Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Server Not Found/System Restore Not Working

Started by tuffstuff , Apr 27 2013 04:14 PM

  • Please log in to reply

#16
tuffstuff
Posted 10 May 2013 - 04:30 PM

tuffstuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
adwcleaner log

# AdwCleaner v2.300 - Logfile created 05/10/2013 at 18:25:37
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - DEBEVE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Owner\My Documents\eBay.lnk
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Viewpoint
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2u55g8c4.default\prefs.js

Deleted : user_pref("extensions.mediaplayerconnectivity.activityViewPoint", false);
Deleted : user_pref("extensions.mediaplayerconnectivity.enableAutoplayViewPoint", false);
Deleted : user_pref("extensions.mediaplayerconnectivity.enableContextMenuViewPoint", true);
Deleted : user_pref("extensions.mediaplayerconnectivity.enableEmbedViewPoint", true);
Deleted : user_pref("extensions.mediaplayerconnectivity.enableFileViewPoint", true);
Deleted : user_pref("extensions.mediaplayerconnectivity.playerparamsviewpoint", "%f");
Deleted : user_pref("extensions.mediaplayerconnectivity.playerviewpoint", "");

*************************

AdwCleaner[R1].txt - [3355 octets] - [08/05/2013 23:20:05]
AdwCleaner[S1].txt - [3004 octets] - [10/05/2013 18:25:37]

########## EOF - C:\AdwCleaner[S1].txt - [3064 octets] ##########
  • 0

Advertisements

#17
tuffstuff
Posted 10 May 2013 - 04:51 PM

tuffstuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
OTL Fix log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1648610163-4111014109-2383940249-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry key HKEY_USERS\S-1-5-21-1648610163-4111014109-2383940249-1003\Software\Microsoft\Internet Explorer\SearchScopes\{33B100D2-D9DD-46DD-9122-51464970B8FE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33B100D2-D9DD-46DD-9122-51464970B8FE}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: 4 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.
File C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.
File C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll not found.
File C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\tasks\ROC_SYS_TASK.job moved successfully.
C:\WINDOWS\tasks\ROC_SYS_TASK_DELETE.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1135264480\EE\AOLServiceHost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\RRIM\aim.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1135264480\EE\aolsoftware.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.DEBEVE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 681439 bytes
->Temporary Internet Files folder emptied: 723851 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5031773 bytes
->Flash cache emptied: 2837914 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1197052 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 21625198 bytes

Total Files Cleaned = 31.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05102013_184123

Edited by tuffstuff, 10 May 2013 - 04:51 PM.

  • 0

#18
tuffstuff
Posted 10 May 2013 - 05:59 PM

tuffstuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
There was no infection listed in the malwarebytes scan. Here is the log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.10.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: DEBEVE [administrator]

5/10/2013 7:04:14 PM
mbam-log-2013-05-10 (19-04-14).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 328813
Time elapsed: 50 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#19
tuffstuff
Posted 10 May 2013 - 06:42 PM

tuffstuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
When doing the esetscanner downloading the database after it finished step 2 it said unexpected error 2002. Since it is going to take awhile for the eset scanner I have to do it tomorrow as I have to be up for work at 4 am. Will I be able to find the eset scanner again when I start tomorrow or do I have to download again?
  • 0

#20
godawgs
Posted 10 May 2013 - 10:03 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Click the Start Orb and then Control Panel
Click Programs. A list of installed programs will be displayed.
Look for ESET in the installed programs list.
If you find it then right click it and click uninstall. Then go back to post #15 and continue with Steps 4, 5, 6 and 7.
If you don't find it then go back to post #15 and continue with Steps 4, 5, 6 and 7.
  • 0

#21
tuffstuff
Posted 11 May 2013 - 12:54 PM

tuffstuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
I uinstalled and tried again. On step 1 it says another anti virus has been detected and may affect scan. I disabled AVG. Then on Step 2 it says cannot get update is proxy configured.
  • 0

#22
godawgs
Posted 11 May 2013 - 01:18 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
What browser did you use?
  • 0

#23
tuffstuff
Posted 11 May 2013 - 02:56 PM

tuffstuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
firefox

I opened IE and started eset from there and it is scanning. YAY!

Edited by tuffstuff, 11 May 2013 - 06:49 PM.

  • 0

#24
tuffstuff
Posted 11 May 2013 - 10:54 PM

tuffstuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
eset scanner log

C:\Documents and Settings\Owner\My Documents\Downloads\microsoft security essentials setup.exe probably a variant of Win32/Soft32Downloader.C application
  • 0

#25
tuffstuff
Posted 11 May 2013 - 11:12 PM

tuffstuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
last step new otl.txt

going to bed will try computer when I get home. Thank you.

OTL logfile created on: 5/12/2013 12:59:37 AM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.47 Mb Total Physical Memory | 369.34 Mb Available Physical Memory | 36.44% Memory free
2.38 Gb Paging File | 1.86 Gb Available in Paging File | 78.10% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.28 Gb Total Space | 198.68 Gb Free Space | 87.03% Space Free | Partition Type: NTFS
Drive D: | 4.59 Gb Total Space | 2.24 Gb Free Space | 48.66% Space Free | Partition Type: FAT32

Computer Name: DEBEVE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/04/27 17:58:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2013/04/25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/18 22:42:32 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/04/18 13:42:58 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/25 15:25:18 | 000,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcgcoms.exe
PRC - [2005/07/21 02:07:22 | 000,200,704 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 2300 Series\lxcgmon.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/18 13:42:57 | 003,133,336 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/07/12 09:33:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL
MOD - [2005/07/11 10:36:34 | 000,118,784 | ---- | M] () -- C:\Program Files\Lexmark 2300 Series\lxcgdrec.dll
MOD - [2005/03/13 14:32:14 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark 2300 Series\lxcgcnv4.dll


========== Services (SafeList) ==========

SRV - [2013/04/26 12:06:23 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 22:42:32 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/18 13:42:58 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2005/07/25 15:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\system32\lxcgcoms.exe -- (lxcg_device)


========== Driver Services (SafeList) ==========

DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/05/20 16:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2008/01/13 01:18:11 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/12/23 11:47:45 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/06/28 06:28:00 | 000,349,856 | R--- | M] (SMC Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\2862WICB.sys -- (SMC2862W)
DRV - [2005/04/27 14:45:08 | 000,300,672 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/04/04 12:01:34 | 000,035,712 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2004/11/15 21:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/11/10 21:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/06/17 18:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 18:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 09:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1648610163-4111014109-2383940249-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1648610163-4111014109-2383940249-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1648610163-4111014109-2383940249-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1648610163-4111014109-2383940249-1003\..\SearchScopes,DefaultScope = {26AF14FB-6A63-4F42-AD51-591796EB8182}
IE - HKU\S-1-5-21-1648610163-4111014109-2383940249-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1648610163-4111014109-2383940249-1003\..\SearchScopes\{26AF14FB-6A63-4F42-AD51-591796EB8182}: "URL" = http://search.yahoo....f-8&fr=chr-yie8
IE - HKU\S-1-5-21-1648610163-4111014109-2383940249-1003\..\SearchScopes\{423FDCB3-DF6A-49F7-896B-B5D6DD9AFC06}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKU\S-1-5-21-1648610163-4111014109-2383940249-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1648610163-4111014109-2383940249-1003\..\SearchScopes\{8261E192-A18E-4835-8B5D-CBA1147EABD2}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-1648610163-4111014109-2383940249-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\S-1-5-21-1648610163-4111014109-2383940249-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.6.0.20130418072822
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Owner\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/18 13:42:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/10 15:49:16 | 000,000,000 | ---D | M]

[2008/09/12 19:26:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/05/11 17:07:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2u55g8c4.default\extensions
[2008/09/12 14:48:16 | 000,000,000 | ---D | M] (Yuku) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2u55g8c4.default\extensions\{53A01AC4-9238-453c-990B-D4C5D4220FF2}(2)
[2008/09/12 14:48:12 | 000,000,000 | ---D | M] (Firefox Companion for eBay) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2u55g8c4.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}(2)
[2013/05/11 17:07:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2u55g8c4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/09/12 14:48:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2u55g8c4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2008/09/12 14:46:19 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2u55g8c4.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}(2)
[2009/10/27 23:56:09 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2u55g8c4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/10/21 19:12:08 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2u55g8c4.default\extensions\[email protected]
[2012/02/13 14:19:21 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2u55g8c4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/05/08 16:41:25 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2u55g8c4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010/04/03 13:15:08 | 000,005,511 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2u55g8c4.default\searchplugins\foodtv.xml
[2008/06/21 02:33:13 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2u55g8c4.default\searchplugins\IMDB.xml
[2013/04/18 13:42:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/18 13:42:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/04/18 13:42:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2013/04/18 13:42:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/04/18 13:42:58 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/07 06:09:19 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/04/18 22:44:07 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LXCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [lxcgmon.exe] C:\Program Files\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2012/12/19 08:22:23 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1648610163-4111014109-2383940249-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1648610163-4111014109-2383940249-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1648610163-4111014109-2383940249-1003\..Trusted Domains: everythinglv.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1648610163-4111014109-2383940249-1003\..Trusted Domains: harristeeter.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1648610163-4111014109-2383940249-1003\..Trusted Domains: imdb.com/help/show_leaf?enablecookies ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229556528546 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61F975C4-2C6A-4D66-B786-9E482C2D5085}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/11 14:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/10 16:00:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/05/10 08:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/05/09 09:10:11 | 000,000,000 | ---D | C] -- C:\C_Documents and Settings
[2013/05/08 23:01:50 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2013/05/05 08:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG April 2013 Campaign
[2013/05/04 21:07:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/04/25 18:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/04/25 18:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/25 18:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG2013
[2013/04/25 18:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Avg2013
[2013/04/25 18:36:22 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/04/24 08:05:41 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/04/24 00:17:07 | 000,000,000 | ---D | C] -- C:\424f00923a31bcda80e59a
[2013/04/23 23:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/04/23 23:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/04/23 21:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/04/23 11:32:05 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2013/04/23 11:31:19 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2013/04/23 11:30:02 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/04/23 11:29:22 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2013/04/23 11:27:32 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2013/04/23 11:27:30 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/04/23 11:27:29 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/04/23 11:25:57 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2013/04/23 11:17:57 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2013/04/23 11:15:16 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2013/04/23 11:14:45 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2013/04/23 11:14:40 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2013/04/22 22:07:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/04/22 21:49:02 | 001,371,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2013/04/22 21:49:02 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2013/04/22 21:49:00 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2013/04/22 21:49:00 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2013/04/22 21:49:00 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2013/04/22 21:49:00 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2013/04/22 21:49:00 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2013/04/22 21:49:00 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2013/04/22 21:49:00 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2013/04/22 21:49:00 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2013/04/22 21:49:00 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2013/04/22 21:48:59 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2013/04/22 21:48:59 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2013/04/22 21:48:59 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2013/04/22 21:48:59 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2013/04/22 21:48:59 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2013/04/22 21:48:59 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2013/04/22 21:48:59 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2013/04/22 21:48:58 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2013/04/22 21:48:58 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2013/04/22 21:48:58 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2013/04/22 21:48:58 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2013/04/22 21:48:58 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2013/04/22 21:48:58 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2013/04/22 21:48:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2013/04/22 21:48:57 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2013/04/22 21:48:57 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2013/04/22 21:48:57 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2013/04/22 21:48:56 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2013/04/22 21:48:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2013/04/22 21:48:56 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2013/04/22 21:48:56 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2013/04/22 21:48:56 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2013/04/22 21:48:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2013/04/22 21:48:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2013/04/22 21:48:55 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2013/04/22 21:48:55 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2013/04/22 21:48:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2013/04/22 21:48:55 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2013/04/22 21:48:55 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2013/04/22 21:48:55 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2013/04/22 21:48:54 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2013/04/22 21:48:54 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2013/04/22 21:48:54 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2013/04/22 21:48:54 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2013/04/22 21:48:54 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2013/04/22 21:48:54 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2013/04/22 21:48:54 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2013/04/22 21:48:54 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2013/04/22 21:48:54 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2013/04/22 21:48:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2013/04/22 21:48:53 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2013/04/22 21:48:53 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2013/04/22 21:48:52 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2013/04/22 21:45:19 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2013/04/22 21:45:19 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2013/04/22 21:45:19 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2013/04/22 21:45:18 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2013/04/22 21:45:18 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2013/04/22 21:45:18 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2013/04/22 21:45:18 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2013/04/22 21:45:18 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2013/04/22 21:45:18 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2013/04/22 21:45:18 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2013/04/22 21:45:18 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2013/04/22 21:45:18 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2013/04/22 21:45:18 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2013/04/22 21:45:18 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2013/04/22 21:45:18 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2013/04/22 21:45:18 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2013/04/22 21:45:18 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2013/04/22 21:45:17 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2013/04/22 21:45:17 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2013/04/22 21:45:17 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2013/04/22 21:45:17 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2013/04/22 21:45:17 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2013/04/22 21:45:17 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2013/04/22 21:45:17 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2013/04/22 21:45:17 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2013/04/22 21:45:17 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2013/04/22 21:45:17 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2013/04/22 21:45:17 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2013/04/22 21:45:17 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2013/04/22 21:45:17 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2013/04/22 21:45:17 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2013/04/22 21:45:17 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2013/04/22 21:45:17 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2013/04/22 21:45:17 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2013/04/22 21:45:16 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2013/04/22 21:45:16 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2013/04/22 21:45:15 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2013/04/22 21:45:15 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2013/04/22 21:45:15 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2013/04/22 21:45:15 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2013/04/22 21:45:15 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2013/04/22 21:45:15 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2013/04/22 21:45:15 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2013/04/22 21:45:14 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2013/04/22 21:45:14 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2013/04/22 21:45:14 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2013/04/22 21:45:14 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2013/04/22 21:45:14 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2013/04/22 21:45:14 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2013/04/22 21:45:14 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2013/04/22 21:45:13 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2013/04/22 21:45:13 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2013/04/22 21:45:13 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2013/04/22 21:45:13 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2013/04/22 21:45:13 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2013/04/22 21:45:13 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2013/04/22 21:45:13 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2013/04/22 21:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\AOL Saved PFC
[2013/04/18 22:44:31 | 000,000,000 | ---D | C] -- C:\ERDNT
[2013/04/18 22:43:07 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/04/18 22:43:06 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/04/18 22:42:56 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/04/18 22:42:55 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/04/18 22:42:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/04/18 13:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2006/03/31 05:01:16 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis.exe

========== Files - Modified Within 30 Days ==========

[2013/05/12 01:05:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/12 00:52:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/11 20:05:31 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/11 20:05:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/11 20:05:19 | 1062,776,832 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/10 08:57:55 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/05/08 23:19:04 | 000,628,743 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2013/05/08 23:04:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2013/05/08 23:03:25 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2013/05/06 15:07:15 | 000,021,007 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\swisstoolebay.JPG
[2013/05/06 14:57:21 | 000,949,010 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\andjinar5.JPG
[2013/05/06 14:55:06 | 000,871,593 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\swisstool4.JPG
[2013/05/06 14:52:37 | 000,861,764 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\andjinar1.JPG
[2013/05/06 14:51:42 | 000,956,113 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\girlmost3.JPG
[2013/05/06 14:51:04 | 000,953,760 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\girlmost2.JPG
[2013/05/06 14:50:34 | 000,974,113 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\girlmost1.JPG
[2013/05/05 03:40:04 | 000,951,439 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\andjinar2.JPG
[2013/05/05 03:37:38 | 000,936,497 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\andjinar3.JPG
[2013/05/05 03:37:26 | 001,009,711 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\andjinar4.JPG
[2013/05/05 03:18:48 | 001,020,127 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\swisstool3a.JPG
[2013/05/04 21:08:31 | 000,011,772 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130504_210829.reg
[2013/05/04 04:37:50 | 000,957,546 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\swisstool3.JPG
[2013/05/04 04:35:58 | 000,954,305 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\swisstool2.JPG
[2013/05/04 04:33:52 | 000,916,743 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\swisstool5.JPG
[2013/05/04 04:33:44 | 001,029,861 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\swisstool1.JPG
[2013/04/27 17:58:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/04/26 12:06:21 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/04/26 12:06:21 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/04/26 08:07:05 | 000,476,182 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/26 08:07:05 | 000,085,324 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/25 23:39:32 | 000,000,199 | RHS- | M] () -- C:\boot.ini
[2013/04/25 22:56:14 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to avg_remover_stf_x86_2013_2706.lnk
[2013/04/25 22:43:20 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/04/25 22:43:19 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/25 09:30:30 | 000,001,308 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130425_093026.reg
[2013/04/25 08:57:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/25 00:59:18 | 000,023,628 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130425_005915.reg
[2013/04/25 00:22:44 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/24 09:28:53 | 000,208,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/24 08:05:42 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/04/23 23:34:32 | 000,061,356 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130423_233429.reg
[2013/04/23 21:52:31 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/04/22 21:16:17 | 000,000,004 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2013/04/21 02:37:56 | 001,087,848 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pigphb4.JPG
[2013/04/21 02:37:48 | 001,023,643 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pigphb5.JPG
[2013/04/21 02:37:38 | 001,003,329 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pigphb3.JPG
[2013/04/21 02:37:30 | 001,021,405 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pigphb2.JPG
[2013/04/21 02:37:20 | 001,013,235 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pigphb1.JPG
[2013/04/21 02:33:56 | 001,041,729 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\monopoly3.JPG
[2013/04/21 02:33:06 | 000,982,238 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\monopoly2.JPG
[2013/04/21 02:32:52 | 000,993,170 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\monopoly1.JPG
[2013/04/18 22:44:07 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/04/18 22:42:34 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/04/18 22:42:31 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/04/18 22:42:31 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/04/18 22:42:31 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/04/18 22:42:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/04/18 22:42:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/04/18 22:42:31 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/04/18 14:29:41 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2013/04/12 06:56:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2013/05/08 23:19:00 | 000,628,743 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2013/05/08 23:04:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2013/05/06 15:07:13 | 000,021,007 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\swisstoolebay.JPG
[2013/05/06 14:58:08 | 000,956,113 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\girlmost3.JPG
[2013/05/06 14:58:05 | 000,953,760 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\girlmost2.JPG
[2013/05/06 14:58:00 | 000,974,113 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\girlmost1.JPG
[2013/05/06 14:57:57 | 000,951,439 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\andjinar2.JPG
[2013/05/06 14:57:53 | 000,949,010 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\andjinar5.JPG
[2013/05/06 14:57:49 | 000,936,497 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\andjinar3.JPG
[2013/05/06 14:57:46 | 001,009,711 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\andjinar4.JPG
[2013/05/06 14:57:42 | 000,861,764 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\andjinar1.JPG
[2013/05/06 14:55:39 | 001,020,127 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\swisstool3a.JPG
[2013/05/06 14:55:35 | 000,954,305 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\swisstool2.JPG
[2013/05/06 14:55:31 | 000,957,546 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\swisstool3.JPG
[2013/05/06 14:55:27 | 000,916,743 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\swisstool5.JPG
[2013/05/06 14:55:23 | 000,871,593 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\swisstool4.JPG
[2013/05/06 14:55:19 | 001,029,861 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\swisstool1.JPG
[2013/05/04 21:08:30 | 000,011,772 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130504_210829.reg
[2013/05/02 14:35:22 | 1062,776,832 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/27 13:52:56 | 001,111,232 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\redtongue3.JPG
[2013/04/27 13:52:34 | 001,140,781 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bonjovi3.JPG
[2013/04/27 13:52:30 | 001,059,557 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bonjovi2.JPG
[2013/04/27 13:52:27 | 001,103,208 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bonjovi1.JPG
[2013/04/25 22:56:14 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to avg_remover_stf_x86_2013_2706.lnk
[2013/04/25 09:30:29 | 000,001,308 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130425_093026.reg
[2013/04/25 08:57:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/25 00:59:17 | 000,023,628 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130425_005915.reg
[2013/04/24 12:52:29 | 001,087,848 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pigphb4.JPG
[2013/04/24 12:52:26 | 001,023,643 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pigphb5.JPG
[2013/04/24 12:52:23 | 001,003,329 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pigphb3.JPG
[2013/04/24 12:52:20 | 001,021,405 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pigphb2.JPG
[2013/04/24 12:52:17 | 001,013,235 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pigphb1.JPG
[2013/04/24 12:50:49 | 001,041,729 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\monopoly3.JPG
[2013/04/24 12:50:46 | 000,982,238 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\monopoly2.JPG
[2013/04/24 12:50:43 | 000,993,170 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\monopoly1.JPG
[2013/04/24 12:49:52 | 000,881,867 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\10kruby4.JPG
[2013/04/24 12:49:48 | 000,831,918 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\10kruby3.JPG
[2013/04/24 12:49:45 | 000,873,928 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\10kruby2.JPG
[2013/04/24 12:49:41 | 000,859,448 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\10kruby1a.JPG
[2013/04/24 12:49:37 | 000,861,711 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\10kruby1.JPG
[2013/04/23 23:53:24 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/04/23 23:34:30 | 000,061,356 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130423_233429.reg
[2013/04/23 22:14:05 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/04/23 22:02:22 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/23 11:15:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/04/23 11:15:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2013/04/22 21:45:16 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2013/04/22 21:14:46 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/08/23 12:55:01 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/12/27 20:30:36 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\048BF8
[2008/12/27 20:30:35 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mcs.rma
[2008/09/11 21:24:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\ipconfig
[2006/06/04 22:54:12 | 000,810,283 | ---- | C] () -- C:\Program Files\DSC00235.JPG
[2006/01/11 17:03:56 | 000,003,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/28 10:45:10 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/27 22:06:02 | 000,004,628 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat

========== ZeroAccess Check ==========

[2005/12/22 11:01:21 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2005/12/22 11:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.DEBEVE\Application Data\SampleView
[2013/05/05 08:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG April 2013 Campaign
[2013/01/21 09:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/04/25 18:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/12/19 22:19:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/03/12 06:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2008/06/24 21:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2007/09/19 17:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2013/05/11 17:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/03/31 22:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2013/04/16 23:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/12/22 11:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2013/01/11 10:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2009/12/08 22:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2013/04/25 18:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG2013
[2011/12/07 06:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Catalina Marketing Corp
[2009/06/01 23:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/06 00:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Grisoft
[2006/06/04 22:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/06/24 21:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2011/12/02 08:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2012/08/08 16:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2005/12/22 11:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010/07/06 18:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2012/12/19 22:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2007/06/14 18:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Walgreens

========== Purity Check ==========



========== Custom Scans ==========

< dir C:\424f00923a31bcda80e59a /c >
Volume in drive C has no label.
Volume Serial Number is 846C-0A55
Directory of C:\424F00923A31BCDA80E59A
04/25/2013 06:40 PM <DIR> .
04/25/2013 06:40 PM <DIR> ..
04/25/2013 06:40 PM <DIR> 1025
04/25/2013 06:40 PM <DIR> 1028
04/25/2013 06:40 PM <DIR> 1029
04/25/2013 06:40 PM <DIR> 1030
04/25/2013 06:40 PM <DIR> 1031
04/25/2013 06:40 PM <DIR> 1032
04/25/2013 06:40 PM <DIR> 1033
04/25/2013 06:40 PM <DIR> 1035
04/25/2013 06:40 PM <DIR> 1036
04/25/2013 06:40 PM <DIR> 1037
04/25/2013 06:40 PM <DIR> 1038
04/25/2013 06:40 PM <DIR> 1040
04/25/2013 06:40 PM <DIR> 1041
04/25/2013 06:40 PM <DIR> 1042
04/25/2013 06:40 PM <DIR> 1043
04/25/2013 06:40 PM <DIR> 1044
04/25/2013 06:40 PM <DIR> 1045
04/25/2013 06:40 PM <DIR> 1046
04/25/2013 06:40 PM <DIR> 1049
04/25/2013 06:40 PM <DIR> 1053
04/25/2013 06:40 PM <DIR> 1055
04/25/2013 06:40 PM <DIR> 2052
04/25/2013 06:40 PM <DIR> 2070
04/25/2013 06:40 PM <DIR> 3076
04/25/2013 06:40 PM <DIR> 3082
09/12/2012 10:36 PM 15,616 DHtmlHeader.html
09/12/2012 10:36 PM 7,306 header.bmp
09/12/2012 10:50 PM 322,664 HotFixInstaller.exe
09/12/2012 10:50 PM 14,549,504 NDP20SP2-KB2729450.msp
09/12/2012 10:36 PM 3,580 ParameterInfo.xml
09/12/2012 10:36 PM 110,348 watermark.bmp
6 File(s) 15,009,018 bytes
27 Dir(s) 213,330,513,920 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#26
godawgs
Posted 12 May 2013 - 09:29 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks. The network proxy setting came back in Firefox. And there is a scheduled scan task for Microsoft Security Essentials that we don't need since MSE is gone. We will remove the task with OTL and see if we can set FF to no proxy manually.
Then I want to check the hard disk and the system services.


Step-1.

Check FF Proxy Settings

  • Open Firefox
  • Click the down arrow on the Firefox tab in the upper left of the window and click Options. The Options page will open.
  • Click the Advanced tab.
  • Click the Network tab at the top of the window.
  • Next to Configure how Firefox connects to the internet, click the Settings tab.
  • Click the radio button beside No Proxy, then click the OK tab at the bottom of the page and click OK again to close the FF Options page.


    Step-2.

    Posted Image OTL Fix

    Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
    inside the quote box (except the word Quote) , right click and click Copy.

    :PROCESSES
    killallprocesses

    :COMMANDS
    [createrestorepoint]

    :OTL
    [2013/04/23 22:14:05 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
    [2013/04/23 22:02:22 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

    :COMMANDS
    [reboot]


    Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    2. Please re-open Posted Image on your desktop. To do that:
    • Vista and 7 users: Right click the icon and click Run as Administrator
    3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
    4. Click the Posted Image button.
    5. Let the program run unhindered.
    6. OTL may ask to reboot the machine. Please do so if asked.
    7. Click the Posted Image button.
    8. A report will open. Copy and Paste that report in your next reply.
    9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


    Step-3.

    Check Hard Disk For Errors:

    Please copy everything in the quote box below into notepad. To do this highlight all text, then right click and click Copy.

    @Echo Off
    cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
    del %0


    • Next, open Notepad, or click Start->Run and in the Open: box type notepad.exe and click OK.
    • Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
    • On the File menu, click Save
    • On the Save AS window that comes up, do the following:[list]
    • On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
    • At the bottom in the File Name: box type testhd.bat
    • In the Save as type: box, click the down arrow and click All Files(*.*)
    • Click Save
    This will put a new file on the Desktop named testhd.bat
    The file icon will look like this:
    Posted Image

    Close all open windows and any open Browsers.
  • Right click the testhd.bat file on the desktop and click Run As Administrator then OK any UAC prompts to run the file. A command window will open briefly, then close. This is quite normal.
  • When the command window has closed there will be a new file on the desktop named checkhd.txt
  • Copy and paste the contents of the checkhd.txt file in your next reply.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if changing the proxy setting in FF was successful.
2. The OTL fixes log
3. The checkhd.txt log
  • 0

#27
tuffstuff
Posted 12 May 2013 - 01:43 PM

tuffstuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
While I was at work I had my sister stay on the computer. She said it stayed on for a few hours, loaded quickly no problems. Then when she clicked on something, it got hung up, server not found didn't come up, but it wouldn't load. So when she hit restart, that hung up to and she had to shut it down. Now it is back up and working again. So it is intermittent.

I wanted to ask you since I uninstalled SP3, why it would be listed in my system properties still?

Will do the steps you have outlined now.
  • 0

#28
tuffstuff
Posted 12 May 2013 - 01:54 PM

tuffstuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
OTL Run Fix Log

========== PROCESSES ==========
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\WINDOWS\tasks\MpIdleTask.job moved successfully.
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 05122013_154800
  • 0

#29
tuffstuff
Posted 12 May 2013 - 02:02 PM

tuffstuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
The file testhdbat symbol on the desktop is a little different, it has one gear wheel. Also when I right click there is no run as administrator. Only open,edit, print, scan with AVG etc.

I am confused by [list]

After the good morning. It is now only staying on maybe two or three minutes.

Edited by tuffstuff, 12 May 2013 - 04:09 PM.

  • 0

#30
godawgs
Posted 12 May 2013 - 10:32 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

The file testhdbat symbol on the desktop is a little different, it has one gear wheel. Also when I right click there is no run as administrator. Only open,edit, print, scan with AVG etc

You're right. You have XP. Please delete the teshd.bat file on the desktop. I will post the instructions for XP. I don't know why SP3 remains in the system properties unless maybe the uninstall wasn't complete. I am researching.


Check Hard Disk For Errors:

Windows XP:

  • Click on Start >> Run..., then copy/paste the following command into the box and press OK:

    cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
  • A blank command window will open on your desktop, then close in a few minutes. This is normal.
  • A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP