Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hard drive always has activity [Solved]


  • This topic is locked This topic is locked

#1
Spytec128

Spytec128

    New Member

  • Member
  • Pip
  • 4 posts
My hard drive is continuosly active even if I leave my computer alone for hours. I feel someone may be using it for their own purpose. All I have installed in Symantec Antivirus and it has found a few files and quaratined them. Is there anything else on my machine?

OTL logfile created on: 1/24/2013 6:26:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Chris\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.42 Mb Total Physical Memory | 132.57 Mb Available Physical Memory | 14.82% Memory free
2.80 Gb Paging File | 2.14 Gb Available in Paging File | 76.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 134.90 Gb Total Space | 93.68 Gb Free Space | 69.44% Space Free | Partition Type: NTFS
Drive D: | 97.98 Gb Total Space | 87.20 Gb Free Space | 89.00% Space Free | Partition Type: NTFS

Computer Name: CHRISDESK | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/24 18:26:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\My Documents\Downloads\OTL.exe
PRC - [2013/01/21 17:29:42 | 001,101,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/01/21 17:29:42 | 000,945,328 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2013/01/18 20:13:17 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2010/01/22 20:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2010/01/22 20:56:46 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2010/01/22 20:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2010/01/22 20:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2010/01/22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/10/15 12:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/15 12:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/03/14 16:49:02 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/03/14 16:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/03/14 16:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/01/10 13:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/11/21 14:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 14:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/11/21 14:38:28 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/05/11 21:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004/09/03 09:14:10 | 000,057,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP DVD\Umbrella\DVDTray.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/21 17:29:43 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll
MOD - [2013/01/21 17:29:42 | 001,101,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/01/21 17:29:42 | 000,945,328 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
MOD - [2013/01/18 20:13:16 | 003,022,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/09 17:46:57 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f4e4ec95\mscorlib.dll
MOD - [2013/01/09 17:46:55 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_5001956c\system.drawing.dll
MOD - [2013/01/09 17:46:48 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_52ee1766\system.xml.dll
MOD - [2013/01/09 17:46:45 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_5835be13\system.windows.forms.dll
MOD - [2013/01/09 17:46:37 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_a390a082\system.dll
MOD - [2013/01/09 17:46:26 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013/01/09 17:46:25 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013/01/09 17:46:23 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2013/01/09 01:04:09 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/22 20:57:04 | 000,970,288 | ---- | M] () -- C:\Program Files\VMware\VMware Player\libxml2.dll
MOD - [2010/01/22 20:56:46 | 000,068,656 | ---- | M] () -- C:\Program Files\VMware\VMware Player\zlib1.dll
MOD - [2009/06/27 08:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2008/08/12 13:16:50 | 000,774,144 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2008/07/11 10:38:08 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2008/07/11 10:38:03 | 000,380,928 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2008/07/11 10:37:56 | 001,032,192 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2008/07/11 10:37:56 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2008/07/11 10:37:56 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2008/07/11 10:37:55 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2008/07/11 10:37:54 | 000,512,000 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2008/07/11 10:37:54 | 000,015,360 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2008/07/11 10:37:54 | 000,010,752 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\3.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2008/07/11 10:37:53 | 000,589,824 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2008/07/11 10:37:53 | 000,364,544 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2008/07/11 10:37:53 | 000,188,416 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2008/07/11 10:37:53 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2008/07/11 10:37:53 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2008/07/11 10:37:53 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2008/07/11 10:37:53 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2008/07/11 10:37:53 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2008/07/11 10:37:53 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2008/07/11 10:37:02 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2008/07/11 10:37:02 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2008/07/11 10:37:01 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2008/07/11 10:37:01 | 000,225,280 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2008/07/11 10:37:01 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2008/07/11 10:37:01 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2008/07/11 10:37:01 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2008/07/11 10:37:01 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2008/07/11 10:37:01 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2008/07/11 10:37:01 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2008/07/11 10:37:01 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2008/07/10 15:22:04 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008/07/10 12:01:58 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2013/01/21 17:29:42 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013/01/18 20:13:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/09 01:04:09 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/04/06 14:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2010/01/22 20:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/01/22 20:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/01/22 20:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/01/22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/15 12:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/10/12 13:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/14 16:48:56 | 000,116,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 16:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 16:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/02/12 14:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 13:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/11/21 14:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 14:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/09/02 13:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Senfilt.sys -- (SenFiltService)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Monfilt.sys -- (Monfilt)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AEAudio.sys -- (AEAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\actccid.sys -- (actccid)
DRV - [2013/01/21 17:29:43 | 000,031,576 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/12/20 02:02:35 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130118.007\navex15.sys -- (NAVEX15)
DRV - [2012/12/20 02:02:33 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130118.007\naveng.sys -- (NAVENG)
DRV - [2012/11/24 18:50:21 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012/10/18 07:24:12 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/10/18 07:24:12 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/04 17:18:09 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\etdrv.sys -- (etdrv)
DRV - [2010/08/12 09:44:06 | 000,071,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2010/04/27 09:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2010/04/08 10:30:10 | 000,168,040 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2010/03/04 02:02:10 | 000,013,824 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2010/01/22 20:58:02 | 000,032,688 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/01/22 20:57:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/01/22 20:57:56 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/01/22 20:57:54 | 000,854,192 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/01/22 20:57:54 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2010/01/22 20:56:46 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2010/01/22 20:00:42 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/01/22 16:13:00 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 13:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/07/11 11:52:52 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/12/06 06:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/11/30 20:18:42 | 000,651,712 | ---- | M] (VIA - IC Ensemble, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Envy24HF.sys -- (Envy24HFS)
DRV - [2007/06/27 11:05:00 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/06/27 11:04:00 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007/04/16 18:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/04/09 06:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 06:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 06:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/12 14:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2007/02/12 14:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2007/02/08 05:45:00 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ActionReplayDS.sys -- (ActionReplayDS)
DRV - [2007/01/31 04:45:00 | 001,050,784 | ---- | M] (D-Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5416.sys -- (AR5416)
DRV - [2007/01/10 13:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/09/06 11:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 11:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/08/13 18:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/05/02 00:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
DRV - [2003/09/19 11:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {F582A8AF-E3CD-4918-9784-63259E0FDD03}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{554FB689-1F72-4018-80DA-AC3A2E1499B3}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7ADBS
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...r=&d=2012-11-17 21:00:58&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{F4ACC303-F768-434d-8EC4-4D544DCC2CD2}: "URL" = http://search.yahoo....icevm&type=IEBD
IE - HKCU\..\SearchScopes\{F582A8AF-E3CD-4918-9784-63259E0FDD03}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.0.1:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.0.2.14 [2013/01/21 17:30:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 20:13:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/31 13:54:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2013/01/18 20:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/18 20:13:18 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/21 17:30:10 | 000,003,591 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/10/24 09:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 09:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/10/18 18:42:02 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTClk\NVRTClk.exe ()
O4 - HKLM..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe File not found
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe ()
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.gaiaonlin...r&cachebust=20" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1351648275953 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1351648252671 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA0BA5C1-B36D-45E3-BCF9-2173C2B5D1E7}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDFB655F-7625-466F-A66E-F56D84755A34}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/11 11:11:25 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/18 20:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/06 16:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/01/06 16:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/06 16:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[84 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/24 18:05:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/24 18:05:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/24 18:04:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/24 16:33:54 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/24 16:31:47 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/01/24 16:31:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/21 17:29:43 | 000,031,576 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/01/21 15:42:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/09 18:06:56 | 000,530,078 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/09 18:06:56 | 000,097,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/09 17:48:23 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/06 16:36:11 | 000,001,444 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/01/04 16:54:30 | 000,004,732 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\FloorMats.jpg
[2013/01/04 16:37:51 | 000,045,643 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Snorkel1.JPG
[2013/01/04 16:37:06 | 000,554,155 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Snorkel2.JPG
[84 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/21 17:30:28 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/01/06 16:36:11 | 000,001,444 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/01/04 16:54:28 | 000,004,732 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\FloorMats.jpg
[2013/01/04 16:37:51 | 000,045,643 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Snorkel1.JPG
[2013/01/04 16:37:05 | 000,554,155 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Snorkel2.JPG
[2012/12/05 19:17:30 | 000,000,041 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2012/10/30 18:01:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/25 08:54:42 | 000,426,496 | ---- | C] () -- C:\WINDOWS\System32\STLibWrapper.dll
[2012/04/25 08:54:42 | 000,204,884 | ---- | C] () -- C:\WINDOWS\System32\spxusb.dll
[2012/04/25 08:54:42 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2012/02/09 22:40:00 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/10/01 12:32:03 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\deluidrv.exe
[2011/10/01 12:32:03 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\delentry.exe
[2011/03/13 17:12:41 | 000,080,448 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/02/22 10:28:55 | 000,001,009 | ---- | C] () -- C:\Documents and Settings\Chris\cert.cer
[2008/12/04 18:58:39 | 000,002,856 | ---- | C] () -- C:\Documents and Settings\Chris\untitled1_MAS.bak
[2008/11/22 13:49:08 | 000,004,672 | ---- | C] () -- C:\Documents and Settings\Chris\untitled250_MAS.bak
[2008/11/22 13:37:52 | 000,003,184 | ---- | C] () -- C:\Documents and Settings\Chris\untitled240_MAS.bak
[2008/11/22 13:34:54 | 000,004,904 | ---- | C] () -- C:\Documents and Settings\Chris\untitled230_MAS.bak
[2008/11/22 13:33:28 | 000,003,048 | ---- | C] () -- C:\Documents and Settings\Chris\untitled220_MAS.bak
[2008/11/22 13:13:17 | 000,002,832 | ---- | C] () -- C:\Documents and Settings\Chris\untitled170_MAS.bak
[2008/11/22 13:12:41 | 000,002,792 | ---- | C] () -- C:\Documents and Settings\Chris\untitled160_MAS.bak
[2008/11/22 13:12:06 | 000,002,832 | ---- | C] () -- C:\Documents and Settings\Chris\untitled150_MAS.bak
[2008/11/22 13:11:28 | 000,008,112 | ---- | C] () -- C:\Documents and Settings\Chris\untitled140_MAS.bak
[2008/11/22 13:07:59 | 000,002,904 | ---- | C] () -- C:\Documents and Settings\Chris\untitled10_MAS.bak
[2008/11/22 12:57:29 | 000,002,888 | ---- | C] () -- C:\Documents and Settings\Chris\untitled7_MAS.bak
[2008/11/18 17:21:31 | 000,006,136 | ---- | C] () -- C:\Documents and Settings\Chris\untitled6_MAS.bak
[2008/10/15 12:38:19 | 000,002,152 | ---- | C] () -- C:\Documents and Settings\Chris\untitled9_MAS.bak
[2008/10/10 15:15:08 | 000,003,432 | ---- | C] () -- C:\Documents and Settings\Chris\untitled73_MAS.bak
[2008/10/10 15:14:31 | 000,006,248 | ---- | C] () -- C:\Documents and Settings\Chris\untitled72_MAS.bak
[2008/10/10 15:06:15 | 000,006,296 | ---- | C] () -- C:\Documents and Settings\Chris\untitled71_MAS.bak
[2008/10/10 15:05:33 | 000,003,968 | ---- | C] () -- C:\Documents and Settings\Chris\untitled70_MAS.bak
[2008/10/10 15:02:22 | 000,006,544 | ---- | C] () -- C:\Documents and Settings\Chris\untitled69_MAS.bak
[2008/10/10 14:58:23 | 000,003,304 | ---- | C] () -- C:\Documents and Settings\Chris\untitled68_MAS.bak
[2008/10/10 14:57:50 | 000,006,536 | ---- | C] () -- C:\Documents and Settings\Chris\untitled67_MAS.bak
[2008/10/10 14:57:10 | 000,003,952 | ---- | C] () -- C:\Documents and Settings\Chris\untitled66_MAS.bak
[2008/10/10 14:45:49 | 000,003,952 | ---- | C] () -- C:\Documents and Settings\Chris\untitled64_MAS.bak
[2008/10/10 14:42:16 | 000,008,136 | ---- | C] () -- C:\Documents and Settings\Chris\untitled63_MAS.bak
[2008/10/10 14:40:32 | 000,004,840 | ---- | C] () -- C:\Documents and Settings\Chris\untitled62_MAS.bak
[2008/10/10 14:39:09 | 000,005,568 | ---- | C] () -- C:\Documents and Settings\Chris\untitled61_MAS.bak
[2008/10/10 14:35:45 | 000,006,704 | ---- | C] () -- C:\Documents and Settings\Chris\untitled60_MAS.bak
[2008/10/10 14:22:01 | 000,003,208 | ---- | C] () -- C:\Documents and Settings\Chris\untitled59_MAS.bak
[2008/10/10 14:21:06 | 000,006,344 | ---- | C] () -- C:\Documents and Settings\Chris\untitled58_MAS.bak
[2008/10/10 14:19:55 | 000,007,528 | ---- | C] () -- C:\Documents and Settings\Chris\untitled57_MAS.bak
[2008/10/10 14:17:16 | 000,006,704 | ---- | C] () -- C:\Documents and Settings\Chris\untitled56_MAS.bak
[2008/10/10 14:16:13 | 000,003,944 | ---- | C] () -- C:\Documents and Settings\Chris\untitled55_MAS.bak
[2008/10/10 14:12:05 | 000,007,928 | ---- | C] () -- C:\Documents and Settings\Chris\untitled54_MAS.bak
[2008/10/10 14:08:00 | 000,005,088 | ---- | C] () -- C:\Documents and Settings\Chris\untitled52_MAS.bak
[2008/10/10 14:07:34 | 000,005,472 | ---- | C] () -- C:\Documents and Settings\Chris\untitled51_MAS.bak
[2008/10/10 14:05:59 | 000,005,272 | ---- | C] () -- C:\Documents and Settings\Chris\untitled50_MAS.bak
[2008/10/10 14:04:57 | 000,005,360 | ---- | C] () -- C:\Documents and Settings\Chris\untitled49_MAS.bak
[2008/10/10 14:04:17 | 000,006,056 | ---- | C] () -- C:\Documents and Settings\Chris\untitled48_MAS.bak
[2008/10/10 14:03:35 | 000,006,424 | ---- | C] () -- C:\Documents and Settings\Chris\untitled47_MAS.bak
[2008/10/10 14:02:49 | 000,006,160 | ---- | C] () -- C:\Documents and Settings\Chris\untitled46_MAS.bak
[2008/10/10 14:01:08 | 000,006,624 | ---- | C] () -- C:\Documents and Settings\Chris\untitled45_MAS.bak
[2008/10/10 14:00:03 | 000,006,776 | ---- | C] () -- C:\Documents and Settings\Chris\untitled44_MAS.bak
[2008/10/10 13:53:44 | 000,006,096 | ---- | C] () -- C:\Documents and Settings\Chris\untitled43_MAS.bak
[2008/10/10 13:52:41 | 000,006,304 | ---- | C] () -- C:\Documents and Settings\Chris\untitled42_MAS.bak
[2008/10/10 13:49:33 | 000,004,872 | ---- | C] () -- C:\Documents and Settings\Chris\untitled40_MAS.bak
[2008/10/10 13:46:19 | 000,006,072 | ---- | C] () -- C:\Documents and Settings\Chris\untitled39_MAS.bak
[2008/10/10 13:43:35 | 000,006,048 | ---- | C] () -- C:\Documents and Settings\Chris\untitled38_MAS.bak
[2008/10/10 13:38:37 | 000,005,464 | ---- | C] () -- C:\Documents and Settings\Chris\untitled37_MAS.bak
[2008/10/10 13:36:36 | 000,005,864 | ---- | C] () -- C:\Documents and Settings\Chris\untitled36_MAS.bak
[2008/10/10 13:34:07 | 000,006,304 | ---- | C] () -- C:\Documents and Settings\Chris\untitled35_MAS.bak
[2008/10/10 13:32:04 | 000,006,520 | ---- | C] () -- C:\Documents and Settings\Chris\untitled34_MAS.bak
[2008/10/10 13:26:22 | 000,007,184 | ---- | C] () -- C:\Documents and Settings\Chris\untitled33_MAS.bak
[2008/10/10 13:22:23 | 000,007,624 | ---- | C] () -- C:\Documents and Settings\Chris\untitled32_MAS.bak
[2008/10/10 13:14:22 | 000,005,472 | ---- | C] () -- C:\Documents and Settings\Chris\untitled30_MAS.bak
[2008/10/10 13:11:33 | 000,003,200 | ---- | C] () -- C:\Documents and Settings\Chris\untitled29_MAS.bak
[2008/10/10 13:11:21 | 000,005,296 | ---- | C] () -- C:\Documents and Settings\Chris\untitled28_MAS.bak
[2008/10/10 13:02:44 | 000,003,432 | ---- | C] () -- C:\Documents and Settings\Chris\untitled27_MAS.bak
[2008/10/10 13:02:32 | 000,003,432 | ---- | C] () -- C:\Documents and Settings\Chris\untitled26_MAS.bak
[2008/10/10 13:01:09 | 000,003,864 | ---- | C] () -- C:\Documents and Settings\Chris\untitled25_MAS.bak
[2008/10/10 12:59:33 | 000,003,952 | ---- | C] () -- C:\Documents and Settings\Chris\untitled24_MAS.bak
[2008/10/10 12:57:03 | 000,004,128 | ---- | C] () -- C:\Documents and Settings\Chris\untitled23_MAS.bak
[2008/10/10 12:50:30 | 000,005,944 | ---- | C] () -- C:\Documents and Settings\Chris\untitled22_MAS.bak
[2008/10/10 12:43:28 | 000,006,448 | ---- | C] () -- C:\Documents and Settings\Chris\untitled21_MAS.bak
[2008/10/10 12:40:09 | 000,003,064 | ---- | C] () -- C:\Documents and Settings\Chris\untitled20_MAS.bak
[2008/10/10 12:35:56 | 000,005,368 | ---- | C] () -- C:\Documents and Settings\Chris\untitled19_MAS.bak
[2008/10/10 12:20:32 | 000,006,400 | ---- | C] () -- C:\Documents and Settings\Chris\untitled18_MAS.bak
[2008/10/10 12:16:49 | 000,003,600 | ---- | C] () -- C:\Documents and Settings\Chris\untitled17_MAS.bak
[2008/10/10 12:16:21 | 000,003,608 | ---- | C] () -- C:\Documents and Settings\Chris\untitled16_MAS.bak
[2008/10/10 12:15:46 | 000,003,264 | ---- | C] () -- C:\Documents and Settings\Chris\untitled15_MAS.bak
[2008/10/10 12:10:10 | 000,005,544 | ---- | C] () -- C:\Documents and Settings\Chris\untitled14_MAS.bak
[2008/10/10 11:32:08 | 000,005,392 | ---- | C] () -- C:\Documents and Settings\Chris\untitled13_MAS.bak
[2008/10/10 11:31:54 | 000,007,320 | ---- | C] () -- C:\Documents and Settings\Chris\untitled12_MAS.bak
[2008/10/10 11:18:16 | 000,007,320 | ---- | C] () -- C:\Documents and Settings\Chris\untitled11_MAS.bak
[2008/10/10 10:34:34 | 000,002,792 | ---- | C] () -- C:\Documents and Settings\Chris\untitled8_MAS.bak
[2008/10/10 10:01:11 | 000,006,000 | ---- | C] () -- C:\Documents and Settings\Chris\untitled5_MAS.bak
[2008/10/08 18:23:45 | 000,002,832 | ---- | C] () -- C:\Documents and Settings\Chris\untitled4_MAS.bak
[2008/08/06 15:40:08 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/15 16:25:46 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\mcs.rma
[2008/07/15 16:25:46 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\C7A413
[2008/07/11 10:40:37 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2008/07/10 12:02:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/06 16:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/17 21:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2008/07/11 11:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2012/11/04 17:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Scanning Suite
[2008/11/07 20:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/11/19 20:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/08/14 14:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2009/03/15 07:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/21 05:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 09:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 06:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/11/17 21:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\AVG Secure Search
[2008/09/24 12:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/04 17:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ElevatedDiagnostics
[2008/09/08 17:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2009/08/11 14:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ieSpell
[2008/11/04 19:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Leadertech
[2011/01/04 07:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\OpenCandy
[2008/07/09 14:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\TMP
[2011/01/04 07:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Uniblue
[2008/11/10 17:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Viewpoint
[2008/12/17 19:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Windows Desktop Search
[2009/01/03 15:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Windows Search

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#4
Spytec128

Spytec128

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
SECURITY CHECK
Results of screen317's Security Check version 0.99.57
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec AntiVirus Corporate Edition
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 37
Java 7 Update 11
Java™ 6 Update 7
Adobe Flash Player 11.5.502.146
Adobe Reader 9
Adobe Reader XI
Mozilla Firefox (18.0.1)
````````Process Check: objlist.exe by Laurent````````
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


ADWCleaner
# AdwCleaner v2.109 - Logfile created 01/30/2013 at 18:24:41
# Updated 26/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Chris - CHRISDESK
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Chris\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Chris\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Chris\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Chris\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Chris\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Chris\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Magical Jelly Bean\OpenCandy
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\n4q2wwda.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6633 octets] - [30/01/2013 18:24:41]

########## EOF - C:\AdwCleaner[S1].txt - [6693 octets] ##########

RogueKiller
RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Chris [Admin rights]
Mode : Scan -- Date : 01/30/2013 18:40:07
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (192.168.0.1:80) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x84957CD0)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8495ACD0)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8497BCC0)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x852911A8)
SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x8494ECD0)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x84981CC0)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x84975CD0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x84951CD0)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x84954CD0)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x84A76CB0)
SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x8494BCD0)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8497ECD0)
SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x8496ACD0)
SSDT[177] : NtQueryValueKey @ 0x8062231A -> HOOKED (Unknown @ 0x84948CC0)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x848C5CC0)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x84967CD0)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8496DCD0)
SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x84964CD0)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x84945CD0)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8495ECD0)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x84984CD0)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x84961CD0)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x84970CD0)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x84978CC0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST325031 0NS SCSI Disk Device +++++
--- User ---
[MBR] d5276b7dbc2aec8aff42620dd04017f6
[BSP] 61165328fcfd057a07d2ff3e8db1b60c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 138137 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 282904650 | Size: 100334 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_01302013_02d1840.txt >>
RKreport[1]_S_01302013_02d1840.txt
  • 0

#5
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#7
Spytec128

Spytec128

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Still working it. It keeps locking up on me.
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
  • 0

#9
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#10
Spytec128

Spytec128

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Just close this discussion please. I'm done with it. I'm going to buy a new one with my tax refund.
  • 0

#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Thanks for letting me know
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP