Adobe\sp.DLL -- (SPService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003/03/09 22:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\npf.sys -- (NPF)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (FileDisk)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh5.sys -- (BCMH43XX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgfwdx.sys -- (Avgfwfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgfwdx.sys -- (Avgfwdx)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\ampse.sys -- (AMPSE)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\amp.sys -- (AMP)
DRV - [2012/09/17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/09/14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/09/12 11:47:22 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/12 11:47:04 | 000,151,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/08/13 16:40:54 | 000,176,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/08/10 04:52:28 | 000,019,808 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/08/10 04:52:18 | 000,035,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/11/03 03:28:42 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/05/27 04:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0)
DRV - [2005/05/27 04:38:00 | 000,007,136 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 04:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/22 11:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X)
DRV - [2003/09/22 07:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 07:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/10/03 21:04:10 | 000,046,976 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/23 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {A9A32A3F-2B6B-4399-B6FA-2D69CE2CD5E9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{A9A32A3F-2B6B-4399-B6FA-2D69CE2CD5E9}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {A9A32A3F-2B6B-4399-B6FA-2D69CE2CD5E9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{645701DB-0A59-AE3F-8D62-BAA040AFB663}: "URL" = http://www.bing.com/...007&form=ZGAIDF
IE - HKCU\..\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{A76A3403-E3D9-40BE-A0F3-662FF280109D}: "URL" = http://search.yahoo....0104,6901,0,8,0
IE - HKCU\..\SearchScopes\{A9A32A3F-2B6B-4399-B6FA-2D69CE2CD5E9}: "URL" = http://www.google.co...1I7ADFA_enUS454
IE - HKCU\..\SearchScopes\{B3233372-C5DB-4CD2-BC45-AFCCB417DED3}: "URL" = http://websearch.ask...1-FB9A02497943
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\RobloxVersions\version-5ce51d8367464075\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/25 16:23:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/11/25 20:15:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/03/31 15:04:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/03/13 16:24:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\

[2011/06/04 21:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Mozilla\Extensions
[2012/08/25 22:59:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gears.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - homepage: http://search.condui...SearchSource=48
CHR - Extension: Entanglement = C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Play Pickle = C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bllefkbpbefdodiiefpkcnigpicmhohe\
CHR - Extension: Poppit = C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plccnhhjonaiagjelpfkclblmlppjcik\

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File not found
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe" File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HijackThis startup scan] C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\HijackThis.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.utili...86&n=2012012820 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1256497082843 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A5F712B-D5C6-4E3E-8476-A92A552E3BEA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25691C1E-AD7B-4BDB-A861-B53DE4D192AA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B4AA895-A6C8-4DA2-B055-7C967DE16888}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC934CAC-972E-4648-BF51-66BA8FA0D33B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C878DB5A-2532-4A90-89E7-83A74E7EB2D6}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/24 23:52:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/02/05 22:09:06 | 000,000,000 | R--D | M] - E:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2011/11/22 03:31:04 | 000,000,042 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{81b1ea40-ebba-11e0-b4f6-000cf1a4bca2}\Shell - "" = AutoRun
O33 - MountPoints2\{81b1ea40-ebba-11e0-b4f6-000cf1a4bca2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{81b1ea40-ebba-11e0-b4f6-000cf1a4bca2}\Shell\AutoRun\command - "" = F:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/03 15:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Driver Fusion
[2012/10/03 15:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Fusion
[2012/10/03 11:13:44 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\HiJackThis.exe
[2012/10/03 10:33:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Recent
[2012/10/03 10:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
[2012/10/03 10:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Sweeper
[2012/10/03 10:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Driver Sweeper
[2012/10/02 21:36:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Chica Passwords
[2012/10/02 21:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG2013
[2012/10/02 20:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\TuneUp Software
[2012/10/02 20:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG
[2012/10/02 20:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/10/02 20:55:28 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/10/02 20:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/10/02 20:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2013
[2012/10/02 19:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\MFAData
[2012/10/02 19:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Avg2013
[2012/09/24 13:56:52 | 002,168,160 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2012/09/24 13:56:52 | 001,607,008 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\RaCertMgr.dll
[2012/09/24 13:56:52 | 000,185,696 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2012/09/24 13:56:51 | 000,144,736 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2012/09/24 13:56:51 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2012/09/24 13:56:31 | 001,217,344 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2012/09/24 13:56:31 | 000,238,944 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2012/09/24 13:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Belkin Driver
[2012/09/24 13:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2012/09/24 13:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\InstallShield
[2012/09/17 18:58:56 | 000,051,936 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2012/09/14 05:34:34 | 000,089,440 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2012/09/12 11:47:22 | 000,164,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2012/09/12 11:47:04 | 000,151,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2012/09/09 04:30:02 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvc7fde.rra
[2012/09/09 04:30:02 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvc80a9.rra
[2012/09/09 04:30:01 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC77f52.rra
[2012/07/30 04:12:24 | 000,479,232 | ---- | C] (Andrew Zhezherun) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\dletb.dll

========== Files - Modified Within 30 Days ==========

[2012/10/04 21:44:26 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AC7ECB3E-87E0-4132-A38B-E9C260C35DF0}.job
[2012/10/04 21:40:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/04 21:40:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/04 16:32:00 | 000,000,524 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job
[2012/10/04 16:22:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/10/04 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/10/04 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/10/03 15:58:55 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Microsoft\Internet Explorer\Quick Launch\Driver Fusion.lnk
[2012/10/03 15:58:55 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Driver Fusion.lnk
[2012/10/03 15:58:05 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Microsoft\Internet Explorer\Quick Launch\Driver Sweeper.lnk
[2012/10/03 15:58:05 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Driver Sweeper.lnk
[2012/10/03 14:31:21 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\mbam.context.scan
[2012/10/03 10:57:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\HiJackThis.exe
[2012/10/03 10:30:27 | 000,245,840 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\cc_20121003_103015.reg
[2012/10/03 10:20:02 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/10/02 21:08:35 | 000,528,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/02 21:08:35 | 000,105,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/02 20:57:29 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2013.lnk
[2012/10/02 20:57:03 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/10/02 20:40:03 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/10/02 20:40:03 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/10/02 19:27:50 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\dll2.bmp
[2012/10/02 19:26:35 | 001,015,862 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\dll file.bmp
[2012/10/02 14:19:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/30 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/09/30 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/09/30 09:21:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20120405092116.job
[2012/09/25 12:14:07 | 000,015,181 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Jasons Money Maker.odt
[2012/09/25 11:46:51 | 000,014,522 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Dawn Money Maker.odt
[2012/09/17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2012/09/14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2012/09/12 11:47:22 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2012/09/12 11:47:04 | 000,151,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

========== Files Created - No Company Name ==========

[2012/10/03 15:58:55 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Microsoft\Internet Explorer\Quick Launch\Driver Fusion.lnk
[2012/10/03 15:58:55 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Driver Fusion.lnk
[2012/10/03 15:58:05 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Microsoft\Internet Explorer\Quick Launch\Driver Sweeper.lnk
[2012/10/03 15:58:05 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Driver Sweeper.lnk
[2012/10/03 14:31:21 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\mbam.context.scan
[2012/10/03 10:30:18 | 000,245,840 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\cc_20121003_103015.reg
[2012/10/02 20:57:29 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2013.lnk
[2012/10/02 19:27:41 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\dll2.bmp
[2012/10/02 19:26:35 | 001,015,862 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\dll file.bmp
[2012/09/25 12:14:06 | 000,015,181 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Jasons Money Maker.odt
[2012/09/25 11:46:51 | 000,014,522 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Dawn Money Maker.odt
[2012/09/24 13:56:52 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2012/09/24 13:56:52 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2012/09/24 13:56:51 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2012/09/24 13:56:51 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll
[2012/09/24 13:56:30 | 000,014,119 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012/08/18 22:31:28 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\dt.dat
[2012/08/16 22:38:54 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\mlog
[2012/08/12 14:39:19 | 000,090,176 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\nackpz.dat
[2012/07/30 04:12:43 | 000,000,131 | -H-- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\5fg0tn7.bat
[2012/07/30 04:12:37 | 000,090,176 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\lj1y6nb.dat
[2012/07/30 04:12:37 | 000,086,080 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\aftr4sb.dat
[2012/07/30 04:12:36 | 000,060,992 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\serjs58n.dat
[2012/07/19 20:41:14 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2012/07/14 17:46:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/04 12:34:27 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/10/13 23:01:48 | 000,057,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/25 16:06:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\prvlcl.dat
[2011/04/24 20:35:37 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\.swfinfo
[2011/04/01 19:08:05 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/04/01 18:58:34 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2011/04/01 18:56:27 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2011/02/07 14:16:14 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2011/02/07 14:16:14 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2011/01/10 14:22:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/27 20:31:34 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/17 15:52:52 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\tvmuknwrd.dll

========== ZeroAccess Check ==========

[2010/12/09 10:15:09 | 000,002,048 | -HS- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\{d9e16dcd-26d0-830e-f248-a14cd0cd9402}\@
[2010/12/09 10:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\{d9e16dcd-26d0-830e-f248-a14cd0cd9402}\L
[2010/12/09 10:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\{d9e16dcd-26d0-830e-f248-a14cd0cd9402}\U
[2009/10/25 15:49:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[2012/10/02 20:48:39 | 000,005,120 | -HS- | M] () -- C:\WINDOWS\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2009/09/25 00:37:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB56037$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B4227B4

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there a definite zero access infection

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    IE - HKLM\..\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}: "URL" = http://search.mywebs...r={searchTerms}
    O2 - BHO: (no name) - {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} - No CLSID value found.
    O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
    [2004/08/17 15:52:52 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\tvmuknwrd.dll
    [2012/07/30 04:12:43 | 000,000,131 | -H-- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\5fg0tn7.bat
    [2012/07/30 04:12:37 | 000,090,176 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\lj1y6nb.dat
    [2012/07/30 04:12:37 | 000,086,080 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\aftr4sb.dat
    [2012/07/30 04:12:36 | 000,060,992 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\serjs58n.dat
    [2012/07/30 04:12:24 | 000,479,232 | ---- | C] (Andrew Zhezherun) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\dletb.dll
    
    :Files
    C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\{d9e16dcd-26d0-830e-f248-a14cd0cd9402}
    C:\WINDOWS\assembly\GAC\Desktop.ini
    C:\WINDOWS\tasks\At*.job
    C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plccnhhjonaiagjelpfkclblmlppjcik
    ipconfig /flushdns /c
    netsh int ip reset c:\resetlog.txt  /c
    ipconfig /release /c
    ipconfig /renew /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
elguapo

elguapo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
After second reboot I connected a wireless adaptor with a good result. Acquires address and now browser work. For some reason miniport driver, motherboard LAN port and old device drivers for the no longer used Netgear are all still disabled. Everything else seems to be working normally.

Thank you very much for your help! I appreciate your time and effort.




ComboFix 12-10-04.02 - Administrator 10/05/2012 18:31:57.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.767 [GMT -5:00]
Running from: c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: System Shield *Enabled/Updated* {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Adobe\sp.DLL
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\PriceGong\Data\z.xml
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\Tvm.log
c:\program files\bravesentry
c:\program files\bravesentry\BraveSentry.exe
c:\program files\bravesentry\BraveSentry.lic
c:\program files\bravesentry\BraveSentry0.bs
c:\program files\bravesentry\BraveSentry1.bs
c:\program files\newdotnet
c:\program files\newdotnet\readme.html
c:\program files\Ofb11
c:\program files\Ofb11\sites.ini
c:\program files\pasystem
c:\program files\pasystem\support.dat
c:\program files\pasystem\Uninstall.exe
c:\temp\tn3
c:\windows\$NtUninstallKB56037$
c:\windows\$NtUninstallKB56037$\2366636229
c:\windows\$NtUninstallKB56037$\349883967\@
c:\windows\$NtUninstallKB56037$\349883967\Desktop.ini
c:\windows\$NtUninstallKB56037$\349883967\L\00000004.@
c:\windows\$NtUninstallKB56037$\349883967\L\1afb2d56
c:\windows\$NtUninstallKB56037$\349883967\L\201d3dde
c:\windows\$NtUninstallKB56037$\349883967\L\akygdmgo
c:\windows\$NtUninstallKB56037$\349883967\U\00000004.@
c:\windows\$NtUninstallKB56037$\349883967\U\00000008.@
c:\windows\$NtUninstallKB56037$\349883967\U\000000cb.@
c:\windows\$NtUninstallKB56037$\349883967\U\80000000.@
c:\windows\$NtUninstallKB56037$\349883967\U\80000032.@
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-10-05 23:29 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-10-05 23:29 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-10-03 20:58 . 2012-10-03 20:58 -------- d-----w- c:\program files\Driver Fusion
2012-10-03 15:34 . 2012-10-03 15:34 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-03 15:25 . 2012-10-03 20:58 -------- d-----w- c:\program files\Driver Sweeper
2012-10-03 02:00 . 2012-10-03 02:00 -------- d-----w- c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG2013
2012-10-03 01:57 . 2012-10-03 01:57 -------- d-----w- c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\TuneUp Software
2012-10-03 01:55 . 2012-10-03 01:55 -------- d-----w- C:\$AVG
2012-10-03 01:53 . 2012-10-03 01:53 -------- d-----w- c:\program files\AVG
2012-10-03 01:38 . 2012-10-03 02:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG2013
2012-10-03 00:54 . 2012-10-03 02:02 -------- d-----w- c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Avg2013
2012-10-03 00:54 . 2012-10-03 00:54 -------- d-----w- c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\MFAData
2012-09-24 18:56 . 2011-11-22 21:31 2168160 ----a-w- c:\windows\system32\Scutum.dll
2012-09-24 18:56 . 2011-11-22 21:31 185696 ----a-w- c:\windows\system32\W32N55.dll
2012-09-24 18:56 . 2011-11-22 21:31 1607008 ----a-w- c:\windows\system32\RaCertMgr.dll
2012-09-24 18:56 . 2011-11-22 21:31 144736 ----a-w- c:\windows\system32\RalinkGina.dll
2012-09-24 18:56 . 2011-11-22 21:31 480608 ----a-w- c:\windows\system32\DiagFunc.dll
2012-09-24 18:56 . 2011-11-22 21:31 34080 ----a-w- c:\windows\system32\CTAAEI.dll
2012-09-24 18:56 . 2011-11-22 21:31 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys
2012-09-24 18:56 . 2011-12-19 16:53 1217344 ----a-w- c:\windows\system32\drivers\rt2870.sys
2012-09-24 18:56 . 2011-12-19 16:51 238944 ----a-w- c:\windows\system32\RaCoInst.dll
2012-09-24 18:55 . 2012-09-24 18:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Belkin Driver
2012-09-24 18:55 . 2012-09-24 18:55 -------- d-----w- c:\program files\Belkin
2012-09-24 18:55 . 2012-09-24 18:55 -------- d-----w- c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\InstallShield
2012-09-09 09:30 . 2010-02-03 16:20 499712 ----a-w- c:\windows\system32\msvc7fde.rra
2012-09-09 09:30 . 2010-02-03 16:20 348160 ----a-w- c:\windows\system32\msvc80a9.rra
2012-09-09 09:30 . 2010-02-03 16:20 1060864 ----a-w- c:\windows\system32\MFC77f52.rra
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-03 01:57 . 2012-08-19 03:22 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-09 18:56 . 2012-08-09 18:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-07-14 22:33 . 2012-07-14 22:33 56320 ---ha-w- c:\windows\system32\clipvert.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 456E0F5B9BEB184521B0EE8FA7CC92C7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2011-04-01 20480]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"HijackThis startup scan"="c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Desktop\HijackThis.exe" [2012-10-03 388608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2011-4-1 450560]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2977:UDP"= 2977:UDP:Windows Media Format SDK (wmplayer.exe)
"2976:UDP"= 2976:UDP:Windows Media Format SDK (wmplayer.exe)
.
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]
S2 AMP;Active Malware Protection Minifilter Driver;\??\c:\windows\system32\Drivers\amp.sys --> c:\windows\system32\Drivers\amp.sys [?]
S2 AMPSE;Active Malware Protection Support Driver;\??\c:\windows\system32\Drivers\ampse.sys --> c:\windows\system32\Drivers\ampse.sys [?]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 ioloSystemService;iolo System Service;"c:\program files\iolo\Common\Lib\ioloServiceManager.exe" --> c:\program files\iolo\Common\Lib\ioloServiceManager.exe [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys --> c:\windows\system32\DRIVERS\avgidsshimx.sys [?]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh5.sys --> c:\windows\system32\DRIVERS\bcmwlhigh5.sys [?]
S3 gupdatem;Google Update Service (gupdatem);"c:\program files\Google\Update\GoogleUpdate.exe" /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 vseamps;vseamps;"c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe" --> c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [?]
S4 vsedsps;vsedsps;"c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe" --> c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [?]
S4 vseqrts;vseqrts;"c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe" --> c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [?]
S4 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe --> c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2011-11-28 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4316464607.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 23:56]
.
2012-10-05 c:\windows\Tasks\User_Feed_Synchronization-{AC7ECB3E-87E0-4132-A38B-E9C260C35DF0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
2012-10-05 c:\windows\Tasks\WebReg 20120405092116.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-10 00:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator.AUSTIN-0FXNWUA1\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
HKLM-Run-iolo Startup - c:\program files\iolo\Common\Lib\ioloLManager.exe
SafeBoot-AMP
SafeBoot-AMPSE
AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\20.0.1132.47\Installer\setup.exe
AddRemove-{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1 - c:\program files\iolo\System Mechanic Professional\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-05 18:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-115176313-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,f9,e3,df,34,81,1b,41,a6,cd,0b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,7f,39,05,f3,8c,b1,41,af,88,77,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,1b,0d,75,bb,f2,3d,4c,b1,bf,91,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2364)
c:\windows\system32\WININET.dll
c:\docume~1\ADMINI~1.AUS\LOCALS~1\Temp\IadHide4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2012-10-05 18:56:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-05 23:56
.
Pre-Run: 41,044,635,648 bytes free
Post-Run: 41,655,558,144 bytes free
.
- - End Of File - - 83035308C3C0726BCC7869A959FC551E
  • 0

#4
elguapo

elguapo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Update - For some reason it looks like it is stuck in active desktop. When I try to launch/preview a screen capture I just saved it quickly opens, then immediately closes it.
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Please delete your current copy of OTL from the desktop and download a new version then run as below. There will only be one log this time

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#6
elguapo

elguapo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Downloaded and ran from desktop. On completion, only one log opened (OTL) and saved to desktop. The "Extras" is not visible on desktop.

aOTL logfile created on: 10/6/2012 11:15:17 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 647.45 Mb Available Physical Memory | 63.29% Memory free
2.41 Gb Paging File | 2.08 Gb Available in Paging File | 86.62% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 40.46 Gb Free Space | 54.33% Space Free | Partition Type: NTFS
Drive E: | 80.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AUSTIN-0FXNWUA1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/06 11:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\OTL.exe
PRC - [2012/10/05 21:17:53 | 000,103,989 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\temp\~nsu.tmp\Au_.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2003/04/09 18:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - File not found [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003/03/09 22:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ADMINI~1.AUS\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ADMINI~1.AUS\LOCALS~1\Temp\kwryykoc.sys -- (kwryykoc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (FileDisk)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh5.sys -- (BCMH43XX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\ampse.sys -- (AMPSE)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\amp.sys -- (AMP)
DRV - [2010/11/03 03:28:42 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/05/27 04:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0)
DRV - [2005/05/27 04:38:00 | 000,007,136 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 04:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/22 11:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X)
DRV - [2003/09/22 07:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 07:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/05/29 21:34:40 | 000,098,304 | R--- | M] (ATMEL) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ainu58x.sys -- (WLANFVNETusb(505_2958)
DRV - [2002/10/03 21:04:10 | 000,046,976 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/23 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {A9A32A3F-2B6B-4399-B6FA-2D69CE2CD5E9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{A9A32A3F-2B6B-4399-B6FA-2D69CE2CD5E9}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1275210071-115176313-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1275210071-115176313-839522115-500\..\SearchScopes,DefaultScope = {A9A32A3F-2B6B-4399-B6FA-2D69CE2CD5E9}
IE - HKU\S-1-5-21-1275210071-115176313-839522115-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1275210071-115176313-839522115-500\..\SearchScopes\{645701DB-0A59-AE3F-8D62-BAA040AFB663}: "URL" = http://www.bing.com/...007&form=ZGAIDF
IE - HKU\S-1-5-21-1275210071-115176313-839522115-500\..\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1275210071-115176313-839522115-500\..\SearchScopes\{A76A3403-E3D9-40BE-A0F3-662FF280109D}: "URL" = http://search.yahoo....0104,6901,0,8,0
IE - HKU\S-1-5-21-1275210071-115176313-839522115-500\..\SearchScopes\{A9A32A3F-2B6B-4399-B6FA-2D69CE2CD5E9}: "URL" = http://www.google.co...1I7ADFA_enUS454
IE - HKU\S-1-5-21-1275210071-115176313-839522115-500\..\SearchScopes\{B3233372-C5DB-4CD2-BC45-AFCCB417DED3}: "URL" = http://websearch.ask...1-FB9A02497943
IE - HKU\S-1-5-21-1275210071-115176313-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1275210071-115176313-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/03/31 15:04:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/03/13 16:24:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\

[2011/06/04 21:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gears.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - homepage: http://search.condui...SearchSource=48
CHR - Extension: Entanglement = C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Play Pickle = C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bllefkbpbefdodiiefpkcnigpicmhohe\
CHR - Extension: Poppit = C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/10/05 18:47:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll File not found
O3 - HKU\S-1-5-21-1275210071-115176313-839522115-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-115176313-839522115-500\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1275210071-115176313-839522115-500..\Run: [HijackThis startup scan] C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\HijackThis.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-1275210071-115176313-839522115-500..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - HKU\S-1-5-21-1275210071-115176313-839522115-500..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1275210071-115176313-839522115-500..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-115176313-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-115176313-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1275210071-115176313-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1275210071-115176313-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-1275210071-115176313-839522115-500\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1256497082843 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A5F712B-D5C6-4E3E-8476-A92A552E3BEA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25691C1E-AD7B-4BDB-A861-B53DE4D192AA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B4AA895-A6C8-4DA2-B055-7C967DE16888}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65E679E6-FA8B-4876-B57E-B58DBD6A04C3}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC934CAC-972E-4648-BF51-66BA8FA0D33B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C878DB5A-2532-4A90-89E7-83A74E7EB2D6}: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/24 23:52:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/02/05 22:09:06 | 000,000,000 | R--D | M] - E:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2011/11/22 03:31:04 | 000,000,042 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/06 11:11:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\OTL.exe
[2012/10/05 19:59:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/10/05 19:21:00 | 000,098,304 | R--- | C] (ATMEL) -- C:\WINDOWS\System32\drivers\ainu58x.sys
[2012/10/05 19:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/10/05 18:56:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/10/05 18:24:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/05 18:24:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/05 18:24:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/05 18:24:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/05 17:56:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/05 17:54:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/10/05 17:46:03 | 004,762,471 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\ComboFix.exe
[2012/10/03 11:13:44 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\HiJackThis.exe
[2012/10/03 10:33:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Recent
[2012/10/03 10:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
[2012/10/03 10:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Sweeper
[2012/10/02 21:36:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Chica Passwords
[2012/10/02 21:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG2013
[2012/10/02 20:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\TuneUp Software
[2012/10/02 20:55:28 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/10/02 20:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/10/02 20:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2013
[2012/10/02 19:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\MFAData
[2012/10/02 19:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Avg2013
[2012/09/24 13:56:52 | 002,168,160 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2012/09/24 13:56:52 | 001,607,008 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\RaCertMgr.dll
[2012/09/24 13:56:52 | 000,185,696 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2012/09/24 13:56:51 | 000,144,736 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2012/09/24 13:56:51 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2012/09/24 13:56:31 | 001,217,344 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2012/09/24 13:56:31 | 000,238,944 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2012/09/24 13:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Belkin Driver
[2012/09/24 13:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2012/09/24 13:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\InstallShield

========== Files - Modified Within 30 Days ==========

[2012/10/06 11:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\OTL.exe
[2012/10/06 09:21:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20120405092116.job
[2012/10/06 00:20:53 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AC7ECB3E-87E0-4132-A38B-E9C260C35DF0}.job
[2012/10/05 21:05:15 | 000,589,878 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\aaa.bmp
[2012/10/05 18:47:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/05 18:47:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/05 18:46:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/05 17:43:40 | 004,762,471 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\ComboFix.exe
[2012/10/03 14:31:21 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\mbam.context.scan
[2012/10/03 10:57:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\HiJackThis.exe
[2012/10/03 10:30:27 | 000,245,840 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\cc_20121003_103015.reg
[2012/10/02 21:08:35 | 000,528,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/02 21:08:35 | 000,105,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/02 20:57:29 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2013.lnk
[2012/10/02 20:57:03 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/10/02 14:19:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/25 12:14:07 | 000,015,181 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Jasons Money Maker.odt
[2012/09/25 11:46:51 | 000,014,522 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Dawn Money Maker.odt

========== Files Created - No Company Name ==========

[2012/10/05 21:05:14 | 000,589,878 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\aaa.bmp
[2012/10/05 18:24:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/05 18:24:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/05 18:24:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/05 18:24:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/05 18:24:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/03 14:31:21 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\mbam.context.scan
[2012/10/03 10:30:18 | 000,245,840 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\cc_20121003_103015.reg
[2012/10/02 20:57:29 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2013.lnk
[2012/09/25 12:14:06 | 000,015,181 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Jasons Money Maker.odt
[2012/09/25 11:46:51 | 000,014,522 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Dawn Money Maker.odt
[2012/09/24 13:56:52 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2012/09/24 13:56:52 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2012/09/24 13:56:51 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2012/09/24 13:56:51 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll
[2012/09/24 13:56:30 | 000,014,119 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012/08/18 22:31:28 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\dt.dat
[2012/08/16 22:38:54 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\mlog
[2012/08/12 14:39:19 | 000,090,176 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\nackpz.dat
[2012/07/19 20:41:14 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2012/07/14 17:46:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/04 12:34:27 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/10/13 23:01:48 | 000,057,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/25 16:06:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\prvlcl.dat
[2011/04/24 20:35:37 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\.swfinfo
[2011/04/01 19:08:05 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/04/01 18:58:34 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2011/04/01 18:56:27 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2011/02/07 14:16:14 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2011/02/07 14:16:14 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2011/01/10 14:22:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/27 20:31:34 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/10/25 15:49:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/09/25 00:37:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/28 19:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG
[2012/08/18 22:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG Secure Search
[2011/01/30 15:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG10
[2012/01/02 19:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG2012
[2012/10/02 21:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG2013
[2009/12/24 18:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/24 18:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\DVDVideoSoft
[2011/01/18 22:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\DVDVideoSoftIEHelpers
[2011/04/01 18:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\FotoWire
[2012/08/28 16:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\MP3Rocket
[2012/03/14 20:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\OpenOffice.org
[2012/10/02 20:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\TuneUp Software
[2009/11/29 19:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Unity
[2011/06/18 15:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Walgreens
[2011/05/19 08:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\WhiteSmoke
[2009/10/25 15:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Windows Desktop Search
[2009/12/03 21:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Windows Search
[2006/11/02 09:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.D2NB6F41\Application Data\AVG7
[2008/03/30 18:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2006/11/02 09:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2004/12/23 19:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2007/04/01 11:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/01/30 16:34:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\RDSA
[2007/02/24 08:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2004/11/16 20:54:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\X0FF
[2011/01/30 16:34:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\x1ff
[2012/07/18 18:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\6F63A59D2B17D979BE9B0CD37B07D287
[2012/10/02 20:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
[2012/10/02 21:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2013
[2012/09/24 13:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Belkin Driver
[2011/01/30 15:49:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/10/05 18:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2012/01/28 20:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\W3i
[2012/02/03 21:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WeCareReminder
[2011/01/18 21:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/07/13 08:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2004/04/22 10:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Lycos
[2011/09/17 19:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\iolo
[2012/07/16 13:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\iolo

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/13 19:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 19:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 19:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: QMGR.DLL >
[2004/08/04 01:56:46 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\erdnt\cache\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
[2002/08/29 06:00:00 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=6A1CF14D0E7D0B2241F552223769C8A7 -- C:\I386\QMGR.DLL

< MD5 for: SERVICES >
[2002/08/29 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\I386\SERVICES
[2001/08/23 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.DLL >
[2004/10/08 08:49:32 | 000,019,968 | ---- | M] () MD5=F023A928FA67FDDEC89921973704CD51 -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Services.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 01:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2002/08/29 06:00:00 | 000,101,376 | ---- | M] (Microsoft Corporation) MD5=E3DF4A0252D287C44606EE55355E1623 -- C:\I386\SERVICES.EXE

< MD5 for: SERVICES.EXE-3019B50A.PF >
[2012/10/06 04:56:57 | 000,008,798 | ---- | M] () MD5=2E5D22A8C91F415B4590BAF31C44F43B -- C:\WINDOWS\Prefetch\SERVICES.EXE-3019B50A.pf

< MD5 for: SERVICES.ICO >
[2005/12/14 19:21:08 | 000,007,318 | ---- | M] () MD5=9443DA63ACDF55D7D153D6B22E40722E -- C:\Program Files\Yahoo!\Common\icons\services.ico

< MD5 for: SERVICES.LNK >
[2008/05/02 13:51:41 | 000,001,602 | ---- | M] () MD5=61D926A39E9D1123CB74733921A634A3 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
[2009/10/24 23:52:26 | 000,001,602 | ---- | M] () MD5=DA55D5AACC56C583459F8329C956ABC1 -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2002/08/29 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\I386\SERVICES.MSC
[2001/08/23 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.RDB >
[2011/01/17 19:52:22 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 19:51:48 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2002/08/29 06:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\I386\SVCHOST.EXE
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 01:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 01:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2002/08/29 06:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\I386\USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2004/08/04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2002/08/29 06:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\I386\WINLOGON.EXE
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< >
[2009/10/24 23:49:33 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/24 23:52:01 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/25 15:33:06 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AC7ECB3E-87E0-4132-A38B-E9C260C35DF0}.job
[2011/09/19 15:38:06 | 000,000,358 | ---- | C] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1316464607.job
[2012/04/05 09:21:16 | 000,000,480 | ---- | C] () -- C:\WINDOWS\Tasks\WebReg 20120405092116.job
[2012/06/17 10:34:47 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

< End of report >
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ADMINI~1.AUS\LOCALS~1\Temp\kwryykoc.sys -- (kwryykoc)
    IE - HKU\S-1-5-21-1275210071-115176313-839522115-500\..\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}: "URL" = http://search.mywebs...r={searchTerms}
    O3 - HKU\S-1-5-21-1275210071-115176313-839522115-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    [2011/05/19 08:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\WhiteSmoke
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

To disable Active Desktop, make sure all checkboxes in this window are un-checked.
Go to Control panel and select display


What problems are outstanding ?
  • 0

#8
elguapo

elguapo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Active Desktop is now fixed. Wireless connection (on usb) working. Other network drivers still hooked to AVG miniport driver and can't delete or update (screencap posted). In tray there is a yellow shield with a exclamation point in it downloading some sort of update. Can't open it to see what it's 'updating' nor does it reveal when I hover pointer over the icon.

----------------------------------------------------------------------------------------------
OTL logfile created on: 10/6/2012 12:52:27 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 632.07 Mb Available Physical Memory | 61.79% Memory free
2.41 Gb Paging File | 2.13 Gb Available in Paging File | 88.61% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 40.45 Gb Free Space | 54.32% Space Free | Partition Type: NTFS
Drive E: | 80.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AUSTIN-0FXNWUA1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/06 11:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\OTL.exe
PRC - [2011/04/01 18:56:27 | 000,020,480 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2003/04/09 18:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/25 20:34:49 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/04/01 18:56:27 | 000,143,360 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll
MOD - [2011/04/01 18:56:27 | 000,114,688 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll
MOD - [2011/04/01 18:56:27 | 000,049,152 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll
MOD - [2011/04/01 18:56:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll
MOD - [2011/04/01 18:56:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - File not found [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003/03/09 22:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (FileDisk)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh5.sys -- (BCMH43XX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\ampse.sys -- (AMPSE)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\amp.sys -- (AMP)
DRV - [2010/11/03 03:28:42 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/05/27 04:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0)
DRV - [2005/05/27 04:38:00 | 000,007,136 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 04:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/22 11:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X)
DRV - [2003/09/22 07:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 07:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/05/29 21:34:40 | 000,098,304 | R--- | M] (ATMEL) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ainu58x.sys -- (WLANFVNETusb(505_2958)
DRV - [2002/10/03 21:04:10 | 000,046,976 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/23 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {A9A32A3F-2B6B-4399-B6FA-2D69CE2CD5E9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{A9A32A3F-2B6B-4399-B6FA-2D69CE2CD5E9}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {A9A32A3F-2B6B-4399-B6FA-2D69CE2CD5E9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{645701DB-0A59-AE3F-8D62-BAA040AFB663}: "URL" = http://www.bing.com/...007&form=ZGAIDF
IE - HKCU\..\SearchScopes\{A76A3403-E3D9-40BE-A0F3-662FF280109D}: "URL" = http://search.yahoo....0104,6901,0,8,0
IE - HKCU\..\SearchScopes\{A9A32A3F-2B6B-4399-B6FA-2D69CE2CD5E9}: "URL" = http://www.google.co...1I7ADFA_enUS454
IE - HKCU\..\SearchScopes\{B3233372-C5DB-4CD2-BC45-AFCCB417DED3}: "URL" = http://websearch.ask...1-FB9A02497943
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/03/31 15:04:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/03/13 16:24:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\

[2011/06/04 21:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gears.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - homepage: http://search.condui...SearchSource=48
CHR - Extension: Entanglement = C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Play Pickle = C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bllefkbpbefdodiiefpkcnigpicmhohe\
CHR - Extension: Poppit = C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/10/06 12:49:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [HijackThis startup scan] C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\HijackThis.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1256497082843 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A5F712B-D5C6-4E3E-8476-A92A552E3BEA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25691C1E-AD7B-4BDB-A861-B53DE4D192AA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B4AA895-A6C8-4DA2-B055-7C967DE16888}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65E679E6-FA8B-4876-B57E-B58DBD6A04C3}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC934CAC-972E-4648-BF51-66BA8FA0D33B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C878DB5A-2532-4A90-89E7-83A74E7EB2D6}: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/24 23:52:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/02/05 22:09:06 | 000,000,000 | R--D | M] - E:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2011/11/22 03:31:04 | 000,000,042 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/06 12:49:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/06 11:11:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\OTL.exe
[2012/10/05 19:59:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/10/05 19:21:00 | 000,098,304 | R--- | C] (ATMEL) -- C:\WINDOWS\System32\drivers\ainu58x.sys
[2012/10/05 18:56:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/10/05 18:24:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/05 18:24:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/05 18:24:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/05 18:24:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/05 17:56:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/05 17:54:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/10/05 17:46:03 | 004,762,471 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\ComboFix.exe
[2012/10/03 11:13:44 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\HiJackThis.exe
[2012/10/03 10:33:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Recent
[2012/10/03 10:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
[2012/10/03 10:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Sweeper
[2012/10/02 21:36:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Chica Passwords
[2012/10/02 21:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG2013
[2012/10/02 20:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\TuneUp Software
[2012/10/02 20:55:28 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/10/02 20:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/10/02 20:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2013
[2012/10/02 19:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\MFAData
[2012/10/02 19:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Avg2013
[2012/09/24 13:56:52 | 002,168,160 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2012/09/24 13:56:52 | 001,607,008 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\RaCertMgr.dll
[2012/09/24 13:56:52 | 000,185,696 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2012/09/24 13:56:51 | 000,144,736 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2012/09/24 13:56:51 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2012/09/24 13:56:31 | 001,217,344 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2012/09/24 13:56:31 | 000,238,944 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2012/09/24 13:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Belkin Driver
[2012/09/24 13:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2012/09/24 13:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\InstallShield

========== Files - Modified Within 30 Days ==========

[2012/10/06 12:51:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/06 12:51:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/06 12:49:04 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/10/06 11:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\OTL.exe
[2012/10/06 09:21:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20120405092116.job
[2012/10/06 00:20:53 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AC7ECB3E-87E0-4132-A38B-E9C260C35DF0}.job
[2012/10/05 21:05:15 | 000,589,878 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\aaa.bmp
[2012/10/05 17:43:40 | 004,762,471 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\ComboFix.exe
[2012/10/03 14:31:21 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\mbam.context.scan
[2012/10/03 10:57:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\HiJackThis.exe
[2012/10/03 10:30:27 | 000,245,840 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\cc_20121003_103015.reg
[2012/10/02 21:08:35 | 000,528,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/02 21:08:35 | 000,105,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/02 20:57:29 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2013.lnk
[2012/10/02 20:57:03 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/10/02 14:19:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/25 12:14:07 | 000,015,181 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Jasons Money Maker.odt
[2012/09/25 11:46:51 | 000,014,522 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Dawn Money Maker.odt

========== Files Created - No Company Name ==========

[2012/10/05 21:05:14 | 000,589,878 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\aaa.bmp
[2012/10/05 18:24:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/05 18:24:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/05 18:24:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/05 18:24:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/05 18:24:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/03 14:31:21 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\mbam.context.scan
[2012/10/03 10:30:18 | 000,245,840 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\cc_20121003_103015.reg
[2012/10/02 20:57:29 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2013.lnk
[2012/09/25 12:14:06 | 000,015,181 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Jasons Money Maker.odt
[2012/09/25 11:46:51 | 000,014,522 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Dawn Money Maker.odt
[2012/09/24 13:56:52 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2012/09/24 13:56:52 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2012/09/24 13:56:51 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2012/09/24 13:56:51 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll
[2012/09/24 13:56:30 | 000,014,119 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012/08/18 22:31:28 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\dt.dat
[2012/08/16 22:38:54 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\mlog
[2012/08/12 14:39:19 | 000,090,176 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\nackpz.dat
[2012/07/19 20:41:14 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2012/07/14 17:46:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/04 12:34:27 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/10/13 23:01:48 | 000,057,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/25 16:06:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\prvlcl.dat
[2011/04/24 20:35:37 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\.swfinfo
[2011/04/01 19:08:05 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/04/01 18:58:34 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2011/04/01 18:56:27 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2011/02/07 14:16:14 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2011/02/07 14:16:14 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2011/01/10 14:22:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/27 20:31:34 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/10/25 15:49:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/09/25 00:37:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/28 19:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG
[2012/08/18 22:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG Secure Search
[2011/01/30 15:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG10
[2012/01/02 19:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG2012
[2012/10/02 21:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG2013
[2009/12/24 18:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/24 18:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\DVDVideoSoft
[2011/01/18 22:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\DVDVideoSoftIEHelpers
[2011/04/01 18:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\FotoWire
[2012/08/28 16:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\MP3Rocket
[2012/03/14 20:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\OpenOffice.org
[2012/10/02 20:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\TuneUp Software
[2009/11/29 19:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Unity
[2011/06/18 15:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Walgreens
[2009/10/25 15:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Windows Desktop Search
[2009/12/03 21:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Windows Search
[2012/07/18 18:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\6F63A59D2B17D979BE9B0CD37B07D287
[2012/10/02 20:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
[2012/10/02 21:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2013
[2012/09/24 13:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Belkin Driver
[2011/01/30 15:49:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/10/05 18:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2012/01/28 20:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\W3i
[2012/02/03 21:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WeCareReminder
[2011/01/18 21:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



< End of report >


screencap.JPG
  • 0

#9
elguapo

elguapo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
PS - The "Netgear" wireless adaptor is no longer connected nor used. Only the USB adaptor which is listed and for which driver shows working normally. The AVG miniport driver seems to be very persistent.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets see if we can kill them

Download and run the AVG removal tool from here and see if that removes the drivers
  • 0

Advertisements


#11
elguapo

elguapo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Got both the firewall and AVG off. This is the link to the tool that finally did the job -

http://www.avg.com/f...delrepxp_en.exe

Not sure what it does differently. Only know that it worked where the usual executable removal software didn't. I manually (sorry, I know I should have waited or asked first) deleted the Netgear references from the registry to the missing AVG miniport file. That has cleared out all of the disabled/non-working references.

All device drivers that need to work do appear to be working. No other obvious bugs. I have not installed antivirus or put up the firewall. I have installed Firefox. I couldn't take even another second of IE.

Edited by elguapo, 06 October 2012 - 03:54 PM.

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you want some AV links ? I use Avast

Any other problems apparent ?
  • 0

#13
elguapo

elguapo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
No other problems that I can see. I did run OTL one more time and log is below. Have already uninstalled combofix. Installing Avast as soon as the download is complete.

Thank you so much for your help! I'm interested in the Geekstogo University but don't know whether I am a quick enough study to do it.




OTL logfile created on: 10/6/2012 5:23:46 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 599.65 Mb Available Physical Memory | 58.62% Memory free
2.41 Gb Paging File | 2.12 Gb Available in Paging File | 88.20% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 40.81 Gb Free Space | 54.81% Space Free | Partition Type: NTFS
Drive D: | 80.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AUSTIN-0FXNWUA1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/06 11:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\OTL.exe
PRC - [2011/04/01 18:56:27 | 000,020,480 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2003/04/09 18:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/25 20:34:49 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/04/01 18:56:27 | 000,143,360 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll
MOD - [2011/04/01 18:56:27 | 000,114,688 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll
MOD - [2011/04/01 18:56:27 | 000,049,152 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll
MOD - [2011/04/01 18:56:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll
MOD - [2011/04/01 18:56:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - File not found [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003/03/09 22:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (FileDisk)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh5.sys -- (BCMH43XX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\ampse.sys -- (AMPSE)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\amp.sys -- (AMP)
DRV - [2010/11/03 03:28:42 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 12:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/05/27 04:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0)
DRV - [2005/05/27 04:38:00 | 000,007,136 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 04:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/22 11:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X)
DRV - [2003/09/22 07:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 07:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/05/29 21:34:40 | 000,098,304 | R--- | M] (ATMEL) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ainu58x.sys -- (WLANFVNETusb(505_2958)
DRV - [2002/10/03 21:04:10 | 000,046,976 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/23 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {A9A32A3F-2B6B-4399-B6FA-2D69CE2CD5E9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{A9A32A3F-2B6B-4399-B6FA-2D69CE2CD5E9}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {A9A32A3F-2B6B-4399-B6FA-2D69CE2CD5E9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{645701DB-0A59-AE3F-8D62-BAA040AFB663}: "URL" = http://www.bing.com/...007&form=ZGAIDF
IE - HKCU\..\SearchScopes\{A76A3403-E3D9-40BE-A0F3-662FF280109D}: "URL" = http://search.yahoo....0104,6901,0,8,0
IE - HKCU\..\SearchScopes\{A9A32A3F-2B6B-4399-B6FA-2D69CE2CD5E9}: "URL" = http://www.google.co...1I7ADFA_enUS454
IE - HKCU\..\SearchScopes\{B3233372-C5DB-4CD2-BC45-AFCCB417DED3}: "URL" = http://websearch.ask...1-FB9A02497943
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/03/31 15:04:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/03/13 16:24:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/06 16:46:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/04 21:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Mozilla\Extensions
[2012/10/06 16:46:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gears.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - homepage: http://search.condui...SearchSource=48
CHR - Extension: Entanglement = C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Play Pickle = C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bllefkbpbefdodiiefpkcnigpicmhohe\
CHR - Extension: Poppit = C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/10/06 16:35:42 | 000,000,043 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1256497082843 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A5F712B-D5C6-4E3E-8476-A92A552E3BEA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25691C1E-AD7B-4BDB-A861-B53DE4D192AA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B4AA895-A6C8-4DA2-B055-7C967DE16888}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65E679E6-FA8B-4876-B57E-B58DBD6A04C3}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC934CAC-972E-4648-BF51-66BA8FA0D33B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C878DB5A-2532-4A90-89E7-83A74E7EB2D6}: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/24 23:52:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/02/05 22:09:06 | 000,000,000 | R--D | M] - D:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2011/11/22 03:31:04 | 000,000,042 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/06 17:17:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/10/06 16:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Mozilla
[2012/10/06 16:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/10/06 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
[2012/10/06 16:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/06 15:09:35 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2012/10/06 15:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2012/10/06 14:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Dell Accessories
[2012/10/06 14:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Akamai
[2012/10/06 14:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\Dell Drivers
[2012/10/06 14:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\backups
[2012/10/06 12:49:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/06 11:11:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\OTL.exe
[2012/10/05 19:21:00 | 000,098,304 | R--- | C] (ATMEL) -- C:\WINDOWS\System32\drivers\ainu58x.sys
[2012/10/05 18:56:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/10/05 17:54:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/10/03 11:13:44 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\HiJackThis.exe
[2012/10/03 10:33:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Recent
[2012/10/03 10:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
[2012/10/03 10:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Sweeper
[2012/10/02 21:36:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Chica Passwords
[2012/10/02 20:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\TuneUp Software
[2012/10/02 19:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Avg2013
[2012/09/24 13:56:52 | 002,168,160 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2012/09/24 13:56:52 | 001,607,008 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\RaCertMgr.dll
[2012/09/24 13:56:52 | 000,185,696 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2012/09/24 13:56:51 | 000,144,736 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2012/09/24 13:56:51 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2012/09/24 13:56:31 | 001,217,344 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2012/09/24 13:56:31 | 000,238,944 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2012/09/24 13:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Belkin Driver
[2012/09/24 13:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2012/09/24 13:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\InstallShield

========== Files - Modified Within 30 Days ==========

[2012/10/06 16:46:15 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/06 16:46:15 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2012/10/06 16:45:17 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AC7ECB3E-87E0-4132-A38B-E9C260C35DF0}.job
[2012/10/06 16:40:09 | 000,529,008 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/06 16:40:09 | 000,105,614 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/06 16:35:42 | 000,000,043 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/10/06 16:35:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/06 16:35:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/06 16:04:56 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\aaa.bmp
[2012/10/06 11:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\OTL.exe
[2012/10/06 09:21:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20120405092116.job
[2012/10/03 14:31:21 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\mbam.context.scan
[2012/10/03 10:57:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\HiJackThis.exe
[2012/10/03 10:30:27 | 000,245,840 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\cc_20121003_103015.reg
[2012/10/02 20:57:03 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/10/02 14:19:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/25 12:14:07 | 000,015,181 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Jasons Money Maker.odt
[2012/09/25 11:46:51 | 000,014,522 | ---- | M] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Dawn Money Maker.odt

========== Files Created - No Company Name ==========

[2012/10/06 16:46:15 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/06 16:46:15 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/06 16:46:15 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2012/10/05 21:05:14 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Desktop\aaa.bmp
[2012/10/03 14:31:21 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\mbam.context.scan
[2012/10/03 10:30:18 | 000,245,840 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\cc_20121003_103015.reg
[2012/09/25 12:14:06 | 000,015,181 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Jasons Money Maker.odt
[2012/09/25 11:46:51 | 000,014,522 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\My Documents\Dawn Money Maker.odt
[2012/09/24 13:56:52 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2012/09/24 13:56:52 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2012/09/24 13:56:51 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2012/09/24 13:56:51 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll
[2012/09/24 13:56:30 | 000,014,119 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012/08/18 22:31:28 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\dt.dat
[2012/08/16 22:38:54 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\mlog
[2012/08/12 14:39:19 | 000,090,176 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\nackpz.dat
[2012/07/19 20:41:14 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2012/07/14 17:46:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/04 12:34:27 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/10/13 23:01:48 | 000,057,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/25 16:06:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\prvlcl.dat
[2011/04/24 20:35:37 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\.swfinfo
[2011/04/01 19:08:05 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/04/01 18:58:34 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2011/04/01 18:56:27 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2011/02/07 14:16:14 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2011/02/07 14:16:14 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2011/01/10 14:22:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/27 20:31:34 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/10/25 15:49:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/09/25 00:37:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/28 19:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG
[2012/08/18 22:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG Secure Search
[2011/01/30 15:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG10
[2012/01/02 19:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG2012
[2009/12/24 18:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/24 18:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\DVDVideoSoft
[2011/01/18 22:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\DVDVideoSoftIEHelpers
[2011/04/01 18:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\FotoWire
[2012/08/28 16:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\MP3Rocket
[2012/03/14 20:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\OpenOffice.org
[2012/10/02 20:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\TuneUp Software
[2009/11/29 19:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Unity
[2011/06/18 15:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Walgreens
[2009/10/25 15:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Windows Desktop Search
[2009/12/03 21:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\Windows Search
[2012/07/18 18:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\6F63A59D2B17D979BE9B0CD37B07D287
[2012/10/02 20:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
[2012/09/24 13:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Belkin Driver
[2011/01/30 15:49:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/01/28 20:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\W3i
[2012/02/03 21:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WeCareReminder
[2011/01/18 21:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



< End of report >
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you have any questions on the Avast set up just shout. I will remove the final AVG bits with this
GeekU is generally at your own pace however, there is a requirement to be active whilst training. With a maximum absence period of two weeks

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
    [2012/10/02 19:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Local Settings\Application Data\Avg2013
    [2012/02/28 19:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG
    [2012/08/18 22:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG Secure Search
    [2011/01/30 15:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG10
    [2012/01/02 19:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AUSTIN-0FXNWUA1\Application Data\AVG2012
    [2012/10/02 20:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
    [2012/02/03 21:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WeCareReminder

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#15
elguapo

elguapo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Essexboy,

So far so good. Thank you so much for your time and efforts. I'll check back in one more day and let you know if things are still up. Filling out the form when I get back.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP