Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I can't go anywhere [Solved]

Started by chaknik , Feb 24 2013 02:06 PM

  • This topic is locked This topic is locked

#1
chaknik
Posted 24 February 2013 - 02:06 PM

chaknik

    Member

  • Member
  • PipPip
  • 30 posts
For about a week now, most links, typed URLs, search results go to 'Internet Explorer cannot display webpage'. I had a heck of a time even registering on this site. This is my second attempt to post. The first attempt lead to 'IE cannot.....'. Hopefully, this one will make it there.I had a dhcp default gateway and nameserver of 172.26.38.1 which turns out to be a non-existant domain. If anyone can help me fix this, I will be very grateful. The OTL logs follow.


OTL logfile created on: 2/24/2013 12:18:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\FREDA\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 78.85% Memory free
7.07 Gb Paging File | 6.43 Gb Available in Paging File | 90.96% Paging File free
Paging file location(s): C:\pagefile.sys 4096 12288 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.72 Gb Total Space | 216.44 Gb Free Space | 46.47% Space Free | Partition Type: NTFS

Computer Name: FREDA | User Name: FREDA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/24 12:16:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FREDA\Desktop\OTL.exe
PRC - [2013/02/14 08:11:32 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/02/10 15:43:57 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/31 09:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/08/01 03:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/10 17:21:58 | 000,210,568 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe
PRC - [2011/05/31 17:38:30 | 000,167,280 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/05/20 13:36:30 | 000,238,960 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2009/11/23 18:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 18:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 18:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2009/11/23 18:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008/10/04 12:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 06:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/10 17:22:10 | 001,048,512 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll
MOD - [2011/06/10 17:22:10 | 000,726,976 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll
MOD - [2011/06/10 17:22:10 | 000,394,176 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\WebClient.dll
MOD - [2011/06/10 17:22:08 | 000,861,120 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\UIToolkit.dll
MOD - [2011/06/10 17:22:08 | 000,608,704 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Toolkit.dll
MOD - [2011/06/10 17:22:08 | 000,147,904 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\pcre3.dll
MOD - [2011/06/10 17:22:08 | 000,099,776 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\System.dll
MOD - [2011/06/10 17:22:08 | 000,049,600 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Preferences.dll
MOD - [2011/06/10 17:22:06 | 000,132,032 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Discovery.dll
MOD - [2011/06/10 17:22:06 | 000,061,888 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\DriveDetector.dll
MOD - [2011/06/10 17:22:04 | 000,360,896 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Device.dll
MOD - [2011/06/10 17:22:02 | 000,247,744 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\DB.dll
MOD - [2011/06/10 17:22:00 | 000,097,216 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\ComCore.dll
MOD - [2011/06/10 17:21:58 | 000,210,568 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe
MOD - [2011/06/10 17:11:30 | 000,033,280 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryGeneric.plugin
MOD - [2011/06/10 17:11:26 | 000,028,160 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryMobileBroadband.plugin
MOD - [2011/06/10 17:11:22 | 000,029,696 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryVPorts.plugin
MOD - [2011/06/10 17:11:22 | 000,018,944 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryNdis.plugin
MOD - [2011/06/10 17:08:54 | 000,016,896 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\ContextSwitcher.plugin
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Services (SafeList) ==========

SRV - [2013/02/14 08:11:32 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013/02/10 15:43:57 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/09 21:48:01 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/05 17:08:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/05/31 17:38:30 | 000,167,280 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe -- (IERA)
SRV - [2011/05/20 13:36:30 | 000,238,960 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/11/23 18:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 18:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/03/31 22:54:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/22 00:25:46 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)
SRV - [2008/10/04 12:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/04/14 06:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 06:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | Auto | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | Auto | Stopped] -- -- (mdmxsdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- -- (cdrbsvsd)
DRV - [2013/02/24 11:49:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/02/20 15:52:58 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto)
DRV - [2012/11/12 04:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/19 22:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/19 22:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/16 12:44:17 | 000,083,968 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swiwdmbx.sys -- (swiwdmbx)
DRV - [2011/05/13 14:53:00 | 000,215,552 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swg3kser00.sys -- (swg3kser00)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/03 15:40:22 | 000,208,128 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/05/20 13:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/01/28 12:50:44 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/01 02:52:16 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/08/18 10:24:40 | 000,011,264 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ICDUSB3.sys -- (ICDUSB3)
DRV - [2008/01/15 18:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/10/15 15:36:07 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/10/15 15:36:07 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/02/16 13:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {EA169F57-9B7E-4A36-9B14-D0A84A80F73A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\..\SearchScopes\{EA169F57-9B7E-4A36-9B14-D0A84A80F73A}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/12/12 09:37:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/20 15:58:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/22 17:50:01 | 000,000,000 | ---D | M]

[2011/03/15 19:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Extensions
[2012/10/23 16:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions
[2013/02/20 15:57:43 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/09/14 10:16:56 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/02/08 13:56:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/05 17:07:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/02/05 17:07:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/08 13:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/02/08 13:56:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}(2)
[2013/02/22 17:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/02/22 09:21:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/22 17:49:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/02/22 17:49:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/22 09:21:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}(2)
[2013/02/05 17:08:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/08/16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008/08/16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/05/21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2008/08/16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2008/08/16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/10/22 10:59:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/22 11:00:33 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/02/10 12:38:15 | 000,444,743 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 -h-n7y15mc.firoli-sys.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-domains-registrations.com
O1 - Hosts: 127.0.0.1 www.1-domains-registrations.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 15277 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\FREDA\Start Menu\Programs\Startup\EzWare EzDesk.lnk = C:\WINDOWS\EzDesk.exe (EzWare Technology)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: friendsofjamesrogers.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: onlyimaginegraphics.com ([www] http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.4.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1258206523468 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1360358360593 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323E3141-105A-49C1-A74C-17F898A22C18}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\FREDA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/27 16:35:31 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1dee7668-f028-11de-9060-00219b29862e}\Shell - "" = AutoRun
O33 - MountPoints2\{1dee7668-f028-11de-9060-00219b29862e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1dee7668-f028-11de-9060-00219b29862e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{58833bd2-25b8-11e1-9124-000272aa9e26}\Shell - "" = AutoRun
O33 - MountPoints2\{58833bd2-25b8-11e1-9124-000272aa9e26}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{58833bd2-25b8-11e1-9124-000272aa9e26}\Shell\AutoRun\command - "" = E:\WIN\setup.exe -ap
O33 - MountPoints2\{95f25ca4-3122-11de-bceb-b47c9a5178e3}\Shell - "" = AutoRun
O33 - MountPoints2\{95f25ca4-3122-11de-bceb-b47c9a5178e3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95f25ca4-3122-11de-bceb-b47c9a5178e3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{ff392c54-f5b5-11e0-9117-000272aa9e26}\Shell - "" = AutoRun
O33 - MountPoints2\{ff392c54-f5b5-11e0-9117-000272aa9e26}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff392c54-f5b5-11e0-9117-000272aa9e26}\Shell\AutoRun\command - "" = I:\WIN\setup.exe -ap
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/24 12:16:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FREDA\Desktop\OTL.exe
[2013/02/24 11:44:26 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/02/24 11:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\Malwarebytes
[2013/02/24 11:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/24 11:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/02/24 11:44:08 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/24 11:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/23 17:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\Anvil Studio
[2013/02/23 17:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\Anvil Studio 2012
[2013/02/22 21:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\attcm_AppStart
[2013/02/22 18:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AT&T
[2013/02/20 16:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Antivirus
[2013/02/20 16:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\LavasoftStatistics
[2013/02/20 15:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2013/02/20 15:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\adawarebp
[2013/02/20 15:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/02/20 15:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2013/02/20 15:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\adawaretb
[2013/02/20 15:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/02/20 15:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
[2013/02/20 15:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013/02/20 15:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2013/02/20 15:52:59 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2013/02/20 15:52:59 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2013/02/20 15:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus
[2013/02/20 11:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\Sunbelt Software
[2013/02/15 13:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\My Documents\RCA Updater
[2013/02/15 13:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\My Documents\RCA Detective
[2013/02/15 13:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RCA Detective
[2013/02/15 13:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RCA easyRip
[2013/02/15 13:43:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\{userdocs}
[2013/02/15 13:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\My Documents\RCA easyRip
[2013/02/14 09:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\Sun
[2013/02/11 13:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\CrashDump
[2013/02/10 15:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/02/09 11:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/02/08 16:17:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/02/08 14:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Start Menu\Programs\Revo Uninstaller
[2013/02/08 13:56:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\FREDA\Recent
[2013/02/08 10:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2013/02/08 07:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/02/07 16:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\SUPERAntiSpyware.com
[2013/02/07 16:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/02/07 16:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/02/07 16:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/02/07 14:20:23 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2013/02/07 14:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2013/02/05 17:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[35 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[253 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/24 12:16:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FREDA\Desktop\OTL.exe
[2013/02/24 11:49:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/02/24 11:45:13 | 000,569,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/24 11:45:13 | 000,110,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/24 11:44:10 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/24 11:41:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/24 11:41:11 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2013/02/24 11:40:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/24 11:40:30 | 3487,723,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/24 09:19:40 | 111,077,230 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/02/23 22:31:36 | 000,574,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/23 18:14:59 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Anvil Studio 2012.lnk
[2013/02/23 17:44:23 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint Shop Pro 7.lnk
[2013/02/23 17:15:03 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Shortcut to astudio4.exe.lnk
[2013/02/23 15:59:52 | 000,003,955 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Speedtest.net - The Global Broadband Speed Test.url
[2013/02/23 15:32:53 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Weather.url
[2013/02/23 07:22:11 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\AT&T Communication Manager.lnk
[2013/02/22 21:16:33 | 000,003,634 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Novelty Midis.url
[2013/02/22 18:10:31 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AT&T Communication Manager.lnk
[2013/02/22 14:11:02 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hostsoriginal
[2013/02/21 16:41:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2013/02/21 15:54:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/21 15:25:18 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/02/21 15:25:18 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\ROC_REG_JAN.job
[2013/02/21 15:25:18 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\ROC_REG_JAN_DELETE.job
[2013/02/20 15:52:58 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2013/02/20 15:52:58 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2013/02/20 13:21:22 | 000,000,120 | -H-- | M] () -- C:\aaw7boot.cmd
[2013/02/18 14:54:32 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2013/02/18 14:43:18 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2013/02/18 14:43:18 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2013/02/17 07:45:30 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Barbie.url
[2013/02/16 23:57:00 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Wyndham Search Availability.url
[2013/02/16 21:23:14 | 000,000,221 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Not Doppler.url
[2013/02/15 13:43:52 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\RCA easyRip.lnk
[2013/02/15 13:43:52 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FREE AUDIOBOOK.URL
[2013/02/15 13:43:52 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GET FREE MP3s.URL
[2013/02/13 14:32:20 | 000,000,033 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2013/02/10 12:38:15 | 000,444,743 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/09 16:31:45 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\housecall.guid.cache
[2013/02/08 17:02:57 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\FREDA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/08 16:19:05 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/07 17:14:08 | 000,445,128 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130209-215509.backup
[2013/02/07 16:01:16 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/02/07 14:20:16 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2013/02/03 14:11:16 | 269,657,031 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_101917_196.mp4
[2013/02/02 08:23:26 | 000,000,948 | ---- | M] () -- C:\WINDOWS\QIII.INI
[2013/01/31 18:43:04 | 000,083,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/01/30 20:52:46 | 000,037,607 | ---- | M] () -- C:\Program Files\Common Files\license.rtf
[2013/01/30 20:52:46 | 000,008,046 | ---- | M] () -- C:\Program Files\Common Files\setupBanner.jpg
[2013/01/30 16:20:34 | 000,000,241 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Smith Lake Water Level.url
[2013/01/26 17:48:07 | 047,840,257 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_102509_094.mp4
[2013/01/26 17:47:34 | 223,809,133 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_104558_660.mp4
[2013/01/26 17:46:11 | 250,078,030 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_110745_669.mp4
[35 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[253 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/24 11:44:10 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/23 17:15:03 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Shortcut to astudio4.exe.lnk
[2013/02/23 17:03:19 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Anvil Studio 2012.lnk
[2013/02/23 17:03:19 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Anvil Studio 2012.lnk
[2013/02/23 15:59:52 | 000,003,955 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Speedtest.net - The Global Broadband Speed Test.url
[2013/02/23 07:22:11 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\AT&T Communication Manager.lnk
[2013/02/22 21:16:33 | 000,003,634 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Novelty Midis.url
[2013/02/22 18:10:31 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AT&T Communication Manager.lnk
[2013/02/20 16:24:04 | 000,000,944 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/02/20 15:57:34 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2013/02/20 13:21:22 | 000,000,120 | -H-- | C] () -- C:\aaw7boot.cmd
[2013/02/18 14:43:18 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2013/02/18 14:43:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2013/02/15 13:43:52 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\RCA easyRip.lnk
[2013/02/15 13:43:52 | 000,000,228 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FREE AUDIOBOOK.URL
[2013/02/15 13:43:52 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GET FREE MP3s.URL
[2013/02/15 13:43:25 | 000,459,663 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\User Manual English_TH18XXC.pdf
[2013/02/09 16:31:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\housecall.guid.cache
[2013/02/08 11:48:13 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/02/07 16:01:16 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/02/03 15:18:17 | 223,809,133 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_104558_660.mp4
[2013/02/03 15:18:16 | 047,840,257 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_102509_094.mp4
[2013/02/03 15:18:01 | 250,078,030 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_110745_669.mp4
[2013/02/03 14:11:13 | 269,657,031 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_101917_196.mp4
[2013/01/30 20:52:46 | 000,037,607 | ---- | C] () -- C:\Program Files\Common Files\license.rtf
[2013/01/30 20:52:46 | 000,008,046 | ---- | C] () -- C:\Program Files\Common Files\setupBanner.jpg
[2013/01/26 13:24:17 | 000,716,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796266127-4252608427-1798623780-1005-0.dat
[2013/01/26 13:24:17 | 000,346,498 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/11 12:23:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\rx_image.Cache
[2012/12/18 10:06:10 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/12/18 10:06:06 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/12/18 10:06:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/12/18 10:06:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/12/18 10:06:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/06/10 11:07:15 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2012/06/10 11:07:15 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2012/06/10 11:07:15 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2012/04/22 21:54:47 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\FREDA\.recently-used.xbel
[2011/11/06 11:35:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/11/06 11:30:09 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/09/02 20:38:05 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\Pen_Tablet.dat
[2011/09/02 20:35:55 | 000,000,654 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/03/15 19:11:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/14 11:30:32 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\FREDA\Application Data\ViewerApp.dat
[2010/09/07 10:20:05 | 002,755,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/05/16 21:02:56 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/22 08:31:09 | 000,019,461 | ---- | C] () -- C:\Documents and Settings\FREDA\DModem_Trace.trc
[2009/04/07 13:50:57 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2008/04/25 15:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 22:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/20 16:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Antivirus
[2013/02/20 15:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/01/22 17:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/02/22 14:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/27 18:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/07/10 08:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2013/02/20 15:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2012/08/09 23:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009/04/21 15:31:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/11/24 08:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC
[2009/09/18 14:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/10/27 18:49:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/02/20 15:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/12/28 12:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/05/23 08:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2012/11/12 11:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2011/05/26 17:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/03/31 22:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2012/03/17 12:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2013/01/20 11:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/04/21 15:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/07/22 15:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra
[2011/10/19 15:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Wireless
[2012/03/17 21:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2013/02/22 14:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/31 22:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2013/02/21 16:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus
[2013/02/20 15:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\adawaretb
[2009/04/19 12:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\Anvil Studio
[2013/02/22 14:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\AVG
[2010/10/27 19:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\AVG10
[2012/08/09 23:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\Canneverbe Limited
[2012/03/10 14:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\Canon
[2010/01/22 11:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\CoffeeCup Software
[2009/10/19 08:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/02 08:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\ElevatedDiagnostics
[2011/07/10 08:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\ERS G-Studio
[2010/05/23 08:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\GARMIN
[2011/09/03 13:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\ICAClient
[2012/04/10 06:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\inkscape
[2009/04/08 15:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\Jasc
[2009/11/22 11:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\KompoZer
[2012/11/12 11:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\Leadertech
[2012/11/20 00:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\Memeo
[2010/07/10 14:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\Namco
[2012/03/17 12:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\PCDr
[2013/01/20 11:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\Samsung
[2009/04/21 15:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\ScanSoft
[2012/11/12 11:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\Seagate
[2010/01/17 14:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\Serif
[2009/12/25 12:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\Sierra
[2011/10/19 15:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\Sierra Wireless
[2013/01/14 14:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\SmartDraw
[2012/06/28 08:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\Stykz
[2012/12/27 22:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\SwvUpdater
[2009/04/07 14:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\Windows Search
[2010/12/25 14:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\WTouch
[2009/06/05 16:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FREDA\Application Data\Xilisoft Corporation

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\FREDA\Desktop\SavedSkadoodle 2-by Freda.dmsd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\FREDA\Desktop\Roy's Toys:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\FREDA\Desktop\DefaultMyDVD9 files:Roxio EMC Stream
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE323A4
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAC5BCF5

< End of report >



OTL Extras logfile created on: 2/24/2013 12:18:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\FREDA\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 78.85% Memory free
7.07 Gb Paging File | 6.43 Gb Available in Paging File | 90.96% Paging File free
Paging file location(s): C:\pagefile.sys 4096 12288 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.72 Gb Total Space | 216.44 Gb Free Space | 46.47% Space Free | Partition Type: NTFS

Computer Name: FREDA | User Name: FREDA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with ACDSee] -- C:\Program Files\ACDSee32\ACDSee32.exe "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ZipExplode Directory] -- C:\Program Files\ZipExploder\Exploder.exe "%1" (BCW Software)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\1Ws_ftp\WS_FTP95.exe" = C:\Program Files\1Ws_ftp\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Kompozer\KompoZer 0.7.10\kompozer.exe" = C:\Program Files\Kompozer\KompoZer 0.7.10\kompozer.exe:*:Disabled:Composer -- (Mozilla Foundation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Disabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Disabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Quake III Arena\quake3.exe" = C:\Program Files\Quake III Arena\quake3.exe:*:Disabled:quake3 -- ()
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Disabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Program Files\AT&T\AT&T Communication Manager\SwiApiMuxX.exe" = C:\Program Files\AT&T\AT&T Communication Manager\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX -- (Sierra Wireless, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Disabled:WebKit -- (Apple Inc.)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting® -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0EF946E8-2406-82FB-23CD-09B39AFD781D}" = CCC Help French
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{12A3AF78-CBB5-484B-AE87-927C4DE6B9A8}" = Garmin City Navigator North America NT 2011.10 Update
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FAFEF2D-E38E-AFF2-873E-743381EF6011}" = ccc-utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{26E4576A-C55C-386C-379A-4F048FBE811F}" = Skins
"{2E625F3B-FA2B-27C4-F470-45F2D208277F}" = CCC Help English
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{371D967E-8E71-4E47-8F97-E5EC49A58556}" = AT&T Communication Manager
"{3BDC625A-5326-112C-2285-51EFFE42DD27}" = CCC Help Korean
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{486B99AF-8BCF-849E-ABAB-FC3C321EA4DA}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D860F7C-B285-64AC-EB84-343891A58885}" = Catalyst Control Center Localization All
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{55115B99-1B96-479E-AFD6-CE17FC9F94B5}" = AVG 2011
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5BF4F3D5-703F-6352-AB20-ADEFCEE81AB6}" = CCC Help Chinese Traditional
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5FD5BE54-CFAC-9CF0-8983-5931E495D2D4}" = CCC Help Italian
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{62201736-0A1F-4C6F-9C59-1AA3360CEA50}" = Homespun Collection
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A11104-530E-6702-DA2A-7D56F052FE52}" = CCC Help Hungarian
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CE979C6-E5FF-41C5-B6CC-4EE18071563B}" = SierraAddressBook 3.0
"{7E44C354-10A8-4214-9C56-F3F00775E415}_is1" = Stykz for Windows 1.0.2
"{822A27F8-420B-A5AE-D9E6-B925B84988D1}" = CCC Help German
"{8344D4A2-FE9C-4275-AE51-0FD07CC9A5DB}" = Xara3D6
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98FF6869-E903-0A4B-D2D0-7BB99C8EFAB7}" = CCC Help Chinese Standard
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2A42043-BCC2-495A-8BD6-5A905D101619}" = Anvil Studio 2012
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A676D72C-6ADD-2F00-2696-A3612D7FEB7C}" = ccc-core-static
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD2ED779-9542-9D3A-1FA5-7EBBB904C2D2}" = CCC Help Turkish
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C797EAF2-707A-4239-BDF3-F2672314A734}" = First Step Guide
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8899CF-02A9-FC4C-EF06-4DEF8D70E824}" = Catalyst Control Center Graphics Previews Common
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{CEB4458B-5F7F-478A-B69A-C16EE67C9E7D}" = Ad-Aware Antivirus
"{CEDD9A6B-7C8C-2CCB-1282-3BB949D4200E}" = Catalyst Control Center Graphics Full New
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DFF1DFAE-8545-B6A8-2A5F-22A452CB866B}" = Catalyst Control Center Graphics Light
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EADC19D5-5639-EAB9-335B-A46D8762EE95}" = Catalyst Control Center Graphics Full Existing
"{EBB54970-8AA5-2830-02D0-7DD016EBA860}" = ccc-core-preinstall
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0E10150-790C-469E-882D-3EFA82542D2E}" = AVG 2011
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C1EDB3-B1AA-55C8-FE0C-F6F7F87A7489}" = CCC Help Japanese
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{FE81A5E6-D32A-ABD7-3819-A8549CA8E3D4}" = CCC Help Portuguese
"{FF904D22-BE29-3D7C-611A-3D556DA2FE7D}" = Catalyst Control Center Core Implementation
"20/20 v2.1" = 20/20 v2.1
"ACDSee 32" = ACDSee 32
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Arachnophilia version 4.0_is1" = Arachnophilia version 4.0
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"BFGC" = Big Fish Games: Game Manager
"BFG-Hidden Wonders of the Depths 3 - Atlantis Adventures" = Hidden Wonders of the Depths 3: Atlantis Adventures
"CameraUserGuide-PSSX40HS" = Canon PowerShot SX40 HS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC 8
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MP610 series User Registration" = Canon MP610 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Codec" = DivX Codec
"DivX Player" = DivX Player 2.1
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Eye Candy 4000" = Eye Candy 4000
"FreeCell Plus" = FreeCell Plus
"GoToAssist" = GoToAssist 8.0.0.514
"HughesNetTools" = HughesNetTools
"Icon Restore_is1" = Icon Restore 1.0
"ie8" = Windows Internet Explorer 8
"Indeo® Software" = Indeo® Software
"Inkscape" = Inkscape 0.48.2
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Path Copy" = Path Copy 3.0
"Pen Tablet Driver" = Bamboo
"PhotoStitch" = Canon Utilities PhotoStitch
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.6
"Print Artist 2003" = Print Artist 2003
"PROSet" = Intel® PRO Network Connections Drivers
"Quake III Arena" = Quake III Arena
"RCA Detective™_is1" = RCA Detective™ 3.0.4.0
"RCA easyRip_is1" = RCA easyRip 2.5.9.0
"RCA Updater_is1" = RCA Updater 2.1.7.1
"RealSimpleAnniversaryClock_is1" = RealSimpleAnniversaryClock
"RegScrubXP_is1" = RegScrubXP 3.25
"Revo Uninstaller" = Revo Uninstaller 1.93
"ScanSoft PaperPort Viewer 7.0" = ScanSoft PaperPort Viewer 7.0
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 0.9.9
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"MyFreeCodec" = MyFreeCodec
"SmartDraw 6" = SmartDraw 6

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/2/2012 4:35:52 PM | Computer Name = FREDA | Source = Application Error | ID = 1000
Description = Faulting application anim.exe, version 3.0.0.4, faulting module mfc42.dll,
version 6.2.8081.0, fault address 0x0000451c.

Error - 6/3/2012 8:42:31 AM | Computer Name = FREDA | Source = Application Error | ID = 1000
Description = Faulting application psp.exe, version 7.0.0.4, faulting module psp.exe,
version 7.0.0.4, fault address 0x000c752d.

Error - 6/3/2012 8:44:57 AM | Computer Name = FREDA | Source = Application Error | ID = 1000
Description = Faulting application psp.exe, version 7.0.0.4, faulting module psp.exe,
version 7.0.0.4, fault address 0x000c752d.

Error - 6/3/2012 1:00:30 PM | Computer Name = FREDA | Source = Application Hang | ID = 1002
Description = Hanging application moviemk.exe, version 2.1.4028.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/3/2012 3:28:00 PM | Computer Name = FREDA | Source = Application Error | ID = 1000
Description = Faulting application anim.exe, version 3.0.0.4, faulting module mfc42.dll,
version 6.2.8081.0, fault address 0x0007327b.

Error - 6/3/2012 5:32:21 PM | Computer Name = FREDA | Source = Application Error | ID = 1000
Description = Faulting application anim.exe, version 3.0.0.4, faulting module mfc42.dll,
version 6.2.8081.0, fault address 0x0000451c.

Error - 11/14/2012 5:57:45 PM | Computer Name = FREDA | Source = Application Error | ID = 1000
Description = Faulting application dreamweaver.exe, version 4.0.1064.0, faulting
module dreamweaver.exe, version 4.0.1064.0, fault address 0x00046189.

Error - 11/20/2012 12:17:17 PM | Computer Name = FREDA | Source = Application Error | ID = 1000
Description = Faulting application spybotsd.exe, version 1.6.2.46, faulting module
spybotsd.exe, version 1.6.2.46, fault address 0x000049ee.

Error - 2/21/2013 6:36:52 PM | Computer Name = FREDA | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 2/21/2013 6:36:56 PM | Computer Name = FREDA | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ System Events ]
Error - 11/20/2012 11:21:27 AM | Computer Name = FREDA | Source = Service Control Manager | ID = 7024
Description = The IIS Admin service terminated with service-specific error 2147549183
(0x8000FFFF).

Error - 11/20/2012 11:21:57 AM | Computer Name = FREDA | Source = DCOM | ID = 10010
Description = The server {A9E69610-B80D-11D0-B9B9-00A0C922E750} did not register
with DCOM within the required timeout.

Error - 11/20/2012 11:46:13 AM | Computer Name = FREDA | Source = Service Control Manager | ID = 7000
Description = The StarOpen service failed to start due to the following error: %%2

Error - 11/20/2012 11:46:13 AM | Computer Name = FREDA | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the Windows Image
Acquisition (WIA) service which failed to start because of the following error:
%%1058

Error - 11/20/2012 11:50:26 AM | Computer Name = FREDA | Source = Service Control Manager | ID = 7022
Description = The IIS Admin service hung on starting.

Error - 11/20/2012 11:50:26 AM | Computer Name = FREDA | Source = Service Control Manager | ID = 7001
Description = The World Wide Web Publishing service depends on the IIS Admin service
which failed to start because of the following error: %%1070

Error - 11/20/2012 11:50:27 AM | Computer Name = FREDA | Source = Service Control Manager | ID = 7024
Description = The IIS Admin service terminated with service-specific error 2147549183
(0x8000FFFF).

Error - 11/20/2012 11:50:56 AM | Computer Name = FREDA | Source = DCOM | ID = 10010
Description = The server {A9E69610-B80D-11D0-B9B9-00A0C922E750} did not register
with DCOM within the required timeout.

Error - 11/20/2012 12:50:22 PM | Computer Name = FREDA | Source = Service Control Manager | ID = 7024
Description = The IIS Admin service terminated with service-specific error 2147549183
(0x8000FFFF).

Error - 11/20/2012 12:50:52 PM | Computer Name = FREDA | Source = DCOM | ID = 10010
Description = The server {A9E69610-B80D-11D0-B9B9-00A0C922E750} did not register
with DCOM within the required timeout.


< End of report >
  • 0

Advertisements

#2
chaknik
Posted 24 February 2013 - 02:23 PM

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Sorry about the double post. My computer is being contrary and I don't know how to edit a post yet.
  • 0

#3
emeraldnzl
Posted 25 February 2013 - 02:29 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello chaknik,

Welcome to geekstogo.

I see you have Malwarebytes on your machine. Please uninstall AVG (you can reinstall it afterwards) as it may interfere with the tools we want to use.

After that please run MBAM.

  • Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the last two reports in your next reply i.e. the last one you ran and this one.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#4
chaknik
Posted 25 February 2013 - 05:33 PM

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Thanks for giving my case your attention. I uninstalled AVG and ran mbam. After the scan, select all and remove, I was directed to restart, which I did. The machine got to the 'Windows is shutting down' screen and locked. I waited several minutes but nothing happened, then I did a hard shutdown with off button. After restart, I opened the mbam log tab and there was only one log. I have been unable to update mbam database for quite some time so I uninstalled and reinstalled newer version. Sorry if that hindered too much. Here is the mbam log I just ran:


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.14.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
FREDA :: FREDA [administrator]

2/25/2013 4:09:15 PM
mbam-log-2013-02-25 (16-09-15).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 387459
Time elapsed: 59 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\FREDA\Application Data\SwvUpdater (PUP.Software.Updater) -> Quarantined and deleted successfully.

Files Detected: 5
C:\Documents and Settings\FREDA\Application Data\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1156\A0115375.exe (PUP.Adbundler) -> Quarantined and deleted successfully.
C:\Documents and Settings\FREDA\Application Data\SwvUpdater\Updater.xml (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\FREDA\Application Data\SwvUpdater\status.cfg (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.

(end)

Edited by chaknik, 25 February 2013 - 05:34 PM.

  • 0

#5
emeraldnzl
Posted 25 February 2013 - 06:02 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I have been unable to update mbam database for quite some time so I uninstalled and reinstalled newer version.


Is the new version updating and working okay?

Now

Please download AdwCleaner from here to your desktop
  • Click on the green downward facing arrow on the right to commence download.
  • Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this.

On reboot a log will be produced please post that back here.

After that

Please download Security Check by screen317 from here .

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
When you return please post
  • AdwCleaner log
  • checkup.txt
  • 0

#6
chaknik
Posted 25 February 2013 - 07:49 PM

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
The mbam was a recent download but database still 71 days old and unable to update from mbam start or from within the running program. Always times out. Had trouble downloading the two programs you mentioned. I keep timing out and have to retry. Here are the files you requested:


# AdwCleaner v2.113 - Logfile created 02/25/2013 at 19:12:02
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : FREDA - FREDA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\FREDA\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\FREDA\Application Data\adawaretb
Folder Found : C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\adawaretb
Folder Found : C:\Program Files\adawaretb

***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\prefs.js

Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

*************************

AdwCleaner[R1].txt - [1726 octets] - [25/02/2013 19:12:02]

########## EOF - C:\AdwCleaner[R1].txt - [1786 octets] ##########



Results of screen317's Security Check version 0.99.59
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Lavasoft Ad-Aware
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
MVPS Hosts File
Spybot - Search & Destroy
SUPERAntiSpyware
Windows Defender
Malwarebytes Anti-Malware version 1.70.0.1100
AVG PC Tuneup
Java™ 6 Update 37
Java 7 Update 13
Adobe Flash Player 11.0.1.152
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 18.0.2 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````
  • 0

#7
chaknik
Posted 25 February 2013 - 08:06 PM

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
For what it's worth, my internet connection is thru an AT&T Momentum 4G Air Card-Sierra Wireless 313usb. It has worked very well for several months. I'm having problems on two other computers, problems similar to this one. The Air Card and router are common to all computers usually. For now I have the card plugged directly into a usb port on this computer. Just wanted to add this info. Thanks again for you efforts.

Edited by chaknik, 25 February 2013 - 08:31 PM.

  • 0

#8
emeraldnzl
Posted 25 February 2013 - 08:59 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello chaknik,

Security Check shows multiple security programs on your computer. They will likely be conflicting. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Personally I would uninstall Ad-Aware, Spybot - Search & Destroy and SUPERAntiSpyware for the time being and when we are finished reinstall an anti-virus and keep one spyware one (MBAM maybe).

For now though we should at least do something about Spybot Search and Destroy. TeaTimer in that program will interfere with our tools if it is running. Would also interfere with MBAM.

How to disable TeaTimer so it does not interfere with the changes we are going to make.

  • Start Spybot-S&D
  • Go to the Mode menu and make sure Advanced Mode is selected
  • On the left hand side choose Tools and then click on Resident
  • Uncheck Resident Tea Timer and choose OK for any other prompts
  • Restart your computer

Next

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...}&ychte=us&nt=1
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/12/12 09:37:27 | 000,000,000 | ---D | M]
[2013/02/20 15:57:43 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013/02/08 13:56:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O33 - MountPoints2\{1dee7668-f028-11de-9060-00219b29862e}\Shell - "" = AutoRun
O33 - MountPoints2\{1dee7668-f028-11de-9060-00219b29862e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1dee7668-f028-11de-9060-00219b29862e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{58833bd2-25b8-11e1-9124-000272aa9e26}\Shell - "" = AutoRun
O33 - MountPoints2\{58833bd2-25b8-11e1-9124-000272aa9e26}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{58833bd2-25b8-11e1-9124-000272aa9e26}\Shell\AutoRun\command - "" = E:\WIN\setup.exe -ap
O33 - MountPoints2\{95f25ca4-3122-11de-bceb-b47c9a5178e3}\Shell - "" = AutoRun
O33 - MountPoints2\{95f25ca4-3122-11de-bceb-b47c9a5178e3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95f25ca4-3122-11de-bceb-b47c9a5178e3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{ff392c54-f5b5-11e0-9117-000272aa9e26}\Shell - "" = AutoRun
O33 - MountPoints2\{ff392c54-f5b5-11e0-9117-000272aa9e26}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff392c54-f5b5-11e0-9117-000272aa9e26}\Shell\AutoRun\command - "" = I:\WIN\setup.exe -ap
O34 - HKLM BootExecute: (autocheck autochk *)
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE323A4
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAC5BCF5

:Files
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
Finally in this post

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
Note: If the log doesn't appear where you saved OTL when you downloaded it then a copy of the OTL log is saved in a text file at

When you return please post
  • OTL fix.txt.
  • OTL scan .txt
  • 0

#9
chaknik
Posted 26 February 2013 - 09:05 AM

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Well, I tried to sign back in last night but I kept getting 'Google Sorry...

We're sorry...
... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.

See Google Help for more information'. I had to try several times before I was able to sign in just now. Didn't get the Google warning, it just kept timing out. I have uninstalled Ad-aware, SpyBot S&D, and Superantispyware. I copied the text from your post and pasted it in OTL. Clicked 'Run Fix' and all the icons on desktop and the taskbar left. Used "Shutdown-Restart" in task manager to restart. No log file was generated so I tried again. Same results, blank screen, restart with task manager, no log file. I just tried it again and noticed "Not Responding" when I tried to close OTL. ???????????????

Edited by chaknik, 26 February 2013 - 11:12 AM.

  • 0

#10
emeraldnzl
Posted 26 February 2013 - 11:38 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello chaknik,

Clicked 'Run Fix' and all the icons on desktop and the taskbar left. Used "Shutdown-Restart" in task manager to restart.


It's normal for your desktop to disappear and it can sometimes take a while for OTL to complete. It can appear as if it is doing nothing when actually it is working at a very deep level. Having said that you would not leave it more than say half an hour before taking action.

No log file was generated so I tried again.


If the log doesn't appear where you saved OTL when you downloaded it, then a copy of the OTL log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

Check there and see if you can find it but from you description of events it seems that OTL might not have had a chance to complete.

We're sorry...
... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.


Hmm... I think we might need to try another approach but first check the OTL one to see if there is a log. Come back and tell me how you got on. :)
  • 0

Advertisements

#11
chaknik
Posted 26 February 2013 - 04:33 PM

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I've been trying to sign in for a couple hours. Keep getting the Google warning and can't go any further. I ran the OTL scan with the copied text applied, two more times. The first was 30 minutes at which time I returned to the computer and the OTL window was completely white, no text,symbols-nothing. I forced it to stop, rebooted and tried again. After 45 minutes, this is what the OTL window looked like. I did check the 'moved' folder and there were several folders but all were empty. Please don't give up on me, I'm at a total loss.

Attached Thumbnails

  • OTL screencapture.jpg

  • 0

#12
emeraldnzl
Posted 26 February 2013 - 05:12 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello chaknik,

Sorry for the delay, had to step out for an hour. :)

Now

Let's see if you can download and run this one. Try it in normal mode, if that doesn't work then try in Safe Mode.

Don't hesitate to come back if you run into difficulty. Also, one thing you might do, if you haven't already done so, is to reset your modem/router. Try turning it off, leaving it for say 30 seconds and then turning it back on.

How to boot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Download RogueKiller to your desktop

Note: This is a French tool so don't be surprised when you find the page displays with some French.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • Click on Scan

    Posted Image
  • Wait for the scan to finish.
  • The report is created on your desktop.
  • Click on the Delete button

    Posted Image
  • The report is created on your desktop.
  • Next click on the ShortcutsFix button.

    Posted Image
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of all the RKreport.txt files from your desktop in your next Reply.
  • 0

#13
chaknik
Posted 26 February 2013 - 05:49 PM

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hope this gets to you. It looks confusing on my end! There's a RK Quarantine folder that I can't attach or copy and paste. Can I close the RogueKiller window?

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : FREDA [Admin rights]
Mode : Scan -- Date : 02/26/2013 17:26:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND
[TASK][SUSP PATH] ROC_REG_JAN.job : C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe /TASK_REGISTER [7] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 -h-n7y15mc.firoli-sys.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 0scan.com
127.0.0.1 www.0scan.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502IJ +++++
--- User ---
[MBR] 45ddf30012c31eff4afde8a7c45e2bee
[BSP] 57ebeff2313f991a6fe753b171cc7198 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 476899 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02262013_02d1726.txt >>
RKreport[1]_S_02262013_02d1726.txt

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : FREDA [Admin rights]
Mode : Remove -- Date : 02/26/2013 17:27:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> DELETED
[TASK][SUSP PATH] ROC_REG_JAN.job : C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe /TASK_REGISTER [7] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 -h-n7y15mc.firoli-sys.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 0scan.com
127.0.0.1 www.0scan.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502IJ +++++
--- User ---
[MBR] 45ddf30012c31eff4afde8a7c45e2bee
[BSP] 57ebeff2313f991a6fe753b171cc7198 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 476899 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02262013_02d1727.txt >>
RKreport[1]_S_02262013_02d1726.txt ; RKreport[2]_D_02262013_02d1727.txt
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : FREDA [Admin rights]
Mode : Shortcuts HJfix -- Date : 02/26/2013 17:29:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 28 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 264 / Fail 0
My documents: Success 129 / Fail 129
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 278 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\Harddisk1\DP(1)0-0+8 -- 0x2 --> Restored
[F:] \Device\Harddisk2\DP(1)0-0+9 -- 0x2 --> Restored
[G:] \Device\Harddisk3\DP(1)0-0+a -- 0x2 --> Restored
[H:] \Device\Harddisk4\DP(1)0-0+b -- 0x2 --> Restored
[I:] \Device\Harddisk5\DP(1)0-0+e -- 0x2 --> Restored

Finished : << RKreport[3]_SC_02262013_02d1729.txt >>
RKreport[1]_S_02262013_02d1726.txt ; RKreport[2]_D_02262013_02d1727.txt ; RKreport[3]_SC_02262013_02d1729.txt















Time : 26/02/2013 17:26:44
--------------------------
[ROC.exe.vir] -> C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe
[ROC.exe.vir] -> C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe

Quarantine Report
Time : 26/02/2013 17:27:07
--------------------------
[ROC.exe.vir] -> C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe
[ROC.exe.vir] -> C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe
[ROC.exe.vir] -> C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe
[ROC.exe.vir] -> C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe


Time : 26/02/2013 17:29:25
--------------------------
[ROC.exe.vir] -> C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe
[ROC.exe.vir] -> C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe
[ROC.exe.vir] -> C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe
[ROC.exe.vir] -> C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe

Attached Files


Edited by chaknik, 26 February 2013 - 06:10 PM.

  • 0

#14
emeraldnzl
Posted 26 February 2013 - 06:07 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Can I close the RogueKiller window?


Yes.

There's a RK Quarantine folder that I can't attach or copy and paste.


Don't worry about that one. If we need it we will come back to it.

Now

Please download ComboFix from one of this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
  • 0

#15
chaknik
Posted 26 February 2013 - 07:28 PM

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here's the Combofix results:

ComboFix 13-02-26.01 - FREDA 02/26/2013 19:10:07.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2754 [GMT -6:00]
Running from: c:\documents and settings\FREDA\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\FREDA\Application Data\WTouch
c:\documents and settings\FREDA\Application Data\WTouch\WTouch.xml
c:\documents and settings\FREDA\WINDOWS
c:\program files\Internet Explorer\SET1CB.tmp
c:\program files\Internet Explorer\SET1CC.tmp
c:\program files\Internet Explorer\SET1FB.tmp
c:\program files\Internet Explorer\SET1FC.tmp
c:\program files\Internet Explorer\SET6.tmp
c:\program files\Internet Explorer\SET7.tmp
c:\program files\Internet Explorer\SETA.tmp
c:\program files\Internet Explorer\SETB.tmp
c:\program files\Internet Explorer\SETC.tmp
c:\program files\Internet Explorer\SETD.tmp
c:\program files\Internet Explorer\SETE.tmp
c:\program files\Internet Explorer\SETEFD.tmp
c:\program files\Internet Explorer\SETEFE.tmp
c:\program files\Internet Explorer\SETF.tmp
c:\windows\system32\Cache
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
c:\windows\system32\SET10.tmp
c:\windows\system32\SET11.tmp
c:\windows\system32\SET12.tmp
c:\windows\system32\SET13.tmp
c:\windows\system32\SET14.tmp
c:\windows\system32\SET15.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET17.tmp
c:\windows\system32\SET18.tmp
c:\windows\system32\SET19.tmp
c:\windows\system32\SET1B.tmp
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET1CE.tmp
c:\windows\system32\SET1CF.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1D0.tmp
c:\windows\system32\SET1D1.tmp
c:\windows\system32\SET1D2.tmp
c:\windows\system32\SET1D3.tmp
c:\windows\system32\SET1D4.tmp
c:\windows\system32\SET1D5.tmp
c:\windows\system32\SET1D6.tmp
c:\windows\system32\SET1D7.tmp
c:\windows\system32\SET1D8.tmp
c:\windows\system32\SET1D9.tmp
c:\windows\system32\SET1DA.tmp
c:\windows\system32\SET1DC.tmp
c:\windows\system32\SET1DD.tmp
c:\windows\system32\SET1DE.tmp
c:\windows\system32\SET1DF.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET1E0.tmp
c:\windows\system32\SET1E1.tmp
c:\windows\system32\SET1E2.tmp
c:\windows\system32\SET1E3.tmp
c:\windows\system32\SET1E4.tmp
c:\windows\system32\SET1E5.tmp
c:\windows\system32\SET1E6.tmp
c:\windows\system32\SET1E7.tmp
c:\windows\system32\SET1E8.tmp
c:\windows\system32\SET1E9.tmp
c:\windows\system32\SET1EA.tmp
c:\windows\system32\SET1EB.tmp
c:\windows\system32\SET1EC.tmp
c:\windows\system32\SET1ED.tmp
c:\windows\system32\SET1EE.tmp
c:\windows\system32\SET1EF.tmp
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET1F0.tmp
c:\windows\system32\SET1F1.tmp
c:\windows\system32\SET1FE.tmp
c:\windows\system32\SET1FF.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET200.tmp
c:\windows\system32\SET201.tmp
c:\windows\system32\SET202.tmp
c:\windows\system32\SET203.tmp
c:\windows\system32\SET204.tmp
c:\windows\system32\SET205.tmp
c:\windows\system32\SET206.tmp
c:\windows\system32\SET207.tmp
c:\windows\system32\SET208.tmp
c:\windows\system32\SET209.tmp
c:\windows\system32\SET20A.tmp
c:\windows\system32\SET20C.tmp
c:\windows\system32\SET20D.tmp
c:\windows\system32\SET20E.tmp
c:\windows\system32\SET20F.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\SET211.tmp
c:\windows\system32\SET212.tmp
c:\windows\system32\SET213.tmp
c:\windows\system32\SET214.tmp
c:\windows\system32\SET215.tmp
c:\windows\system32\SET216.tmp
c:\windows\system32\SET217.tmp
c:\windows\system32\SET218.tmp
c:\windows\system32\SET219.tmp
c:\windows\system32\SET21A.tmp
c:\windows\system32\SET21B.tmp
c:\windows\system32\SET21C.tmp
c:\windows\system32\SET21D.tmp
c:\windows\system32\SET21E.tmp
c:\windows\system32\SET21F.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET220.tmp
c:\windows\system32\SET221.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET33.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SET35.tmp
c:\windows\system32\SET36.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3A.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET44.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\SET51.tmp
c:\windows\system32\SET52.tmp
c:\windows\system32\SET53.tmp
c:\windows\system32\SET54.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\SET58.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5A.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET5D.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\SET64.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET68.tmp
c:\windows\system32\SET69.tmp
c:\windows\system32\SET6A.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET6C.tmp
c:\windows\system32\SET6D.tmp
c:\windows\system32\SET6E.tmp
c:\windows\system32\SET6F.tmp
c:\windows\system32\SET70.tmp
c:\windows\system32\SET71.tmp
c:\windows\system32\SET72.tmp
c:\windows\system32\SET73.tmp
c:\windows\system32\SET74.tmp
c:\windows\system32\SET75.tmp
c:\windows\system32\SET76.tmp
c:\windows\system32\SET77.tmp
c:\windows\system32\SET78.tmp
c:\windows\system32\SET79.tmp
c:\windows\system32\SET7A.tmp
c:\windows\system32\SET7B.tmp
c:\windows\system32\SET7C.tmp
c:\windows\system32\SET7D.tmp
c:\windows\system32\SET7E.tmp
c:\windows\system32\SET7F.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET81.tmp
c:\windows\system32\SET83.tmp
c:\windows\system32\SET84.tmp
c:\windows\system32\SET85.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\SET87.tmp
c:\windows\system32\SET88.tmp
c:\windows\system32\SET89.tmp
c:\windows\system32\SET8A.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET8C.tmp
c:\windows\system32\SET8D.tmp
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET8F.tmp
c:\windows\system32\SET9.tmp
c:\windows\system32\SET90.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SET92.tmp
c:\windows\system32\SET93.tmp
c:\windows\system32\SET94.tmp
c:\windows\system32\SET95.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET98.tmp
c:\windows\system32\SETA.tmp
c:\windows\system32\SETB.tmp
c:\windows\system32\SETC.tmp
c:\windows\system32\SETD.tmp
c:\windows\system32\SETE.tmp
c:\windows\system32\SETF.tmp
c:\windows\system32\SETF00.tmp
c:\windows\system32\SETF01.tmp
c:\windows\system32\SETF02.tmp
c:\windows\system32\SETF03.tmp
c:\windows\system32\SETF04.tmp
c:\windows\system32\SETF05.tmp
c:\windows\system32\SETF06.tmp
c:\windows\system32\SETF07.tmp
c:\windows\system32\SETF08.tmp
c:\windows\system32\SETF09.tmp
c:\windows\system32\SETF0A.tmp
c:\windows\system32\SETF0B.tmp
c:\windows\system32\SETF0C.tmp
c:\windows\system32\SETF0E.tmp
c:\windows\system32\SETF0F.tmp
c:\windows\system32\SETF10.tmp
c:\windows\system32\SETF11.tmp
c:\windows\system32\SETF12.tmp
c:\windows\system32\SETF13.tmp
c:\windows\system32\SETF14.tmp
c:\windows\system32\SETF15.tmp
c:\windows\system32\SETF16.tmp
c:\windows\system32\SETF17.tmp
c:\windows\system32\SETF18.tmp
c:\windows\system32\SETF19.tmp
c:\windows\system32\SETF1A.tmp
c:\windows\system32\SETF1B.tmp
c:\windows\system32\SETF1C.tmp
c:\windows\system32\SETF1D.tmp
c:\windows\system32\SETF1E.tmp
c:\windows\system32\SETF1F.tmp
c:\windows\system32\SETF20.tmp
c:\windows\system32\SETF21.tmp
c:\windows\system32\SETF22.tmp
c:\windows\system32\SETF23.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
c:\windows\system32\drivers\i8042prt.sys was missing
Restored copy from - c:\windows\system32\dllcache\i8042prt.sys
.
.
((((((((((((((((((((((((( Files Created from 2013-01-27 to 2013-02-27 )))))))))))))))))))))))))))))))
.
.
2013-02-27 01:14 . 2013-02-27 01:14 -------- d-----w- c:\documents and settings\FREDA\Application Data\WTouch
2013-02-27 01:12 . 2008-04-14 05:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2013-02-27 01:12 . 2008-04-14 05:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2013-02-26 06:02 . 2009-01-09 22:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2013-02-26 06:02 . 2013-02-26 06:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AdminHelper
2013-02-26 06:01 . 2013-02-26 06:01 -------- d-----w- c:\program files\Common Files\Research In Motion
2013-02-26 06:01 . 2013-02-26 06:01 -------- d-----w- c:\program files\LG Electronics
2013-02-26 04:36 . 2013-02-26 04:36 -------- d-----w- C:\_OTL
2013-02-25 22:04 . 2013-02-25 22:04 -------- d-----w- c:\documents and settings\FREDA\Application Data\TuneUp Software
2013-02-24 17:44 . 2013-02-24 17:44 -------- d-----w- c:\documents and settings\FREDA\Application Data\Malwarebytes
2013-02-24 17:44 . 2013-02-24 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-02-24 17:44 . 2013-02-24 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-24 17:44 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-23 23:14 . 2013-02-23 23:36 -------- d-----w- c:\documents and settings\FREDA\Local Settings\Application Data\Anvil Studio
2013-02-23 23:03 . 2013-02-23 23:03 -------- d-----w- c:\program files\Anvil Studio 2012
2013-02-23 03:50 . 2013-02-23 03:50 -------- d-----w- c:\documents and settings\FREDA\Local Settings\Application Data\attcm_AppStart
2013-02-22 23:50 . 2013-02-22 23:50 -------- d-----w- c:\windows\system32\wbem\Repository
2013-02-20 22:22 . 2013-02-20 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Antivirus
2013-02-20 22:20 . 2013-02-26 05:06 -------- d-----w- c:\documents and settings\FREDA\Application Data\LavasoftStatistics
2013-02-20 21:58 . 2013-02-20 21:58 -------- d-----w- c:\documents and settings\FREDA\Local Settings\Application Data\adawarebp
2013-02-20 21:58 . 2013-02-26 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2013-02-20 21:57 . 2013-02-20 21:57 -------- d-----w- c:\program files\Toolbar Cleaner
2013-02-20 21:57 . 2013-02-26 05:06 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-02-20 21:55 . 2013-02-20 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2013-02-20 21:52 . 2013-02-20 21:52 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-02-20 21:52 . 2013-02-20 21:52 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-02-20 21:52 . 2013-02-21 22:45 -------- d-----w- c:\documents and settings\FREDA\Application Data\Ad-Aware Antivirus
2013-02-20 19:21 . 2013-02-20 19:21 120 ----a-w- C:\aaw7boot.cmd
2013-02-15 19:43 . 2013-02-15 19:43 -------- d-----w- c:\windows\system32\{userdocs}
2013-02-14 15:03 . 2013-02-14 15:03 -------- d-----w- c:\documents and settings\FREDA\Local Settings\Application Data\Sun
2013-02-10 21:44 . 2013-02-10 21:44 -------- d-----w- c:\program files\Common Files\Java
2013-02-10 21:44 . 2013-02-10 21:43 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-08 22:17 . 2013-02-08 22:17 -------- dc-h--w- c:\windows\ie8
2013-02-08 22:03 . 2012-11-01 12:17 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-02-08 13:58 . 2013-02-08 13:58 -------- d-----w- c:\program files\VS Revo Group
2013-02-07 23:11 . 2013-02-07 23:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-02-07 20:20 . 2013-02-07 20:20 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2013-02-07 20:18 . 2013-02-07 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2013-01-31 02:52 . 2013-01-31 02:52 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-01-31 02:52 . 2013-01-31 02:52 773968 ----a-w- c:\windows\system32\msvcr100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 21:43 . 2012-07-23 18:37 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-10 21:43 . 2012-07-23 18:37 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-10 21:43 . 2010-05-12 11:39 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-10 03:48 . 2012-06-09 15:22 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 03:48 . 2011-05-26 23:52 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-18 16:06 . 2013-01-20 17:49 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-12-18 16:06 . 2012-12-18 16:06 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-12-18 16:06 . 2012-12-18 16:06 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-12-18 16:06 . 2012-12-18 16:06 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-12-18 16:06 . 2012-12-18 16:06 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-12-18 16:06 . 2012-12-18 16:06 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-12-18 16:06 . 2012-12-18 16:06 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-12-18 16:06 . 2012-12-18 16:06 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-12-18 16:06 . 2012-12-18 16:06 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-12-18 16:06 . 2012-12-18 16:06 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-12-18 16:06 . 2012-12-18 16:06 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-12-18 16:06 . 2012-12-18 16:06 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-12-18 16:06 . 2012-12-18 16:06 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-12-18 16:06 . 2012-12-18 16:06 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-12-18 16:06 . 2012-12-18 16:06 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-12-18 16:06 . 2012-12-18 16:06 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-12-18 16:06 . 2012-12-18 16:06 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-12-18 16:06 . 2012-12-18 16:06 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-12-18 16:06 . 2012-12-18 16:06 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-12-18 16:06 . 2012-12-18 16:06 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-12-18 16:06 . 2012-12-18 16:06 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-12-18 16:06 . 2012-12-18 16:06 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-12-18 16:06 . 2012-12-18 16:06 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-12-18 16:06 . 2012-12-18 16:06 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-12-18 16:06 . 2012-12-18 16:06 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-12-18 16:06 . 2012-12-18 16:06 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-12-18 16:06 . 2012-12-18 16:06 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-12-18 16:06 . 2012-12-18 16:06 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-12-18 16:06 . 2012-12-18 16:06 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-12-18 16:06 . 2013-01-20 17:49 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-12-18 16:06 . 2013-01-20 17:49 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-12-18 16:06 . 2013-01-20 17:49 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2008-08-16 22:42 . 2013-02-05 23:07 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 22:42 . 2013-02-05 23:07 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 22:42 . 2013-02-05 23:07 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 22:42 . 2013-02-05 23:07 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 22:43 . 2013-02-05 23:07 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 22:42 . 2013-02-05 23:07 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 22:42 . 2013-02-05 23:07 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 13:41 . 2013-02-05 23:07 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 13:41 . 2013-02-05 23:07 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 13:41 . 2013-02-05 23:07 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 18:58 . 2013-02-05 23:08 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 22:42 . 2013-02-05 23:08 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2013-02-05 23:08 . 2013-02-05 23:07 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"attcm_AppStart.exe"="c:\program files\AT&T\AT&T Communication Manager\attcm_AppStart.exe" [2012-12-18 219688]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-31 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-04-01 04:54 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Auto Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk
backup=c:\windows\pss\Auto Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^FREDA^Start Menu^Programs^Startup^EzWare EzDesk.lnk]
path=c:\documents and settings\FREDA\Start Menu\Programs\Startup\EzWare EzDesk.lnk
backup=c:\windows\pss\EzWare EzDesk.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^FREDA^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\FREDA\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HughesNet Download Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 16:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-03-05 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-04-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2008-11-03 14:54 1745648 -c--a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 19:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 09:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-12-21 00:44 1476104 ----a-w- c:\program files\SAMSUNG\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-12-21 00:44 310280 ----a-w- c:\program files\SAMSUNG\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 17:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 17:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 -c--a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 17:22 221184 -c--a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 15:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 01:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\1Ws_ftp\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Kompozer\\KompoZer 0.7.10\\kompozer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AT&T\\AT&T Communication Manager\\SwiApiMuxX.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2/20/2013 3:52 PM 13560]
R2 AdminHelper.exe;AdminHelper.exe;c:\program files\AT&T\AT&T Communication Manager\AdminHelper.exe [12/18/2012 10:06 AM 56360]
R2 IERA;Sierra Wireless Error Reporting Agent;c:\program files\Sierra Wireless Inc\IERA\IERA.exe [10/19/2011 3:40 PM 167280]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [6/24/2011 12:10 PM 238960]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [12/25/2010 2:13 PM 4497704]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [12/25/2010 2:14 PM 113448]
R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\drivers\swg3kser00.sys [10/19/2011 3:41 PM 215552]
R3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\drivers\swiwdmbx.sys [10/19/2011 3:41 PM 83968]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [10/19/2011 3:41 PM 209536]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [1/20/2013 11:52 AM 83168]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [9/29/2009 10:01 AM 11264]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [1/20/2013 11:52 AM 181344]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 03:48]
.
2012-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-02-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: friendsofjamesrogers.com\www
Trusted Zone: onlyimaginegraphics.com\www
TCP: DhcpNameServer = 172.26.38.1 172.26.38.2
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - ExtSQL: 2013-02-20 15:57; jid1-yZwVFzbsyfMrqQ@jetpack; c:\documents and settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: !HIDDEN! 2009-12-03 07:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-HughesNetTools_McciTrayApp - c:\program files\HughesNetTools\1\McciTrayApp_SSR.exe
MSConfigStartUp-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-26 19:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-796266127-4252608427-1798623780-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(2712)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\WTouch\WTouchUser.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\locator.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2013-02-26 19:18:02 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-27 01:18
.
Pre-Run: 310,066,184,192 bytes free
Post-Run: 310,096,912,384 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4CF0811554BDC8FE8310E577C2D6EDD0
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP