1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

ActivityMonitor

Discussion in 'Virus & Other Malware Removal' started by Rubanski, Jan 16, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Rubanski

    Rubanski Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    7
    Hi Folks,

    For some reason this screen randomly pops up every day, it seems to knock off Windows Firewall and also wants my AVG to restart. I have a Toshiba Satellite A55 running XP Prof.

    [​IMG]

    I have looked around on various forums to see if this is dangerous or not; some say it is spyware, of the sort employers use to check every detail of their employees' activity?

    I always click on STOP Installation, but without fail it reappears, sometimes when there are no windows open.

    Is it dangerous / if so, any ideas how to get rid of it?

    Thanks for any help / suggestions!

    Rubanski
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,304
    Is this a company computer?
     
  3. Rubanski

    Rubanski Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    7
    Hi Cookiegal,
    No, its mine, had it for a while now, and actually just reformatted the whole thing recently.
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,304
    OK then. Please download DDS by sUBs to your desktop from the following location:

    http://download.bleepingcomputer.com/sUBs/dds.scr

    Double-click the dds.scr file to run the program.

    It will automatically run in silent mode and then you will see the following note:

    "Two logs shall be created n your Desktop".

    The logs will be named dds.txt and attach.txt.

    Wait until the logs appear and then copy and paste their contents in your post.


    Please download GMER from: http://www.gmer.net

    Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

    Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

    Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

    If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

    IAT/EAT
    Any drive letter other than the primary system drive (which is generally C).

    Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

    Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

    Open the ark.txt file and copy and paste the contents of the log here please.
     
  5. Rubanski

    Rubanski Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    7
    Hi Cookiegal,

    Here is the GMER result. I am having trouble getting the dds.scr scan to work, it seems to freeze, as you said, depite me having followed your instructions to the letter... I'll keep at it. Thanks again!


    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-18 23:37:29
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2060AT rev.0022 55.89GB
    Running: 47e93klw.exe; Driver: C:\DOCUME~1\Rubanski\LOCALS~1\Temp\uxtdqpoc.sys


    ---- System - GMER 2.0 ----

    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xEE14314A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xEE14321A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xEE142D7C]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0xEE142F6A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0xEE143000]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xEE142E32]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xEE142ECE]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xEE14309C]

    ---- Kernel code sections - GMER 2.0 ----

    ? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !

    ---- EOF - GMER 2.0 ----
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,304
    Please download OTL to your Desktop.
    • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under Custom Scans/Fixes type in Netsvcs
    • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
    • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy and paste the contents of both of these files here in your next reply.
     
  7. Rubanski

    Rubanski Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    7
    Hi Cookiegal,

    OK, here are the contents of the two files. Thanks again.

    OTL Extras logfile created on: 1/19/2013 8:59:27 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rubanski\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1006.80 Mb Total Physical Memory | 645.75 Mb Available Physical Memory | 64.14% Memory free
    2.37 Gb Paging File | 1.95 Gb Available in Paging File | 82.47% Paging File free
    Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.89 Gb Total Space | 17.38 Gb Free Space | 31.10% Space Free | Partition Type: NTFS

    Computer Name: BANSKI | User Name: Rubanski | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Documents and Settings\Rubanski\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Rubanski\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
    "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Azureus Software, Inc)
    "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
    "{5380063E-2909-4d72-BFA3-625881F2E78B}" = Intel(R) PROSet for Wireless
    "{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype&#8482; 3.8
    "{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013
    "{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
    "{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
    "{6A462C3E-955D-FFE1-ED19-268969DEBBBE}" = Jacquie Lawson Alpine Advent Calendar
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{731E713B-C13E-4527-B624-8A6DF2D33DAF}" = AVG 2013
    "{761E061F-FB8E-BBB4-69A4-B1DEF3640DB7}" = Zinio Reader 4
    "{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
    "{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for Toshiba
    "{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
    "{9AC200C3-A4C8-401C-A5A8-202BE888B165}" = TOSHIBA Fax Extension
    "{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
    "{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}" = TOSHIBA Software Upgrades
    "{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
    "7-Zip" = 7-Zip 9.22beta
    "8461-7759-5462-8226" = Vuze
    "Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon Kindle" = Amazon Kindle
    "AVG" = AVG 2013
    "CCleaner" = CCleaner
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.dmp.contentviewer" = Adobe Content Viewer
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
    "JLAdventCalendarAlpine2012" = Jacquie Lawson Alpine Advent Calendar
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox 18.0 (x86 en-GB)" = Mozilla Firefox 18.0 (x86 en-GB)
    "Mozilla Thunderbird 18.0 (x86 en-US)" = Mozilla Thunderbird 18.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Notebook_Maximizer" = Notebook Maximizer
    "PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
    "Power Saver" = TOSHIBA Power Saver
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "QuickTime" = QuickTime
    "RealPlayer 6.0" = RealPlayer Basic
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "TFNF5" = TOSHIBA Hotkey Utility for Display Devices
    "TOSHIBA Access" = TOSHIBA Access
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
    "TOSHIBA Utilities" = TOSHIBA Utilities
    "TouchED" = TOSHIBA TouchPad On/Off Utility V2.05.00
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VLC media player" = VLC media player 2.0.5
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/16/2013 1:37:53 PM | Computer Name = BANSKI | Source = MsiInstaller | ID = 10005
    Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error
    27046. CA_Error27046: DriverInstallationFun(0xC007022F): Driver installation failed

    Error - 1/16/2013 1:37:53 PM | Computer Name = BANSKI | Source = MsiInstaller | ID = 10005
    Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error
    27046. CA_Error27046: DriverInstallation(0xC007022F): Driver installation failed

    Error - 1/17/2013 5:39:47 AM | Computer Name = BANSKI | Source = MsiInstaller | ID = 10005
    Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error
    27046. CA_Error27046: DriverInstallationFun(0xC007022F): Driver installation failed

    Error - 1/17/2013 5:39:47 AM | Computer Name = BANSKI | Source = MsiInstaller | ID = 10005
    Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error
    27046. CA_Error27046: DriverInstallation(0xC007022F): Driver installation failed

    Error - 1/17/2013 7:19:37 AM | Computer Name = BANSKI | Source = MsiInstaller | ID = 10005
    Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error
    27046. CA_Error27046: DriverInstallationFun(0xC007022F): Driver installation failed

    Error - 1/17/2013 7:19:37 AM | Computer Name = BANSKI | Source = MsiInstaller | ID = 10005
    Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error
    27046. CA_Error27046: DriverInstallation(0xC007022F): Driver installation failed

    Error - 1/17/2013 11:15:46 AM | Computer Name = BANSKI | Source = MsiInstaller | ID = 10005
    Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error
    27046. CA_Error27046: DriverInstallationFun(0xC007022F): Driver installation failed

    Error - 1/17/2013 11:15:46 AM | Computer Name = BANSKI | Source = MsiInstaller | ID = 10005
    Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error
    27046. CA_Error27046: DriverInstallation(0xC007022F): Driver installation failed

    Error - 1/17/2013 3:45:24 PM | Computer Name = BANSKI | Source = MsiInstaller | ID = 10005
    Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error
    27046. CA_Error27046: DriverInstallationFun(0xC007022F): Driver installation failed

    Error - 1/17/2013 3:45:24 PM | Computer Name = BANSKI | Source = MsiInstaller | ID = 10005
    Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error
    27046. CA_Error27046: DriverInstallation(0xC007022F): Driver installation failed

    [ System Events ]
    Error - 1/18/2013 6:31:29 PM | Computer Name = BANSKI | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 1/18/2013 6:31:33 PM | Computer Name = BANSKI | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 1/18/2013 6:31:37 PM | Computer Name = BANSKI | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 1/18/2013 6:31:39 PM | Computer Name = BANSKI | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 1/18/2013 6:31:39 PM | Computer Name = BANSKI | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 1/18/2013 6:31:55 PM | Computer Name = BANSKI | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 1/19/2013 3:39:12 AM | Computer Name = BANSKI | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000001'
    while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
    the volume.

    Error - 1/19/2013 3:40:25 AM | Computer Name = BANSKI | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 1/19/2013 3:40:25 AM | Computer Name = BANSKI | Source = Service Control Manager | ID = 7000
    Description = The mrtRate service failed to start due to the following error: %%2

    Error - 1/19/2013 3:40:26 AM | Computer Name = BANSKI | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5


    < End of report >





    and the next one




    OTL logfile created on: 1/19/2013 8:59:27 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rubanski\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1006.80 Mb Total Physical Memory | 645.75 Mb Available Physical Memory | 64.14% Memory free
    2.37 Gb Paging File | 1.95 Gb Available in Paging File | 82.47% Paging File free
    Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.89 Gb Total Space | 17.38 Gb Free Space | 31.10% Space Free | Partition Type: NTFS

    Computer Name: BANSKI | User Name: Rubanski | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/19 08:56:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rubanski\Desktop\OTL.exe
    PRC - [2013/01/04 23:29:06 | 028,539,232 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Rubanski\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
    PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
    PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
    PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
    PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    PRC - [2012/10/02 15:52:20 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    PRC - [2008/04/14 13:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/10/22 22:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    PRC - [2004/03/05 00:41:08 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2004/03/03 23:48:58 | 000,102,400 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    PRC - [2004/03/03 20:57:36 | 000,278,528 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
    PRC - [2004/03/03 20:57:12 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
    PRC - [2004/03/02 21:45:28 | 000,135,168 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    PRC - [2004/02/25 22:12:58 | 000,258,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
    PRC - [2004/02/03 22:47:06 | 001,089,589 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    PRC - [2003/12/17 00:47:42 | 000,376,832 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
    PRC - [2003/12/17 00:43:06 | 000,184,320 | ---- | M] (Intel) -- C:\WINDOWS\system32\1XConfig.exe
    PRC - [2003/12/17 00:42:32 | 000,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
    PRC - [2003/12/17 00:41:40 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
    PRC - [2003/12/05 23:44:40 | 000,892,928 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2003/12/02 22:15:46 | 000,073,728 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
    PRC - [2003/10/21 18:26:14 | 000,053,248 | ---- | M] () -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
    PRC - [2003/10/20 16:39:26 | 000,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\Toshiba\Ivp\ISM\pinger.exe
    PRC - [2003/09/05 11:24:46 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    PRC - [2003/08/04 00:01:14 | 000,086,073 | ---- | M] (SigmaTel Inc.) -- C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    PRC - [2003/05/23 21:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
    PRC - [2003/01/22 02:00:06 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.exe
    PRC - [2003/01/03 00:16:00 | 000,172,032 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


    ========== Modules (No Company Name) ==========

    MOD - [2003/10/21 18:26:14 | 000,053,248 | ---- | M] () -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
    MOD - [2003/04/17 20:35:00 | 000,651,264 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll
    MOD - [2003/04/17 20:35:00 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\ssleay32.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (Vhcpedxn)
    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2013/01/11 12:13:04 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/09 22:27:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/10/02 15:52:20 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2004/03/05 00:41:08 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
    SRV - [2003/12/17 00:42:32 | 000,311,363 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
    SRV - [2003/12/17 00:41:40 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
    SRV - [2003/10/21 18:26:14 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe -- (Swupdtmr)
    SRV - [2003/05/23 21:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (mrtRate)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2012/10/05 03:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2012/10/02 02:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/09/26 07:39:41 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X)
    DRV - [2012/09/21 02:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/09/21 02:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
    DRV - [2012/09/21 02:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2012/09/14 02:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2009/11/11 13:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
    DRV - [2004/04/21 15:39:28 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2004/04/19 00:45:08 | 000,380,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2004/01/27 03:03:20 | 000,033,847 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wA301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
    DRV - [2004/01/02 11:52:34 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51)
    DRV - [2003/12/11 01:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2003/10/24 21:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
    DRV - [2003/10/23 04:15:02 | 000,067,024 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2003/10/23 04:15:02 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2003/09/15 18:20:18 | 000,011,258 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2003/08/07 23:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
    DRV - [2003/07/18 01:19:32 | 000,230,416 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
    DRV - [2003/06/11 16:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
    DRV - [2003/01/29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
    DRV - [2002/12/20 21:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2002/11/19 01:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
    DRV - [2002/10/01 17:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2002/04/07 03:50:56 | 000,019,607 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={F9CBBC15-A2A0-43A3-AD08-5B07053B9D02}&mid=22a239d002dc47d09c9ad14773d6ec88-1fba28204e2772184e4438c5b87a6eecd6c66fbf&lang=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013/01/19 08:40:38 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/11 12:13:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 18.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/04 14:50:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 18.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2012/10/01 20:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rubanski\Application Data\Mozilla\Extensions
    [2013/01/09 16:14:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rubanski\Application Data\Mozilla\Firefox\Profiles\odace8pe.default\extensions
    [2013/01/09 16:14:53 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Rubanski\Application Data\Mozilla\Firefox\Profiles\odace8pe.default\extensions\[email protected]
    [2013/01/11 12:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/01/11 12:13:08 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/11/29 10:43:49 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/11/29 10:43:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/11/29 10:43:49 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/11/29 10:43:49 | 000,001,379 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/11/29 10:43:49 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/11/29 10:43:49 | 000,001,334 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: AVG Secure Search (Enabled)
    CHR - default_search_provider: search_url = https://isearch.avg.com/search?cid={F9CBBC15-A2A0-43A3-AD08-5B07053B9D02}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
    CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
    CHR - homepage:
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Rubanski\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.10\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Rubanski\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.10\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Rubanski\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.10\pdf.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    CHR - Extension: Google Drive = C:\Documents and Settings\Rubanski\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Rubanski\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Rubanski\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Cuevana Stream = C:\Documents and Settings\Rubanski\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg\5.0_0\
    CHR - Extension: Zoho CRM = C:\Documents and Settings\Rubanski\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn\1.1.1_0\
    CHR - Extension: Cuevana Downloader = C:\Documents and Settings\Rubanski\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkdifojhfkciiheoonhdlfokajblkbe\1.24_0\
    CHR - Extension: Cuevana Downloader = C:\Documents and Settings\Rubanski\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkdifojhfkciiheoonhdlfokajblkbe\1.24_0\~
    CHR - Extension: Gmail = C:\Documents and Settings\Rubanski\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2011/01/27 14:00:57 | 000,001,211 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
    O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
    O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
    O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
    O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe (SigmaTel Inc.)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
    O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
    O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - Startup: C:\Documents and Settings\Rubanski\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Rubanski\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1349107530702 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BC300CF-D0F9-41E3-B251-69BE005CD670}: DhcpNameServer = 192.168.0.1 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O20 - Winlogon\Notify\Sebring: DllName - (c:\WINDOWS\System32\LgNotify.dll) - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/04/21 14:43:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/19 08:56:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rubanski\Desktop\OTL.exe
    [2013/01/18 23:28:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rubanski\Recent
    [2013/01/17 22:54:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rubanski\My Documents\My Videos
    [2013/01/17 22:54:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rubanski\Start Menu\Programs\Administrative Tools
    [2013/01/17 22:53:18 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Rubanski\Desktop\dds.scr
    [2013/01/15 13:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rubanski\Application Data\Malwarebytes
    [2013/01/15 13:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/15 13:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2013/01/15 13:51:19 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/01/15 13:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/01/15 10:45:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2013/01/15 09:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rubanski\Application Data\com.adobe.dmp.contentviewer
    [2013/01/11 12:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/01/09 22:27:10 | 016,369,160 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2013/01/09 21:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
    [2013/01/09 21:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2013/01/09 18:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rubanski\My Documents\PROGRAMS
    [2012/12/27 16:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rubanski\My Documents\My Kindle Content
    [2012/12/27 16:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rubanski\Start Menu\Programs\Amazon
    [2012/12/27 16:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rubanski\Local Settings\Application Data\Amazon
    [2012/12/27 16:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
    [2012/12/20 19:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
    [2012/12/20 19:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Skype
    [2012/12/20 19:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012/12/20 09:24:42 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
    [2012/12/20 09:24:42 | 000,017,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/19 08:56:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rubanski\Desktop\OTL.exe
    [2013/01/19 08:39:17 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
    [2013/01/19 08:38:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/01/19 08:38:47 | 1055,772,672 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/18 23:26:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/01/18 12:09:57 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2013/01/17 23:12:22 | 000,365,568 | ---- | M] () -- C:\Documents and Settings\Rubanski\Desktop\47e93klw.exe
    [2013/01/17 22:53:20 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Rubanski\Desktop\dds.scr
    [2013/01/17 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-BANSKI-Rubanski.job
    [2013/01/15 13:52:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/15 10:53:54 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2013/01/10 08:00:42 | 003,521,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/01/09 22:27:31 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/01/09 22:27:31 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/01/09 22:27:12 | 016,369,160 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2013/01/09 21:53:16 | 000,001,037 | ---- | M] () -- C:\Documents and Settings\Rubanski\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/01/09 21:49:26 | 000,001,027 | ---- | M] () -- C:\Documents and Settings\Rubanski\Desktop\Dropbox.lnk
    [2013/01/09 21:21:27 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Content Viewer.lnk
    [2013/01/06 06:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [2013/01/03 19:03:40 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Rubanski\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/12/27 16:52:31 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Rubanski\Desktop\Kindle.lnk
    [2012/12/22 22:12:55 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/17 23:12:17 | 000,365,568 | ---- | C] () -- C:\Documents and Settings\Rubanski\Desktop\47e93klw.exe
    [2013/01/15 13:52:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/09 22:03:38 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-BANSKI-Rubanski.job
    [2013/01/09 21:53:16 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\Rubanski\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/01/09 21:34:49 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe InDesign CS5.5.lnk
    [2013/01/09 21:29:07 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS5.1.lnk
    [2013/01/09 21:27:50 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Media Encoder CS5.5.lnk
    [2013/01/09 21:21:27 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Content Viewer.lnk
    [2013/01/09 21:21:27 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Content Viewer.lnk
    [2013/01/09 21:16:27 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
    [2013/01/09 21:15:49 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
    [2013/01/09 21:14:52 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
    [2012/12/27 16:52:31 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\Rubanski\Desktop\Kindle.lnk
    [2012/12/22 22:12:55 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
    [2012/12/22 22:12:46 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    [2012/12/20 19:40:47 | 000,002,257 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2012/12/03 18:41:39 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Rubanski\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/10/08 10:42:56 | 000,111,975 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
    [2012/10/08 10:42:56 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
    [2012/10/04 10:22:57 | 000,000,221 | ---- | C] () -- C:\WINDOWS\TEXTWARE.INI
    [2012/10/01 23:50:15 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
    [2012/10/01 23:50:14 | 000,000,368 | ---- | C] () -- C:\WINDOWS\intuprof.ini
    [2012/10/01 23:06:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2012/10/01 22:21:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/10/01 17:04:20 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2012/10/01 14:19:04 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI

    ========== ZeroAccess Check ==========

    [2004/04/21 14:53:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/14 13:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 13:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,304
    Have you used some sort of crack to obtain Adobe Photoshop or Creative Suite?
     
  9. Rubanski

    Rubanski Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    7
    Hi Cookiegal,
    Adobe Indesign was recently put on the machine, and I have since removed it, but the issue still crops up. Just a serial number was used and a modification made, in the host set up.

    As follows:

    127.0.0.1 localhost
    #
    #
    127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
    127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
    127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
    127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
    #
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,304
    Yes but from what I can tell those entries are to avoid activating the product.

    In any event, if you've uninstalled it, we can remove those entries.

    To reset the hosts file please click on the FixIt button in this Microsoft article:

    http://support.microsoft.com/kb/972034

    Once you've done that, please do the following:

    Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  11. Rubanski

    Rubanski Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    7
    Hi Cookiegal,
    OK, I got so far with the Combofix process, upto the bit where it says "Scan time for badly infected machines may double". then the scan started, but the computer froze up. I tried again but the same thing happened.....
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,304
    Try running ComboFix in Safe Mode please.
     
  13. Rubanski

    Rubanski Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    7
    Hi Cookiegal,

    I ended up reformatting the hard drive and restoring the factory settings, all is now working well again. Thanks a lot for all you time and knowledge all the same, I do appreciate it!!
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,304
    OK. Thanks for letting me know. :)
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085561

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice