Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ad ware, weather alerts, redirections, survey pop ups


  • Please log in to reply

#1
kolchak

kolchak

    Member

  • Member
  • PipPip
  • 38 posts
Hi
I apologize in advance for not being more descriptive about my specific issues but I'm not very IT astute - as evidenced by the number of viruses on my computer.
I have a Dell desk top running XP professional that was recently purchased from my employer when we upgraded some work stations. I believe the only anti virus on the machine is the free version of AVG.

With in a couple weeks of surfing the ad ware, weather alerts began and then my browser was redirected every time I opened a google search page, clicked into a dialogue box, clicked next on a web page, etc. When reading blog sites like pro football talk, the blog titles are covered by flashing boxes with warnings about the computer being ready to crash, winning prizes, etc.
There is an ad at the bottom of this page saying I need to update my version of media player. Under the box it says "Ads by ReMarkable" on the bottom left and "Ad Options" on bottom right.

I probably caught these viruses from surfing "R" (or worse) rated websites. That being said, If someone wants to discuss a project to develop a "cyber condom" to specifically protect users who occasionally view naughty websites I'd consider funding it! :)

If possible please couch any answer in layman's terms. Just let me know if there is a more appropriate place low I.T. I.Q. people should start.

thank you very much!
BTW - I may only have time to check replies once per day

Kolchak

TL logfile created on: 1/14/2014 10:03:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 73.93% Memory free
5.33 Gb Paging File | 4.27 Gb Available in Paging File | 80.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 64.85 Gb Free Space | 87.05% Space Free | Partition Type: NTFS

Computer Name: USER-A558C5C1C2 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/14 10:03:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2014/01/06 23:05:55 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/12/16 04:09:22 | 002,251,552 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2013/11/13 17:31:02 | 000,546,304 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp.exe
PRC - [2013/11/13 10:37:44 | 000,166,072 | ---- | M] (Local Weather LLC) -- C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe
PRC - [2013/10/29 21:18:56 | 000,439,296 | ---- | M] () -- C:\Program Files\FastMediaConverter\FastMediaConverterApp.exe
PRC - [2013/10/16 00:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2013/02/27 16:38:44 | 001,259,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/11/19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/11/08 03:51:06 | 000,768,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/06 23:05:53 | 000,399,640 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\ppgooglenaclpluginchrome.dll
MOD - [2014/01/06 23:05:52 | 013,615,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\PepperFlash\pepflashplayer.dll
MOD - [2014/01/06 23:05:49 | 004,055,320 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\pdf.dll
MOD - [2014/01/06 23:04:42 | 001,634,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.72\ffmpegsumo.dll
MOD - [2013/12/20 09:26:52 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll
MOD - [2013/12/20 09:25:14 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/12/20 09:25:05 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll
MOD - [2013/12/20 08:14:38 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/12/20 08:14:31 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/12/20 08:14:10 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/12/20 08:13:45 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5013900c3c0610c88059fcb8f1f4acb4\System.Data.ni.dll
MOD - [2013/12/20 08:08:55 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/12/20 08:08:44 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/12/19 11:36:19 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/11/13 17:31:02 | 000,546,304 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp.exe
MOD - [2013/10/29 21:18:56 | 000,439,296 | ---- | M] () -- C:\Program Files\FastMediaConverter\FastMediaConverterApp.exe
MOD - [2013/09/13 19:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 19:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/12/24 22:52:11 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/04/14 02:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 02:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2013/12/16 04:09:22 | 002,251,552 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/10/16 00:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2013/04/11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/12/10 03:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/11/08 03:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2005/11/23 15:51:38 | 000,245,248 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/03/17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6FE047BA-6173-47FF-8487-CC584EF3BC3D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6FE047BA-6173-47FF-8487-CC584EF3BC3D}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...9D78F7DE5&SSPV=
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6FE047BA-6173-47FF-8487-CC584EF3BC3D}: "URL" = http://www.google.co...1I7PRFB_enUS472
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/12/18 21:56:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2013/12/18 21:54:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 08:44:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/22 08:45:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/02/20 15:25:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/24 22:51:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/02/20 15:25:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/20 15:25:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.72\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Drive = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Re-Markable = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja\1.150_0\
CHR - Extension: Pin It Button = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.2_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Evernote Web Clipper = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.8_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2008/04/14 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FastMediaConverter.lnk = C:\Program Files\FastMediaConverter\FastMediaConverterApp.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk = C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Weather Alerts.lnk = C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1324561251747 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1324561283841 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00F0DCAF-F42A-49BA-9883-D4B3C5C3AFAE}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/21 17:40:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/12 09:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Re-Markable
[2014/01/12 09:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fast Media Converter
[2014/01/12 09:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\FastMediaConverter
[2014/01/12 09:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\FastMediaConverter
[2013/12/28 08:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Windows Search
[2013/12/24 22:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect
[2013/12/24 21:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2013/12/22 09:59:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/12/20 09:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Apple Computer
[2013/12/20 09:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Apple Computer
[2013/12/20 09:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/12/20 09:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/12/20 09:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/12/20 09:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/12/20 09:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/12/20 09:19:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Apple
[2013/12/20 09:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/12/20 09:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2013/12/20 09:18:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2013/12/20 09:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/12/20 09:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/12/20 09:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2013/12/20 09:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Local_Weather_LLC
[2013/12/20 09:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Weather Alerts
[2013/12/20 09:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts
[2013/12/20 09:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/12/20 09:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\SearchProtect
[2013/12/19 11:17:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/12/18 21:56:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/12/18 21:54:32 | 000,245,248 | R--- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt73.sys
[2013/12/18 21:54:19 | 000,000,000 | -H-D | C] -- C:\$AVG
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/14 10:01:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/01/14 09:57:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/14 09:57:27 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/14 09:57:27 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Re-Markable Update.job
[2014/01/14 09:57:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/14 09:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/14 08:33:16 | 148,716,588 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2014/01/12 09:07:29 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fast Media Converter.lnk
[2014/01/12 09:06:52 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FastMediaConverter.lnk
[2014/01/10 17:45:08 | 000,079,281 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2014/01/07 23:10:42 | 000,022,204 | ---- | M] () -- C:\Documents and Settings\User\My Documents\tinder long bio.odt
[2014/01/07 21:49:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/01/07 19:58:52 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/01/03 10:15:16 | 000,022,948 | ---- | M] () -- C:\Documents and Settings\User\Desktop\97.odt
[2014/01/03 10:15:15 | 000,000,145 | -H-- | M] () -- C:\Documents and Settings\User\Desktop\.~lock.97.odt#
[2013/12/26 23:10:19 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjw.avm
[2013/12/26 23:08:07 | 000,026,900 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\dt.dat
[2013/12/22 09:59:36 | 153,935,872 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/12/21 08:08:13 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/12/20 09:20:25 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/12/20 09:14:20 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Weather Alerts.lnk
[2013/12/20 09:14:11 | 000,001,176 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
[2013/12/20 09:09:07 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2013/12/20 08:09:21 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/20 08:08:04 | 000,125,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/19 11:36:34 | 000,462,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/19 11:36:34 | 000,078,536 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/19 11:34:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/12/19 11:16:02 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013/12/19 11:16:00 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2013/12/18 21:56:15 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/12 09:07:50 | 000,000,368 | ---- | C] () -- C:\WINDOWS\tasks\Re-Markable Update.job
[2014/01/12 09:07:29 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fast Media Converter.lnk
[2014/01/12 09:06:51 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FastMediaConverter.lnk
[2014/01/07 23:10:42 | 000,022,204 | ---- | C] () -- C:\Documents and Settings\User\My Documents\tinder long bio.odt
[2014/01/03 10:15:15 | 000,022,948 | ---- | C] () -- C:\Documents and Settings\User\Desktop\97.odt
[2014/01/03 10:15:15 | 000,000,145 | -H-- | C] () -- C:\Documents and Settings\User\Desktop\.~lock.97.odt#
[2013/12/26 23:08:07 | 000,026,900 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\dt.dat
[2013/12/20 09:20:25 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/12/20 09:19:06 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/12/20 09:19:05 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2013/12/20 09:14:20 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Weather Alerts.lnk
[2013/12/20 09:14:11 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
[2013/12/20 09:09:07 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2013/12/19 11:16:02 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013/12/19 11:16:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2013/12/19 11:13:59 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/02/20 15:14:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2011/12/22 09:03:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 02:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/12/20 09:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/14 10:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/24 23:05:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/12/18 21:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/24 23:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG2012
[2014/01/12 09:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FastMediaConverter
[2011/12/24 22:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2011/12/22 09:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2013/12/28 08:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,396 posts
Hello Kolchak :welcome:


My name is SleepyDude I will be helping you with your Computer problem. I know that having a computer with problems can be very frustrating but I will do my best to help you fixing the issue.

Please note I'm currently in training, all my responses will be revised by my Teacher before I post so expect a slight delay between replies. On the bright side, you have two people to examine your problem!

Sometimes this can be a long process, it's very important that you stay with me and follow all my instructions to the letter until I declare your machine is clean.

I have compiled a list of guidelines you must take in consideration so that the helping process goes smooth for you and for me:

  • Please perform all steps in the order they are listed in each set of instructions
  • Don't install/uninstall any software or run any other cleaning tools besides the ones I ask you to use
    • Running other programs can interfere with the tools we use and have unpredicted results. Also I need to know what is going on with your machine at any time
  • If possible avoid using the computer for other tasks until we finish the cleaning process
    • The reason for this is because it can make the malware infection worst and more difficult to clean. Some malware can download updates from the internet when you use the computer
  • Please don't attach your logs instead Copy & Paste the information to your post unless specifically instructed to do so
  • Please read every post completely before doing anything if you have some doubts or questions please ask before continuing

IMPORTANT: At GeeksToGo we do our best to help you solving the problem but sometimes things don't go as planned. To be safe than sorry you should Backup your important data to a safe place, anywhere except on the computer with problems.

The all fixing process need to be executed from a user account with Administrator privileges also some of the tasks need to be executed in Safe Mode, you should save or print the instructions for use when you don't have access to the forum.

~~~~~//~~~~

I need some time to revise your log in the meantime can you please post the Extras.txt log OTL created on C:\Documents and Settings\User\My Documents\Downloads?
Also I would like you to move the OTL.exe located on the same folder to the Desktop. Thanks.
  • 0

#3
kolchak

kolchak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Sleepy Dude
thank you for the help & I'll do my best to follow your directions.
Below is pasted the Extras.txt log
Not sure if I moved the OTL.exe file to the desktop correctly - did a right click, send to, desktop (create shortcut). Is that sufficient?


One thing I should mention - when I turned on my machince this morning micro-soft security had updated and asked if I wanted to use a firewall. I agreed to the recommended action & hopefully haven't made the problem worse.

thank you again & I look forward to this learning process



OTL Extras logfile created on: 1/14/2014 10:03:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 73.93% Memory free
5.33 Gb Paging File | 4.27 Gb Available in Paging File | 80.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 64.85 Gb Free Space | 87.05% Space Free | Partition Type: NTFS

Computer Name: USER-A558C5C1C2 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{47C7443E-25EA-4D0D-BCAB-A600E02E454B}" = AVG 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C5FB822B-2EED-44F2-B38F-5C7DD1FC5EB0}" = AVG 2012
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"FastMediaConverter" = FastMediaConverter
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SearchProtect" = Search Protect
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DesktopWeatherAlerts" = DesktopWeatherAlerts

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2013 7:58:56 AM | Computer Name = USER-A558C5C1C2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/27/2013 7:58:56 AM | Computer Name = USER-A558C5C1C2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 26218797

Error - 12/27/2013 7:58:56 AM | Computer Name = USER-A558C5C1C2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 26218797

Error - 12/30/2013 1:52:29 AM | Computer Name = USER-A558C5C1C2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/30/2013 1:52:29 AM | Computer Name = USER-A558C5C1C2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2094

Error - 12/30/2013 1:52:29 AM | Computer Name = USER-A558C5C1C2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2094

Error - 12/30/2013 9:02:30 AM | Computer Name = USER-A558C5C1C2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/30/2013 9:02:30 AM | Computer Name = USER-A558C5C1C2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 25802329

Error - 12/30/2013 9:02:30 AM | Computer Name = USER-A558C5C1C2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 25802329

Error - 1/5/2014 2:59:29 AM | Computer Name = USER-A558C5C1C2 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4
0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 1/14/2014 9:48:05 AM | Computer Name = USER-A558C5C1C2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/14/2014 9:48:06 AM | Computer Name = USER-A558C5C1C2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/14/2014 9:48:07 AM | Computer Name = USER-A558C5C1C2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/14/2014 9:48:08 AM | Computer Name = USER-A558C5C1C2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/14/2014 9:48:09 AM | Computer Name = USER-A558C5C1C2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/14/2014 9:48:10 AM | Computer Name = USER-A558C5C1C2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/14/2014 9:48:11 AM | Computer Name = USER-A558C5C1C2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/14/2014 9:48:12 AM | Computer Name = USER-A558C5C1C2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/14/2014 9:48:13 AM | Computer Name = USER-A558C5C1C2 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/14/2014 10:57:10 AM | Computer Name = USER-A558C5C1C2 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.


< End of report >
  • 0

#4
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,396 posts
Hi Kolchak,

Not sure if I moved the OTL.exe file to the desktop correctly - did a right click, send to, desktop (create shortcut). Is that sufficient?

Sorry is not enough, you have to drag the file to the Desktop

Now before start working in your malware problem, we need to deal with some Hard Disk problem identified in your log.

ATTENTION: Before executing the steps bellow please copy all the files you can't *really* lose to an external drive, another computer, DVD disk, etc.


Step 1 - Run a Disk Check

  • open the Command Prompt, click Start > Run
  • on the Run Window type cmd and press Enter
  • on the Command Prompt (black window) type the following, and press Enter:
    chkdsk /R /X C:
    
    Note: When it ask if you want to checked the volume next time the system restarts answer Yes
  • restart the computer

Step 2 - Retrieve the Disk Check log

  • download ListChkdskResult and save it to the Desktop
  • double clicking the file to execute the program and accept all the windows prompts to authorize the program to run
  • Notepad will open with a report showing the chkdsk result
  • copy & paste the log to your reply

Step 3 - Uninstall AVG 2012

Your log show that you have two Antivirus programs installed, AVG 2012 and Microsoft Security Essentials!

Contrary to what some people think, having more than one antivirus program doesn't give you more protection. With several Real-Time protections active the computer becomes slower accessing files and could crash due to resource conflicting, also you could get False Alarms when one AV starts identifying as virus the files from the other antivirus program.

Because AVG 2012 is an older version of the program I would like you to uninstall the program:

» Remove AVG 2012
Click Start Menu > Settings > Control Panel, open the applet called Add or Remove Programs, locate AVG 2012 on the list, select the Entry and click the Change/Remove button to uninstall the program.

» Remove all AVG traces
  • Visit the AVG page and download AVG Remover(32bit) 2012 (avg_remover_stf_x86_2012_2125.exe) to the Desktop
  • Execute the file avg_remover_stf_x86_2012_2125.exe and follow the on-screen instructions.
  • Restart the computer even if the tool does not prompt you to do so
  • After restart you can delete the file avg_remover_stf_x86_2012_2125.exe from the Desktop


Things I would like to see in your next reply:
  • The ListChkdskResult.txt file
  • Any problem removing AVG 2012?

  • 0

#5
kolchak

kolchak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
OK, I've moved the file to the desk top and uninstalled the AVG program. I'll let you know as soon as I run the disk check and down load the AVG remover.
thanks again!
  • 0

#6
kolchak

kolchak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
here are the chkdsk results. not sure AVG is actually gone after deleting program and running the removal tool


istChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 1/18/2014 10:15:30 AM >------
Category: 0
Computer Name: USER-A558C5C1C2
Event Code: 1001
Record Number: 593
Source Name: Winlogon
Time Written: 01-15-2014 @ 18:21:14
Event Type: information
User:
Message: Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x140ca for possibly 0xe clusters.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x140ca for possibly 0xe clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x3c5d is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 15453.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x3af09b for possibly 0x20 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x3af09b for possibly 0x20 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x5dd9 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 24025.
Attribute record of type 0x80 and instance tag 0x0 is cross linked
starting at 0x3aece7 for possibly 0x2f clusters.
Attribute record of type 0x80 and instance tag 0x0 is cross linked
starting at 0x3aece7 for possibly 0x2f clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x0
in file 0xcac2 is already in use.
The attribute of type 0x80 and instance tag 0x0 in file 0xcac2
has allocated length of 0x8df5000 instead of 0x6ed0000.
Deleted corrupt attribute list entry
with type code 128 in file 51906.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x4900000000cc21. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 52257.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x2500000000cc22. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 52258.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x2200000000cc32. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 52274.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x1100000000cc33. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 52275.
Unable to locate the file name attribute of index entry 1FE5.tmp
of index $I30 with parent 0x2fb1 in file 0x7486.
Deleting index entry 1FE5.tmp in index $I30 of file 12209.
The file reference 0x84000000003c5d of index entry Local State of index $I30
with parent 0x2fb1 is not the same as 0x85000000003c5d.
Deleting index entry Local State in index $I30 of file 12209.
The file reference 0x84000000003c5d of index entry LOCALS~1 of index $I30
with parent 0x2fb1 is not the same as 0x85000000003c5d.
Deleting index entry LOCALS~1 in index $I30 of file 12209.
Cleaning up minor inconsistencies on the drive.
CHKDSK is recovering lost files.
Recovering orphaned file 1FE6.tmp (15453) into directory file 12209.
Recovering orphaned file LOCALS~1 (29830) into directory file 12209.
Recovering orphaned file Local State (29830) into directory file 12209.
Cleaning up 676 unused index entries from index $SII of file 0x9.
Cleaning up 676 unused index entries from index $SDH of file 0x9.
Cleaning up 676 unused security descriptors.
Inserting data attribute into file 15453.
Inserting data attribute into file 24025.
Inserting data attribute into file 51906.
CHKDSK is verifying Usn Journal...
The remaining of an USN page at offset 0x125b2d58 in file 0x4748
should be filled with zeros.
The USN value 0x10033000 of USN Journal entry at offset 0x125b3000
in file 0x4748 is incorrect.
Repairing Usn Journal file record segment.
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

78116028 KB total disk space.
10126088 KB in 47743 files.
17884 KB in 5301 indexes.
0 KB in bad sectors.
159760 KB in use by the system.
65536 KB occupied by the log file.
67812296 KB available on disk.

4096 bytes in each allocation unit.
19529007 total allocation units on disk.
16953074 allocation units available on disk.

Internal Info:
00 d3 00 00 42 cf 00 00 2f 45 01 00 00 00 00 00 ....B.../E......
c6 0d 00 00 02 00 00 00 57 06 00 00 00 00 00 00 ........W.......
86 95 03 04 00 00 00 00 32 d2 91 2d 00 00 00 00 ........2..-....
06 86 fe 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 62 e9 f3 42 00 00 00 00 ........b..B....
d0 09 44 be 00 00 00 00 90 38 07 00 7f ba 00 00 ..D......8......
00 00 00 00 00 20 0c 6a 02 00 00 00 b5 14 00 00 ..... .j........

Windows has finished checking your disk.
Please wait while your computer restarts.


-----------------------------------------------------------------------
  • 0

#7
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,396 posts
Hi,

Thank You for the logs.

here are the chkdsk results. not sure AVG is actually gone after deleting program and running the removal tool

I will provide instructions to run another OTL scan that will show us if all AVG traces are gone.

Your initial log's show some errors related to the Hard Disk, the check disk log doesn't show the results I was expecting (that is good) but I want to make sure all the errors are gone before moving on. Let's repeat the first two steps but with a little difference...


Step 1 - Run a Disk Check

  • open the Command Prompt, click Start > Run
  • on the Run Window type cmd and press Enter
  • on the Command Prompt (black window) type the following, and press Enter:
    chkdsk /F /X C:
    
    Note: When it ask if you want to checked the volume next time the system restarts answer Yes
  • restart the computer

Step 2 - Retrieve the Disk Check log

  • double click ListChkdskResult to execute the program again, accept all the windows prompts to authorize the program to run
  • Notepad will open with a report showing the chkdsk result
  • copy & paste the log to your reply

Step 3 - Custom OTL Scan

  • Double-click OTL Icon Posted Image on the Desktop to start the program. Make sure all other windows are closed.
    Posted Image
  • Do not change any other settings and tick only the following check box's:
    • Scan All Users
    • LOP Check
    • Purity Check
  • on the Posted Image box paste this:
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
    
  • Click the Posted Image button. Let the program run uninterrupted, the scan won't take long.
    • When the scan completes, it will open notepad with OTL.Txt. The file is saved on the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the file and post in your topic.


Things I would like to see in your next reply:
  • The ListChkdskResult.txt file
  • The new OTL log

  • 0

#8
kolchak

kolchak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
thanks Sleepy Dude - sorry for delay but I didn't see an email notifying me of this new message. I'll do this by tomorrow.
  • 0

#9
kolchak

kolchak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi
here is the listchckdskreport. Not sure if this is the previous one or a new one because double clicking the desktop icon only opens this report and I don't see an option to run a new report.


ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 1/18/2014 10:15:30 AM >------
Category: 0
Computer Name: USER-A558C5C1C2
Event Code: 1001
Record Number: 593
Source Name: Winlogon
Time Written: 01-15-2014 @ 18:21:14
Event Type: information
User:
Message: Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x140ca for possibly 0xe clusters.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x140ca for possibly 0xe clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x3c5d is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 15453.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x3af09b for possibly 0x20 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x3af09b for possibly 0x20 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x5dd9 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 24025.
Attribute record of type 0x80 and instance tag 0x0 is cross linked
starting at 0x3aece7 for possibly 0x2f clusters.
Attribute record of type 0x80 and instance tag 0x0 is cross linked
starting at 0x3aece7 for possibly 0x2f clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x0
in file 0xcac2 is already in use.
The attribute of type 0x80 and instance tag 0x0 in file 0xcac2
has allocated length of 0x8df5000 instead of 0x6ed0000.
Deleted corrupt attribute list entry
with type code 128 in file 51906.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x4900000000cc21. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 52257.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x2500000000cc22. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 52258.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x2200000000cc32. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 52274.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x1100000000cc33. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 52275.
Unable to locate the file name attribute of index entry 1FE5.tmp
of index $I30 with parent 0x2fb1 in file 0x7486.
Deleting index entry 1FE5.tmp in index $I30 of file 12209.
The file reference 0x84000000003c5d of index entry Local State of index $I30
with parent 0x2fb1 is not the same as 0x85000000003c5d.
Deleting index entry Local State in index $I30 of file 12209.
The file reference 0x84000000003c5d of index entry LOCALS~1 of index $I30
with parent 0x2fb1 is not the same as 0x85000000003c5d.
Deleting index entry LOCALS~1 in index $I30 of file 12209.
Cleaning up minor inconsistencies on the drive.
CHKDSK is recovering lost files.
Recovering orphaned file 1FE6.tmp (15453) into directory file 12209.
Recovering orphaned file LOCALS~1 (29830) into directory file 12209.
Recovering orphaned file Local State (29830) into directory file 12209.
Cleaning up 676 unused index entries from index $SII of file 0x9.
Cleaning up 676 unused index entries from index $SDH of file 0x9.
Cleaning up 676 unused security descriptors.
Inserting data attribute into file 15453.
Inserting data attribute into file 24025.
Inserting data attribute into file 51906.
CHKDSK is verifying Usn Journal...
The remaining of an USN page at offset 0x125b2d58 in file 0x4748
should be filled with zeros.
The USN value 0x10033000 of USN Journal entry at offset 0x125b3000
in file 0x4748 is incorrect.
Repairing Usn Journal file record segment.
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

78116028 KB total disk space.
10126088 KB in 47743 files.
17884 KB in 5301 indexes.
0 KB in bad sectors.
159760 KB in use by the system.
65536 KB occupied by the log file.
67812296 KB available on disk.

4096 bytes in each allocation unit.
19529007 total allocation units on disk.
16953074 allocation units available on disk.

Internal Info:
00 d3 00 00 42 cf 00 00 2f 45 01 00 00 00 00 00 ....B.../E......
c6 0d 00 00 02 00 00 00 57 06 00 00 00 00 00 00 ........W.......
86 95 03 04 00 00 00 00 32 d2 91 2d 00 00 00 00 ........2..-....
06 86 fe 06 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 62 e9 f3 42 00 00 00 00 ........b..B....
d0 09 44 be 00 00 00 00 90 38 07 00 7f ba 00 00 ..D......8......
00 00 00 00 00 20 0c 6a 02 00 00 00 b5 14 00 00 ..... .j........

Windows has finished checking your disk.
Please wait while your computer restarts.


-----------------------------------------------------------------------
7

here is the contents of the notepad from the OTL.Txt scan -

OTL logfile created on: 1/24/2014 8:34:27 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 63.76% Memory free
5.33 Gb Paging File | 4.14 Gb Available in Paging File | 77.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 63.91 Gb Free Space | 85.78% Space Free | Partition Type: NTFS

Computer Name: USER-A558C5C1C2 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/14 10:03:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2014/01/11 05:29:23 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/01/01 03:38:24 | 004,333,856 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/01/01 03:38:24 | 002,911,520 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/01/01 03:38:24 | 002,301,216 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2013/11/13 10:37:44 | 000,166,072 | ---- | M] (Local Weather LLC) -- C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/11/19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/11 05:29:21 | 000,399,640 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll
MOD - [2014/01/11 05:29:19 | 013,615,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
MOD - [2014/01/11 05:29:17 | 004,055,320 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 05:28:11 | 001,634,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
MOD - [2013/12/20 09:25:14 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/12/20 08:17:13 | 004,591,616 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll
MOD - [2013/12/20 08:17:12 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll
MOD - [2013/12/20 08:14:38 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/12/20 08:14:31 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/12/20 08:14:10 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/12/20 08:08:55 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/12/20 08:08:44 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/09/13 19:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 19:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/12/24 22:52:11 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/04/14 02:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 02:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2014/01/01 03:38:24 | 002,301,216 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/12/17 12:03:22 | 000,046,904 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/16 00:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2005/11/23 15:51:38 | 000,245,248 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/03/17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6FE047BA-6173-47FF-8487-CC584EF3BC3D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6FE047BA-6173-47FF-8487-CC584EF3BC3D}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...9D78F7DE5&SSPV=
IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\..\SearchScopes\{6FE047BA-6173-47FF-8487-CC584EF3BC3D}: "URL" = http://www.google.co...1I7PRFB_enUS472
IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/12/18 21:56:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2014/01/21 12:15:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2014/01/21 12:15:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 08:44:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/22 08:45:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/02/20 15:25:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/24 22:51:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/02/20 15:25:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/20 15:25:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.76\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Drive = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Re-Markable = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja\1.150_0\
CHR - Extension: Pin It Button = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.2_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Evernote Web Clipper = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.8_0\
CHR - Extension: Evernote Web Clipper = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.9_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2008/04/14 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [!BingBar] C:\Program Files\Microsoft\BingBar\7.1.361.0\MUExe\7.1.361.0\BingBarSetup-Partner.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FastMediaConverter.lnk = C:\Program Files\FastMediaConverter\FastMediaConverterApp.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk = C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Weather Alerts.lnk = C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1324561251747 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1324561283841 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00F0DCAF-F42A-49BA-9883-D4B3C5C3AFAE}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/21 17:40:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/01/21 12:16:11 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2014/01/21 12:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2014/01/21 12:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2014/01/21 12:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2014/01/21 12:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/01/21 12:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2014/01/21 12:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\HpUpdate
[2014/01/21 12:10:53 | 000,527,208 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPM5412.dll
[2014/01/21 12:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2014/01/21 12:10:20 | 001,792,872 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanMiniDrv_OJ6500_E710nz.dll
[2014/01/21 12:10:05 | 000,267,112 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5412LM.dll
[2014/01/21 12:10:05 | 000,232,296 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5412.dll
[2014/01/21 12:10:05 | 000,213,864 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoi5412.dll
[2014/01/21 12:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2014/01/21 12:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\HP
[2014/01/21 09:37:23 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2014/01/20 11:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Hp
[2014/01/20 11:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2014/01/18 00:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVG2012
[2014/01/17 09:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TuneUp Software
[2014/01/16 07:50:06 | 000,000,000 | ---D | C] -- C:\ddd729003ddef661cfb0b8ca7db6
[2014/01/14 10:02:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/01/12 09:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Re-Markable
[2014/01/12 09:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fast Media Converter
[2014/01/12 09:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\FastMediaConverter
[2014/01/12 09:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\FastMediaConverter
[2014/01/05 09:39:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2014/01/05 09:39:50 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2013/12/28 08:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Windows Search
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/24 08:27:35 | 000,000,431 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to OTL.exe.lnk
[2014/01/24 07:57:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/23 21:57:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/23 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2014/01/23 14:00:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2014/01/23 12:13:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2014/01/23 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/01/23 08:57:00 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Re-Markable Update.job
[2014/01/22 10:10:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/22 09:55:45 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/22 09:45:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/21 21:49:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/01/21 12:34:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SSID
[2014/01/21 12:10:52 | 000,001,957 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z.lnk
[2014/01/21 12:10:52 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet 6500 E710n-z.lnk
[2014/01/21 12:10:52 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet 6500 E710n-z.lnk
[2014/01/21 12:10:52 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z Scan.lnk
[2014/01/21 09:23:44 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Continue OnlineMediaPlayer Installation.lnk
[2014/01/19 02:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2014/01/18 12:09:24 | 000,019,716 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2014/01/17 08:09:44 | 148,934,057 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2014/01/16 19:00:39 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/01/16 09:04:44 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjw.avm
[2014/01/15 18:12:39 | 000,098,051 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2014/01/14 10:03:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/01/12 09:07:29 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fast Media Converter.lnk
[2014/01/12 09:06:52 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FastMediaConverter.lnk
[2014/01/07 23:10:42 | 000,022,204 | ---- | M] () -- C:\Documents and Settings\User\My Documents\tinder long bio.odt
[2014/01/03 10:15:16 | 000,022,948 | ---- | M] () -- C:\Documents and Settings\User\Desktop\97.odt
[2014/01/03 10:15:15 | 000,000,145 | -H-- | M] () -- C:\Documents and Settings\User\Desktop\.~lock.97.odt#
[2013/12/26 23:08:07 | 000,026,900 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\dt.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/21 12:15:22 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Default Manager.lnk
[2014/01/21 12:13:55 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2014/01/21 12:13:55 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2014/01/21 12:13:55 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2014/01/21 12:13:55 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2014/01/21 12:11:47 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2014/01/21 12:10:52 | 000,001,957 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z.lnk
[2014/01/21 12:10:52 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet 6500 E710n-z.lnk
[2014/01/21 12:10:52 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet 6500 E710n-z.lnk
[2014/01/21 12:10:52 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z Scan.lnk
[2014/01/21 09:23:44 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Continue OnlineMediaPlayer Installation.lnk
[2014/01/21 09:22:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SSID
[2014/01/18 12:09:24 | 000,019,716 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2014/01/16 08:48:11 | 000,000,431 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to OTL.exe.lnk
[2014/01/16 08:03:13 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/16 07:53:15 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/01/12 09:07:50 | 000,000,368 | ---- | C] () -- C:\WINDOWS\tasks\Re-Markable Update.job
[2014/01/12 09:07:29 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fast Media Converter.lnk
[2014/01/12 09:06:51 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FastMediaConverter.lnk
[2014/01/07 23:10:42 | 000,022,204 | ---- | C] () -- C:\Documents and Settings\User\My Documents\tinder long bio.odt
[2014/01/03 10:15:15 | 000,022,948 | ---- | C] () -- C:\Documents and Settings\User\Desktop\97.odt
[2014/01/03 10:15:15 | 000,000,145 | -H-- | C] () -- C:\Documents and Settings\User\Desktop\.~lock.97.odt#
[2013/12/26 23:08:07 | 000,026,900 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\dt.dat
[2012/02/20 15:14:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2011/12/22 09:03:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 02:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/12/20 09:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/18 00:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/24 23:05:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/01/17 10:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/12/18 21:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2014/01/18 00:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG2012
[2014/01/12 09:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FastMediaConverter
[2011/12/24 22:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2014/01/17 09:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TuneUp Software
[2011/12/22 09:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2013/12/28 08:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 02:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 02:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 02:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 02:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 02:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 02:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 02:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 00:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 02:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 02:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 02:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 02:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 02:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 02:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 02:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 02:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 02:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 02:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 02:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 02:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 02:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 02:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 02:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 02:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 02:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 02:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 02:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 02:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 02:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 02:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 02:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 02:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 02:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 02:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 02:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SERVICES >
[2008/04/14 02:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/01/03 08:10:44 | 000,585,874 | ---- | M] () MD5=0E19E0BEA7B159153258688CF8ED7716 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 02:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2011/12/21 17:40:31 | 000,001,602 | ---- | M] () MD5=AC17C5B4BFD5E99945C52BE3557D743F -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2008/04/14 02:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.RDB >
[2011/01/17 18:52:22 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 18:51:48 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2008/04/14 02:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 02:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 02:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 02:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 02:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 02:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is D484-451D
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
12/19/2013 11:36 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
12/19/2013 11:36 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 68,575,137,792 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 445890 bytes -> C:\WINDOWS\System32\SSID:Q7U82

< End of report >
  • 0

#10
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,396 posts
Hi Kolchak,

Thanks for the logs, time to start working on your computer problem and we need to take care of AVG because it's not gone...


Step 1 - Uninstall some Programs

Please open Start > Control Panel > then Add or Remove Programs, locate these programs on the list and uninstall them:
  • AVG 2012
  • Java™ 6 Update 22 (Outdated and vulnerable)
  • Java™ 6 Update 31 (Outdated and vulnerable)
  • FastMediaConverter
  • Search Protect
  • DesktopWeatherAlerts
Notes:
- Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.
- After the programs have been uninstalled Reboot the computer. If requested by the uninstallers reboot the computer between uninstalls.

Step 2 - Remove AVG 2012 Completely
  • Visit the AVG page and download AVG Remover(32bit) 2012 (avg_remover_stf_x86_2012_2125.exe) to the Desktop
  • Execute the file avg_remover_stf_x86_2012_2125.exe and follow the on-screen instructions.
  • Restart the computer even if the tool does not prompt you to do so
  • After restart you can delete the file avg_remover_stf_x86_2012_2125.exe from the Desktop

Step 3 - Custom OTL Scan

  • Double-click OTL Icon Posted Image on the Desktop to start the program. Make sure all other windows are closed.
    Posted Image
  • Do not change any other settings and tick only the following check box's:
    • Scan All Users
    • LOP Check
    • Purity Check
  • on the Posted Image box paste this:
    netsvcs
    BASESERVICES
    CREATERESTOREPOINT
    
  • Click the Posted Image button. Let the program run uninterrupted, the scan won't take long.
    • When the scan completes, it will open notepad with OTL.Txt. The file is saved on the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the file and post in your topic.


Things I would like to see in your next reply:
  • The new OTL log

  • 0

Advertisements


#11
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#12
admin

admin

    Founder Geek

  • Administrator
  • 24,540 posts
Topic re-opened at starters request:

I had a thread going and it was closed due to inactivity.
I was out of town and hoping it can be reopened?


OTL logfile created on: 1/30/2014 10:11:11 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.49 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 71.53% Memory free
5.33 Gb Paging File | 4.48 Gb Available in Paging File | 84.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 63.94 Gb Free Space | 85.82% Space Free | Partition Type: NTFS
 
Computer Name: USER-A558C5C1C2 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014/01/23 00:57:02 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/01/14 10:03:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014/01/23 00:57:00 | 000,399,640 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppgooglenaclpluginchrome.dll
MOD - [2014/01/23 00:56:59 | 013,615,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
MOD - [2014/01/23 00:56:56 | 004,055,320 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll
MOD - [2014/01/23 00:55:58 | 001,634,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
MOD - [2013/12/20 08:17:13 | 004,591,616 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll
MOD - [2013/12/20 08:17:12 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll
MOD - [2013/09/13 19:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 19:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/12/24 22:52:11 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/04/14 02:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 02:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2013/12/17 12:03:22 | 000,046,904 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] --  -- (cerc6)
DRV - [2005/11/23 15:51:38 | 000,245,248 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/03/17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = {6FE047BA-6173-47FF-8487-CC584EF3BC3D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6FE047BA-6173-47FF-8487-CC584EF3BC3D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPC671CEF9-9BD9-4A17-A25A-8849D78F7DE5&SSPV=
IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPC671CEF9-9BD9-4A17-A25A-8849D78F7DE5&q={searchTerms}&SSPV=
IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\..\SearchScopes\{6FE047BA-6173-47FF-8487-CC584EF3BC3D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_enUS472
IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2014/01/21 12:15:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 08:44:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011/12/22 08:45:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2014/01/29 22:15:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.102\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Drive = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Re-Markable = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja\1.150_0\
CHR - Extension: Pin It Button = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.2_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Evernote Web Clipper = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.9_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2008/04/14 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1324561251747 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1324561283841 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00F0DCAF-F42A-49BA-9883-D4B3C5C3AFAE}: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/21 17:40:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014/01/29 22:16:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2014/01/21 12:16:11 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2014/01/21 12:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2014/01/21 12:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2014/01/21 12:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/01/21 12:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\HpUpdate
[2014/01/21 12:10:53 | 000,527,208 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPM5412.dll
[2014/01/21 12:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2014/01/21 12:10:20 | 001,792,872 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanMiniDrv_OJ6500_E710nz.dll
[2014/01/21 12:10:05 | 000,267,112 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5412LM.dll
[2014/01/21 12:10:05 | 000,232,296 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5412.dll
[2014/01/21 12:10:05 | 000,213,864 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoi5412.dll
[2014/01/21 12:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2014/01/21 12:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\HP
[2014/01/21 09:37:23 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2014/01/20 11:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Hp
[2014/01/20 11:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2014/01/17 09:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TuneUp Software
[2014/01/16 07:50:06 | 000,000,000 | ---D | C] -- C:\ddd729003ddef661cfb0b8ca7db6
[2014/01/14 10:02:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/01/12 09:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Re-Markable
[2014/01/05 09:39:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2014/01/05 09:39:50 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014/01/30 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/01/30 09:57:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/30 08:57:00 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Re-Markable Update.job
[2014/01/29 22:34:23 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/29 22:24:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/29 22:24:20 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/29 22:24:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/29 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2014/01/29 14:00:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2014/01/29 12:13:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2014/01/28 22:00:28 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/01/28 21:49:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/01/24 08:27:35 | 000,000,431 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to OTL.exe.lnk
[2014/01/21 12:34:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SSID
[2014/01/21 12:10:52 | 000,001,957 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z.lnk
[2014/01/21 12:10:52 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet 6500 E710n-z.lnk
[2014/01/21 12:10:52 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet 6500 E710n-z.lnk
[2014/01/21 12:10:52 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z Scan.lnk
[2014/01/21 09:23:44 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Continue OnlineMediaPlayer Installation.lnk
[2014/01/19 02:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2014/01/18 12:09:24 | 000,019,716 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2014/01/14 10:03:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/01/07 23:10:42 | 000,022,204 | ---- | M] () -- C:\Documents and Settings\User\My Documents\tinder long bio.odt
[2014/01/03 10:15:16 | 000,022,948 | ---- | M] () -- C:\Documents and Settings\User\Desktop\97.odt
[2014/01/03 10:15:15 | 000,000,145 | -H-- | M] () -- C:\Documents and Settings\User\Desktop\.~lock.97.odt#
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014/01/21 12:15:22 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Default Manager.lnk
[2014/01/21 12:13:55 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2014/01/21 12:13:55 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2014/01/21 12:13:55 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2014/01/21 12:13:55 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2014/01/21 12:11:47 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2014/01/21 12:10:52 | 000,001,957 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z.lnk
[2014/01/21 12:10:52 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet 6500 E710n-z.lnk
[2014/01/21 12:10:52 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet 6500 E710n-z.lnk
[2014/01/21 12:10:52 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z Scan.lnk
[2014/01/21 09:23:44 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Continue OnlineMediaPlayer Installation.lnk
[2014/01/21 09:22:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SSID
[2014/01/18 12:09:24 | 000,019,716 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2014/01/16 08:48:11 | 000,000,431 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to OTL.exe.lnk
[2014/01/16 08:03:13 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/16 07:53:15 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/01/12 09:07:50 | 000,000,368 | ---- | C] () -- C:\WINDOWS\tasks\Re-Markable Update.job
[2014/01/07 23:10:42 | 000,022,204 | ---- | C] () -- C:\Documents and Settings\User\My Documents\tinder long bio.odt
[2014/01/03 10:15:15 | 000,022,948 | ---- | C] () -- C:\Documents and Settings\User\Desktop\97.odt
[2014/01/03 10:15:15 | 000,000,145 | -H-- | C] () -- C:\Documents and Settings\User\Desktop\.~lock.97.odt#
[2013/12/26 23:08:07 | 000,026,900 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\dt.dat
[2012/02/20 15:14:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2011/12/22 09:03:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 02:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2013/12/20 09:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/12/24 23:05:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/12/18 21:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2011/12/24 22:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2014/01/17 09:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TuneUp Software
[2011/12/22 09:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2013/12/28 08:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#E56717]========== Base Services ==========[/color]
SRV - [2008/04/14 02:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 02:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 02:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 02:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 02:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 02:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 02:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 00:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 02:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 02:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 02:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 02:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 02:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 02:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 02:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 02:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 02:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 02:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 02:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 02:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 02:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 02:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 02:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 02:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 02:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 02:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 02:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 02:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 02:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 02:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 02:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 02:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 02:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 02:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 02:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 445890 bytes -> C:\WINDOWS\System32\SSID:Q7U82

< End of report >

  • 0

#13
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,396 posts
Hi,

@Blair: Thanks for reopening the topic.

@Kolchak: I'm checking your log and I will post back shortly.

Edited by SleepyDude, 30 January 2014 - 03:09 PM.

  • 0

#14
kolchak

kolchak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
thanks again !
  • 0

#15
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,396 posts
Hi Kolchak,

AVG is finally gone :) Good job :thumbsup:

Let's continue removing the malware...


Step 1 - Run OTL Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

  • Double click on the OTL icon Posted Image to execute the tool. Make sure all other windows are closed.
    Do not change any other settings unless otherwise told to do so.
  • Under the Posted Image box at the bottom, paste in the following:
    :Commands
    [CreateRestorePoint]
    
    :OTL
    SRV - [2013/12/16 04:09:22 | 002,251,552 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
    IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...9D78F7DE5&SSPV=
    IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    IE - HKU\S-1-5-21-1220945662-562591055-1417001333-1003\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...9D78F7DE5&SSPV=
    IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    [2011/12/24 22:51:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2012/02/20 15:25:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2012/02/20 15:25:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - Extension: Re-Markable = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejdfidgapfiokiphmcjpmmjbdndepoja\1.150_0\
    CHR - Extension: AVG Safe Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FastMediaConverter.lnk = C:\Program Files\FastMediaConverter\FastMediaConverterApp.exe ()
    O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk = C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
    O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Weather Alerts.lnk = C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
    [2014/01/12 09:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Re-Markable
    [2014/01/12 09:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fast Media Converter
    [2014/01/12 09:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\FastMediaConverter
    [2014/01/12 09:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\FastMediaConverter
    [2013/12/24 22:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect
    [2013/12/20 09:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Local_Weather_LLC
    [2013/12/20 09:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Weather Alerts
    [2013/12/20 09:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts
    [2013/12/20 09:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
    [2013/12/20 09:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\SearchProtect
    [2014/01/14 10:01:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2014/01/14 09:57:27 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Re-Markable Update.job
    [2014/01/12 09:07:29 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fast Media Converter.lnk
    [2014/01/12 09:06:52 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FastMediaConverter.lnk
    [2013/12/20 09:14:20 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Weather Alerts.lnk
    [2013/12/20 09:14:11 | 000,001,176 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
    [2014/01/24 08:27:35 | 000,000,431 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to OTL.exe.lnk
    
    
    :Files
    C:\Program Files\Java\jre6
    
    :Commands
    [EmptyTemp]
    [Reboot]
    
  • click the Posted Image button at the top. Let the program run uninterrupted.
  • click OK
Notes:
  • When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
  • OTL may ask to reboot the machine. Please accept right away.
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
  • The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.


Step 2 - Malwarebytes Scan

Download Malwarebytes' Anti-Malware (MBAM)
  • execute mbam-setup and follow the prompts to install the program
  • on the last step of installation adjust the check box's according to the image:
    Posted Image
  • click Finish
  • let the program update the definitions and then it will load
  • close all the other running programs, specially the Web browser
  • select the option Perform quick scan and click the Scan button
  • when the scan finish and some malware has found click the Show Results button to view the results
  • click the Save Log button, save the log to the Desktop
  • Notepad with open with the log (mbam-log-date (time).txt), please Copy & Paste the contents into your next reply
  • for now click Exit to close the program


Step 3 - Scan with AdwCleaner

Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
    Posted Image
  • Click the Scan button and wait for the program to finish.
  • For now click the Report button, Notepad will open please copy/paste the generated log to your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt


Things I would like to see in your next reply:
  • The OTL Fix log
  • The MBAM log
  • AdwCleaner log AdwCleaner[R0].txt

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP