Malware info from NotePad. I need help. [Solved]
Started by
itsmesunny
, Jun 13 2014 12:54 PM
This topic is locked
#181
Posted 05 July 2014 - 10:29 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
#182
Posted 05 July 2014 - 10:31 AM
itsmesunny
- Topic Starter
-
- Member
-
- 307 posts
Member
all seems well. still slow loading @ startup.
Edited by itsmesunny, 05 July 2014 - 10:49 AM.
#183
Posted 05 July 2014 - 10:32 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK as you still have OTL we will use that to look at the start up programmes and see if we can whittle them down 
Run OTL and press quickscan
Then post the log here
Run OTL and press quickscan
Then post the log here
#184
Posted 05 July 2014 - 10:52 AM
itsmesunny
- Topic Starter
-
- Member
-
- 307 posts
Member
Check?
Scan All Users
LOP
Purity
#186
Posted 05 July 2014 - 12:01 PM
itsmesunny
- Topic Starter
-
- Member
-
- 307 posts
Member
Ok. Here ya go:
OTL logfile created on: 7/5/2014 1:41:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.00 Mb Total Physical Memory | 590.38 Mb Available Physical Memory | 57.71% Memory free
2.41 Gb Paging File | 2.06 Gb Available in Paging File | 85.67% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 42.90 Gb Free Space | 76.78% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 37.12 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
Computer Name: USER-R6PHPMKAQL | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/07/02 10:37:38 | 000,262,720 | ---- | M] (Dell) -- C:\Documents and Settings\User\Local Settings\Apps\2.0\7XLWQYXC.MCM\L5M53QYG.O88\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
PRC - [2014/07/01 11:05:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2014/06/30 15:28:01 | 000,320,104 | ---- | M] (RaMMicHaeL) -- C:\Program Files\Unchecky\bin\unchecky_bg.exe
PRC - [2014/06/30 15:28:01 | 000,107,624 | ---- | M] (RaMMicHaeL) -- C:\Program Files\Unchecky\bin\unchecky_svc.exe
PRC - [2014/06/26 16:40:37 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/06/26 16:33:43 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/05/07 15:00:32 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/10/23 18:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Documents and Settings\User\Local Settings\Application Data\FluxSoftware\Flux\flux.exe
PRC - [2013/09/24 12:49:26 | 029,395,264 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2014/07/05 11:30:28 | 002,789,888 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14070500\algo.dll
MOD - [2014/06/26 16:33:57 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/06/06 14:09:13 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/06/05 14:52:00 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/06/05 14:11:36 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/06/05 14:11:08 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/06/05 14:07:09 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/06/05 14:06:53 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- mbamservice.exe -- (MBAMService)
SRV - File not found [Auto | Stopped] -- mbamscheduler.exe -- (MBAMScheduler)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/06/30 15:28:01 | 000,107,624 | ---- | M] (RaMMicHaeL) [Auto | Running] -- C:\Program Files\Unchecky\bin\unchecky_svc.exe -- (Unchecky)
SRV - [2014/06/26 17:50:01 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/26 16:33:43 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/06/23 20:22:55 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/07 15:00:32 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\jl2005c.sys -- (JL2005C)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2014/07/05 13:39:30 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2014/06/26 16:40:07 | 000,777,488 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/06/26 16:40:06 | 000,411,680 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/06/26 16:40:06 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswrdr.sys -- (aswRdr)
DRV - [2014/06/26 16:34:01 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/06/26 16:34:01 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/06/26 16:34:00 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/06/26 16:34:00 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/06/26 16:34:00 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2009/07/28 15:50:46 | 000,605,832 | ---- | M] (Eugene Gavrilov) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kx.sys -- (kxwdmdrv)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:34 | 000,016,168 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/10/10 17:33:22 | 000,009,597 | R--- | M] (Micro Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bpusbflt.sys -- (bpusbflt)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2800;https=127.0.0.1:2800;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2800;https=127.0.0.1:2800;
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\..\SearchScopes\{0F9300E4-163F-414C-B564-952DB51C48EA}: "URL" = https://startpage.co...anguage=english
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaultenginename: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaulturl: "https://search.yahoo.com/yhs/search"
FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! (Avast)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.startpage.com"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: socialfixer%40mattkruse.com:10.1
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..keyword.URL: "https://search.yahoo.com/yhs/search"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/05 11:25:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2014/06/05 15:40:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2014/07/05 11:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\asymwfoh.default-1402681398921\extensions
[2014/06/13 17:01:50 | 000,166,573 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\asymwfoh.default-1402681398921\extensions\[email protected]
[2014/07/05 11:32:23 | 000,009,419 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\asymwfoh.default-1402681398921\searchplugins\yahoo-avast.xml
[2014/06/07 20:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/23 20:23:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/05 11:25:35 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/02/22 13:52:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
========== Chrome ==========
CHR - default_search_provider: Trovi search (Enabled)
CHR - default_search_provider: search_url = http://www.trovi.com...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.secci...={searchTerms},
CHR - homepage: http://www.trovi.com...13714DE1F&SSPV=
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2021.112_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014/07/05 13:38:29 | 000,001,130 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
O1 - Hosts: 0.0.0.0 media.opencandy.com
O1 - Hosts: 0.0.0.0 cdn.opencandy.com
O1 - Hosts: 0.0.0.0 tracking.opencandy.com
O1 - Hosts: 0.0.0.0 api.opencandy.com
O1 - Hosts: 0.0.0.0 installer.betterinstaller.com
O1 - Hosts: 0.0.0.0 installer.filebulldog.com
O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
O1 - Hosts: 0.0.0.0 inno.bisrv.com
O1 - Hosts: 0.0.0.0 nsis.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.file2desktop.com
O1 - Hosts: 0.0.0.0 cdn.goateastcach.us
O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us
O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com
O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com
O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com
O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us
O1 - Hosts: 0.0.0.0 cdn.montiera.com
O1 - Hosts: 0.0.0.0 cdn.msdwnld.com
O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com
O1 - Hosts: 0.0.0.0 cdn.ppdownload.com
O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us
O1 - Hosts: 0.0.0.0 cdn.shyapotato.us
O1 - Hosts: 0.0.0.0 cdn.solimba.com
O1 - Hosts: 10 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [kX Mixer] C:\Program Files\kX Audio Driver\3548\kxmixer.exe (Eugene Gavrilov)
O4 - HKU\S-1-5-21-602162358-1275210071-725345543-1004..\Run: [DellSystemDetect] C:\Documents and Settings\User\Local Settings\Apps\2.0\7XLWQYXC.MCM\L5M53QYG.O88\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe (Dell)
O4 - HKU\S-1-5-21-602162358-1275210071-725345543-1004..\Run: [f.lux] C:\Documents and Settings\User\Local Settings\Application Data\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKU\S-1-5-21-602162358-1275210071-725345543-1004..\Run: [SlimDrivers] C:\Program Files\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\New Folder [2013/03/26 17:31:22 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1275210071-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O15 - HKU\S-1-5-21-602162358-1275210071-725345543-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-602162358-1275210071-725345543-1004\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1361498489609 (WUWebControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.5.171.1 207.5.171.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{634B396E-E712-4557-A5CD-7BD60338E14C}: DhcpNameServer = 207.5.171.1 207.5.171.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/17 09:13:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/07/05 13:39:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014/07/05 11:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\SlimDrivers
[2014/07/05 11:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimDrivers
[2014/07/05 11:20:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Unchecky
[2014/07/05 11:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Unchecky
[2014/07/05 11:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\kX Audio Driver
[2014/07/05 11:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\kX Audio Driver
[2014/07/05 11:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\kX Audio Driver
[2014/07/05 11:17:05 | 000,000,000 | ---D | C] -- C:\New Folder
[2014/07/05 09:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\SearchProtect
[2014/07/05 09:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2014/07/05 08:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\WinZip
[2014/07/05 08:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip Driver Updater
[2014/07/05 07:32:08 | 000,000,000 | ---D | C] -- C:\FRST
[2014/07/04 21:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Unchecky(2)
[2014/07/04 21:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\AVG SafeGuard toolbar
[2014/07/04 21:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2014/07/04 21:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVG SafeGuard toolbar
[2014/07/04 21:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2014/07/04 21:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar(2)
[2014/07/04 19:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2014/07/04 18:35:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Flux
[2014/07/04 18:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\FluxSoftware
[2014/07/04 16:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2014/07/04 16:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2014/07/04 16:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2014/07/04 16:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/07/04 16:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2014/07/04 16:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2014/07/04 13:15:20 | 000,000,000 | ---D | C] -- C:\Intel
[2014/07/04 09:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Paint XP
[2014/07/04 09:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Paint XP
[2014/07/04 09:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\stickies
[2014/07/02 11:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2014/07/02 10:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\PCDr
[2014/07/02 10:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2014/07/01 16:36:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2014/07/01 15:03:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/07/01 12:19:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/07/01 12:17:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\My Videos
[2014/07/01 12:17:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\My Music
[2014/07/01 12:16:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/06/30 15:30:12 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/06/26 16:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVAST Software
[2014/06/26 16:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/06/26 16:34:13 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/06/26 16:34:12 | 000,777,488 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys
[2014/06/26 16:34:12 | 000,776,976 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys.1403815204015
[2014/06/26 16:34:11 | 000,411,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/06/26 16:34:10 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/06/26 16:34:10 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswrdr.sys.1403815204015
[2014/06/26 16:34:10 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswrdr.sys
[2014/06/26 16:33:58 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/06/25 11:55:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/06/13 12:25:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/06/12 19:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Dell
[2014/06/12 19:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell
[2014/06/12 19:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2014/06/12 18:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Dell
[2014/06/12 15:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2014/06/12 15:49:20 | 000,000,000 | ---D | C] -- C:\temp
[2014/06/09 11:46:03 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/06/08 19:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2014/06/08 19:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/06/08 10:33:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2014/06/07 13:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads
[2014/06/07 11:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/06/07 11:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2014/06/07 10:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/06/06 17:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\HpUpdate
[2014/06/06 17:37:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2014/06/06 13:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Apple Computer
[2014/06/06 12:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Apple
[2014/06/06 12:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Apple Computer
[2014/06/06 12:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\.swt
[2014/06/06 12:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Azureus
[2014/06/06 10:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Windows Search
[2014/06/06 10:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\ApplicationHistory
[2014/06/06 09:15:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2014/06/06 09:15:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2014/06/06 09:15:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2014/06/06 09:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2014/06/06 09:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2014/06/06 09:13:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2014/06/06 09:10:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2014/06/06 08:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2014/06/06 08:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/06/06 08:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\LavasoftStatistics
[2014/06/06 08:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2014/06/06 08:17:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Common Files
[2014/06/06 08:15:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/06/05 20:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\SlimWare Utilities Inc
[2014/06/05 20:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\DriverUpdate
[2014/06/05 20:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2014/06/05 15:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Mozilla
[2014/06/05 15:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Mozilla
[2014/06/05 15:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/06/05 15:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014/06/05 15:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/06/05 15:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\IDM2
[2014/06/05 14:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Deployment
[2014/06/05 14:30:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
========== Files - Modified Within 30 Days ==========
[2014/07/05 13:39:30 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2014/07/05 13:38:48 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/07/05 13:38:29 | 000,001,130 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/07/05 13:38:14 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/07/05 13:38:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/07/05 13:32:47 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/07/05 13:04:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/07/05 11:32:23 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Firefox.lnk
[2014/07/05 11:21:44 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000003-00001102-00000004-10031102}.rfx
[2014/07/05 08:05:04 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\WinZipDriverUpdater_UPDATES.job
[2014/07/04 21:23:42 | 000,000,000 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2014/07/04 19:52:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/07/04 16:11:44 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2014/07/04 14:35:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/07/02 08:39:37 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/07/01 15:09:37 | 000,526,752 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/07/01 15:09:36 | 000,096,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/07/01 11:05:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/06/29 09:50:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/06/26 16:40:07 | 000,777,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys
[2014/06/26 16:40:06 | 000,411,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/06/26 16:40:06 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswrdr.sys
[2014/06/26 16:34:01 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys.1403815204015
[2014/06/26 16:34:01 | 000,180,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/06/26 16:34:01 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/06/26 16:34:00 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/06/26 16:34:00 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswrdr.sys.1403815204015
[2014/06/26 16:34:00 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/06/26 16:34:00 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/06/26 16:33:58 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/06/26 16:33:58 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/06/13 09:03:13 | 000,740,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/06/12 19:37:55 | 000,000,289 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/06/09 13:21:06 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2014/06/09 13:21:06 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2014/06/09 11:46:03 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/06/08 09:19:53 | 000,003,888 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000003-00001102-00000004-10031102}.rfx
[2014/06/08 09:19:53 | 000,003,888 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000003-00001102-00000004-10031102}.rfx
[2014/06/07 20:24:01 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/06/06 12:13:55 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2014/06/06 10:36:39 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/06 09:13:30 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2014/06/05 15:13:17 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
========== Files Created - No Company Name ==========
[2014/07/04 21:23:42 | 000,000,000 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2014/07/04 16:11:44 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2014/07/04 16:08:54 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/07/04 16:08:50 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2014/07/04 09:32:30 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2014/07/03 12:15:21 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\WinZipDriverUpdater_UPDATES.job
[2014/07/01 12:20:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/06/26 16:39:51 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/06/26 16:34:12 | 000,180,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/06/26 16:34:11 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/06/26 16:34:10 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/06/12 18:16:18 | 000,869,154 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-602162358-1275210071-725345543-1004-0.dat
[2014/06/09 13:21:06 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2014/06/09 13:21:06 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2014/06/09 12:39:32 | 000,740,632 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/06/08 09:21:32 | 000,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000003-00001102-00000004-10031102}.rfx
[2014/06/07 20:24:01 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/06/07 20:24:01 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/06/07 20:24:01 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Firefox.lnk
[2014/06/06 21:01:55 | 000,413,874 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/06/06 12:13:55 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2014/06/06 12:13:43 | 000,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
[2014/06/06 09:13:30 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2014/06/06 09:13:30 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2014/06/05 14:47:18 | 000,000,220 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/06/05 14:47:16 | 000,000,214 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2013/04/13 15:13:38 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2013/03/27 16:09:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2013/02/28 21:22:09 | 000,000,375 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2013/02/23 03:04:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/20 19:53:12 | 000,000,289 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/06/11 16:16:50 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2009/06/17 09:47:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/29 00:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/06/08 18:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2014/06/26 16:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/07/04 21:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2014/06/06 08:15:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/28 13:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hallmark
[2014/07/02 10:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2014/06/26 16:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVAST Software
[2014/07/04 21:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG SafeGuard toolbar
[2014/06/08 11:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Azureus
[2013/05/21 19:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BitTorrent
[2013/03/04 18:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\egamestoolbar
[2014/07/02 11:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2013/02/23 03:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FoxyTunes
[2014/06/12 21:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IDM2
[2014/07/02 10:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PCDr
[2013/02/20 19:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PhotoParade
[2013/05/21 19:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\player
[2014/07/04 09:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\stickies
[2014/06/06 09:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2014/06/06 10:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search
[2014/07/05 08:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WinZip
========== Purity Check ==========
< End of report >
#187
Posted 05 July 2014 - 12:04 PM
itsmesunny
- Topic Starter
-
- Member
-
- 307 posts
Member
And here:
OTL Extras logfile created on: 7/5/2014 1:41:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.00 Mb Total Physical Memory | 590.38 Mb Available Physical Memory | 57.71% Memory free
2.41 Gb Paging File | 2.06 Gb Available in Paging File | 85.67% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 42.90 Gb Free Space | 76.78% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 37.12 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
Computer Name: USER-R6PHPMKAQL | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Oracle Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1" = Paint XP version 1.3
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 60
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36373CE1-6999-11D5-96DC-98302790D441}" = Bob the Builder
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50BD0B15-5197-4EAF-8BCD-81117D1324B1}" = Family Tree Heritage Collaboration Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{750B354A-BF46-45E0-86D6-620026703B92}" = Nancy Drew: The Haunted Carousel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers
"{A6EBD60F-6EEF-4032-90A3-310B54AD8BF4}" = IHRA Drag Racing
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3AC8DD1-A754-46D6-A777-6155D627D196}" = My Fantasy Wedding
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DB299A0A-69B8-4DD2-BB76-A17CF14CE649}" = Lets Ride Corral Club
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Avast" = avast! Free Antivirus
"Download_Manager_and_Options" = Download Manager and Options
"Horsez" = Horsez
"InstallShield_{50BD0B15-5197-4EAF-8BCD-81117D1324B1}" = Family Tree Heritage Collaboration Support
"InstallShield_{DB299A0A-69B8-4DD2-BB76-A17CF14CE649}" = Lets Ride Corral Club
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PC-Doctor for Windows" = My Dell
"PROSet" = Intel® PRO Network Connections Drivers
"Unchecky" = Unchecky v0.2.14
"VLC media player" = VLC media player 2.1.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Flux" = f.lux
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/2/2014 10:49:39 AM | Computer Name = USER-R6PHPMKAQL | Source = Dell System Detect | ID = 0
Description = <Exception><Message>Invalid request from unknown referer, to http://localhost:888...essage><SysInfo
STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True"
Rel_Date="20030428000000.000000+000" DSDVersion="5.8.1.1" Vendor="Dell Computer
Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00)
Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>performinstallation</Method><Service>diagnosticsservice</Service><Arguments>8885;</Arguments><UserAgent>Mozilla/5.0
(Windows NT 5.1; rv:30.0) Gecko/20100101 Firefox/30.0</UserAgent></Exception>
Error - 7/2/2014 11:34:33 AM | Computer Name = USER-R6PHPMKAQL | Source = Dell System Detect | ID = 0
Description = <Exception><Message>Invalid request from unknown referer, to http://localhost:888...essage><SysInfo
STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True"
Rel_Date="20030428000000.000000+000" DSDVersion="5.8.1.1" Vendor="Dell Computer
Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00)
Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>startdiagnosisflow</Method><Service>diagnosticsservice</Service><Arguments>Quicktest;;en;8885;</Arguments><UserAgent>Mozilla/5.0
(Windows NT 5.1; rv:30.0) Gecko/20100101 Firefox/30.0</UserAgent></Exception>
Error - 7/2/2014 11:34:37 AM | Computer Name = USER-R6PHPMKAQL | Source = Dell System Detect | ID = 0
Description = <Exception><Message>Invalid request from unknown referer, to http://localhost:888...essage><SysInfo
STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True"
Rel_Date="20030428000000.000000+000" DSDVersion="5.8.1.1" Vendor="Dell Computer
Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00)
Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/><Method>startdiagnosisflow</Method><Service>diagnosticsservice</Service><Arguments>Quicktest;;en;8885;</Arguments><UserAgent>Mozilla/5.0
(Windows NT 5.1; rv:30.0) Gecko/20100101 Firefox/30.0</UserAgent></Exception>
Error - 7/3/2014 8:43:09 AM | Computer Name = USER-R6PHPMKAQL | Source = Dell System Detect | ID = 0
Description = <Exception><Message>Invalid request from unknown referer, to http://localhost:888...essage><SysInfo
STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True"
Rel_Date="20030428000000.000000+000" DSDVersion="5.8.1.1" Vendor="Dell Computer
Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00)
Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/></Exception>
Error - 7/3/2014 9:15:19 AM | Computer Name = USER-R6PHPMKAQL | Source = Dell System Detect | ID = 0
Description = <Exception><Message>Invalid request from unknown referer, to http://localhost:888...essage><SysInfo
STag="FC50W21" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A01" SMBIOSPresent="True"
Rel_Date="20030428000000.000000+000" DSDVersion="5.8.1.1" Vendor="Dell Computer
Corporation" PName="Dimension 8300" Ident_Num="USER-R6PHPMKAQL" TimeZone="(GMT-05:00)
Eastern Time (US & Canada)" OSName="Microsoft Windows XP Home Edition"/></Exception>
Error - 7/5/2014 11:24:04 AM | Computer Name = USER-R6PHPMKAQL | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)
Error - 7/5/2014 11:24:10 AM | Computer Name = USER-R6PHPMKAQL | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)
Error - 7/5/2014 11:24:10 AM | Computer Name = USER-R6PHPMKAQL | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)
Error - 7/5/2014 11:24:10 AM | Computer Name = USER-R6PHPMKAQL | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application
Details:
The
content index cannot be read. (0xc0041800)
Error - 7/5/2014 1:39:47 PM | Computer Name = USER-R6PHPMKAQL | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog
[ System Events ]
Error - 7/5/2014 11:23:59 AM | Computer Name = USER-R6PHPMKAQL | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2
Error - 7/5/2014 11:23:59 AM | Computer Name = USER-R6PHPMKAQL | Source = Service Control Manager | ID = 7000
Description = The MBAMScheduler service failed to start due to the following error:
%%2
Error - 7/5/2014 11:23:59 AM | Computer Name = USER-R6PHPMKAQL | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2
Error - 7/5/2014 11:24:10 AM | Computer Name = USER-R6PHPMKAQL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgtp
Error - 7/5/2014 11:24:36 AM | Computer Name = USER-R6PHPMKAQL | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).
Error - 7/5/2014 1:38:12 PM | Computer Name = USER-R6PHPMKAQL | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 7/5/2014 1:38:32 PM | Computer Name = USER-R6PHPMKAQL | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2
Error - 7/5/2014 1:38:32 PM | Computer Name = USER-R6PHPMKAQL | Source = Service Control Manager | ID = 7000
Description = The MBAMScheduler service failed to start due to the following error:
%%2
Error - 7/5/2014 1:38:32 PM | Computer Name = USER-R6PHPMKAQL | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2
Error - 7/5/2014 1:38:39 PM | Computer Name = USER-R6PHPMKAQL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgtp
< End of report >
#188
Posted 05 July 2014 - 12:05 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
There should be another log OTL.txt could you post that one please
#189
Posted 05 July 2014 - 12:21 PM
itsmesunny
- Topic Starter
-
- Member
-
- 307 posts
Member
I did. I posted it first.
3 threads up.
#186 thread.
Edited by itsmesunny, 05 July 2014 - 12:23 PM.
#190
Posted 05 July 2014 - 12:42 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
DUH
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
Go Start > Run
In the run box type msconfig
Click OK
Select the Startup tab
Remove all the ticks on the left hand side, except for Avast
OK out and reboot
When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[CREATERESTOREPOINT]
:OTL
SRV - File not found [Auto | Stopped] -- mbamservice.exe -- (MBAMService)
SRV - File not found [Auto | Stopped] -- mbamscheduler.exe -- (MBAMScheduler)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2800;https=127.0.0.1:2800;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2800;https=127.0.0.1:2800;
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\..\SearchScopes\{0F9300E4-163F-414C-B564-952DB51C48EA}: "URL" = https://startpage.co...anguage=english
FF - prefs.js..browser.startup.homepage: "www.startpage.com"
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\New Folder [2013/03/26 17:31:22 | 000,000,000 | -H-D | M]
[2014/07/05 09:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\SearchProtect
[2014/07/05 09:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2014/07/04 21:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\AVG SafeGuard toolbar
[2014/07/04 21:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2014/07/04 21:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVG SafeGuard toolbar
[2014/07/04 21:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2014/07/04 21:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar(2)
[2014/07/02 10:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\PCDr
[2014/07/02 10:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2014/07/03 12:15:21 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\WinZipDriverUpdater_UPDATES.job
[2014/07/04 21:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2014/06/08 18:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2014/07/04 21:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG SafeGuard toolbar
[2014/06/08 11:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Azureus
[2013/05/21 19:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BitTorrent
[2013/03/04 18:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\egamestoolbar
:Commands
[resethosts]
[emptytemp]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Go Start > Run
In the run box type msconfig
Click OK
Select the Startup tab
Remove all the ticks on the left hand side, except for Avast
OK out and reboot
When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.
#191
Posted 05 July 2014 - 12:56 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
A tutorial on how to copy and paste http://www.bleepingc...ste-in-windows/
#192
Posted 05 July 2014 - 12:59 PM
itsmesunny
- Topic Starter
-
- Member
-
- 307 posts
Member
Dang it! This happened earlier a way back and you showed me - How do I paste it?
There is NO edit on the program.
#193
Posted 05 July 2014 - 01:31 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Ok left click the OTL fix starting at :Commands
Then holding the left key down move the mouse until all the text turns blue
Then keeping the mouse on the blue area right click and select copy
Then open OTL and right click on the custom script area and select paste
#194
Posted 05 July 2014 - 01:49 PM
itsmesunny
- Topic Starter
-
- Member
-
- 307 posts
Member
Actually it's just hit Control and V.
I just found out. Here it is:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named MBAMService was found to stop!
Service\Driver key MBAMService not found.
File mbamservice.exe not found.
Error: No service named MBAMScheduler was found to stop!
Service\Driver key MBAMScheduler not found.
File mbamscheduler.exe not found.
Error: No service named MBAMProtector was found to stop!
Service\Driver key MBAMProtector not found.
File C:\WINDOWS\system32\drivers\mbam.sys not found.
Error: No service named avgtp was found to stop!
Service\Driver key avgtp not found.
File C:\WINDOWS\system32\drivers\avgtpx86.sys not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\ComboFix\catchme.sys not found.
Error: No service named esgiguard was found to stop!
Service\Driver key esgiguard not found.
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-602162358-1275210071-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0F9300E4-163F-414C-B564-952DB51C48EA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F9300E4-163F-414C-B564-952DB51C48EA}\ not found.
Prefs.js: "www.startpage.com" removed from browser.startup.homepage
File C:\Documents and Settings\User\Start Menu\Programs\Startup\New Folder not found.
C:\Documents and Settings\User\Local Settings\Application Data\SearchProtect\UI\rep folder moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\SearchProtect\UI folder moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\SearchProtect folder moved successfully.
Folder C:\Program Files\SearchProtect\ not found.
Folder C:\Documents and Settings\User\Local Settings\Application Data\AVG SafeGuard toolbar\ not found.
Folder C:\Program Files\Common Files\AVG Secure Search\ not found.
Folder C:\Documents and Settings\User\Application Data\AVG SafeGuard toolbar\ not found.
Folder C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ not found.
Folder C:\Program Files\AVG SafeGuard toolbar(2)\ not found.
Folder C:\Documents and Settings\User\Application Data\PCDr\ not found.
Folder C:\Documents and Settings\All Users\Application Data\PCDr\ not found.
File C:\WINDOWS\tasks\WinZipDriverUpdater_UPDATES.job not found.
Folder C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ not found.
Folder C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\ not found.
Folder C:\Documents and Settings\User\Application Data\AVG SafeGuard toolbar\ not found.
Folder C:\Documents and Settings\User\Application Data\Azureus\ not found.
Folder C:\Documents and Settings\User\Application Data\BitTorrent\ not found.
Folder C:\Documents and Settings\User\Application Data\egamestoolbar\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: User
->Temp folder emptied: 780 bytes
->Temporary Internet Files folder emptied: 35504 bytes
->FireFox cache emptied: 17770289 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 143988 bytes
Total Files Cleaned = 17.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 07052014_153514
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
#195
Posted 05 July 2014 - 02:14 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Did you then do the msconfig bit ? If so how is it running now ?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
