1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Slow Browser / Erratic Flash Player

Discussion in 'Virus & Other Malware Removal' started by Techzip22, Sep 6, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Techzip22

    Techzip22 Thread Starter

    Joined:
    Feb 15, 2010
    Messages:
    56
    I am having a LOT of trouble with my browsers opening very slowly and very delayed response.

    I also am having difficulty in using IM and Chat functions on various sites as the text is extremely slow to appear on the screen in response to my typing. I have tried downloading the newest and updated versions of Adobe Flash Player but when I attempt to run or execute the downloaded update, it gets deleted.

    Not sure if I have malware/spyware or software/hardware issues? I also need some assistance in uploading the Attach.txt.file as an attachment here. Any help is appreciated and thanks in advance!


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Intel(R) Atom(TM) CPU Z520 @ 1.33GHz, x86 Family 6 Model 28 Stepping 2
    Processor Count: 2
    RAM: 1014 Mb
    Graphics Card: Intel(R) Graphics Media Accelerator 500, 8 Mb
    Hard Drives: C: Total - 152617 MB, Free - 138660 MB;
    Motherboard: Dell Inc., 0R990K
    Antivirus: AVG Anti-Virus Free Edition 2012, Updated: Yes, On-Demand Scanner: Enabled

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:24:23 PM, on 9/6/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\AVG\AVG2012\avgidsagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\PersistenceThread.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly (User 'Default user')
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 9350 bytes


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Owner at 20:30:38 on 2012-09-06
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.233 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\AVG\AVG2012\avgidsagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\PersistenceThread.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    mDefault_Page_URL = hxxp://www.yahoo.com/
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    mURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [SanDiskSecureAccess_Manager.exe] c:\documents and settings\owner\application data\sandisk\SanDiskSecureAccess_Manager.exe
    mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [PersistenceThread] c:\windows\system32\PersistenceThread.exe
    mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [IJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
    dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
    TCP: Interfaces\{EF54FCB5-4CFE-48DA-8835-4A2349296318} : DhcpNameServer = 192.168.1.1 71.252.0.12
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\gjrvslbi.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-3-13 64512]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 235216]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 301248]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152720]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-7 24652]
    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-19 935008]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-6-15 135936]
    R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [2009-6-15 5088416]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-6-15 110080]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
    R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-6-15 157696]
    S0 cerc6;cerc6; [x]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-21 167264]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-5 113120]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-30 01:36:40 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
    2012-08-30 01:36:40 21504 ----a-w- c:\windows\system32\hidserv.dll
    2012-08-30 01:36:33 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
    2012-08-30 01:36:33 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2012-08-27 03:23:51 -------- d-----w- c:\documents and settings\owner\application data\SanDisk SecureAccess
    .
    ==================== Find3M ====================
    .
    2012-08-16 22:31:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-16 22:31:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
    2009-07-25 22:07:13 77976864 ----a-w- c:\program files\iTunesSetup.exe
    .
    ============= FINISH: 20:32:06.18 ===============


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-06 23:09:17
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVT-75ZCT2 rev.11.01A11
    Running: 0j7xvrdy.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\aweyipoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF760D87E]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xEC6E3004]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xEC6E30D4]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xEC6E2D76]
    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF760DBFE]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xEC6E2E1E]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xEC6E2EBA]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xEC6E2F56]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[3396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0116B52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3396] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0141B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3396] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 0141B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3396] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 0141B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----
     
  2. Techzip22

    Techzip22 Thread Starter

    Joined:
    Feb 15, 2010
    Messages:
    56
    Still needing some help here? Please?
     
  3. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    34,588
    Hiya


    Download Security Check from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.





    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.






    Download and scan with SUPERAntiSpyware Free Edition for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Home" button to leave the control center screen.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click Scan your computer.
    • On the left, select all fixed drives.
    • Click "Start Complete Scan" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "Continue".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "Remove Threats" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click View Scan Logs.
        [*]Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
        [*]If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
        [*]Please copy and paste the Scan Log results in your next reply.
      [*]Click Close to exit the program.


    Please include the MBAM log, SUPERAntiSpyware Scan Log and checkup.txt in your next reply

    eddie
     
  4. Techzip22

    Techzip22 Thread Starter

    Joined:
    Feb 15, 2010
    Messages:
    56
    Here you go Eddie. Thanks for your help!

    Results of screen317's Security Check version 0.99.50
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG 2012
    AVG2012 successfully updated!
    `````````Anti-malware/Other Utilities Check:`````````
    Ad-Aware
    SpywareBlaster 4.6
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.65.0.1400
    Adobe Flash Player 11.4.402.265
    Adobe Reader X (10.1.4)
    Mozilla Firefox (15.0.1)
    Google Chrome 21.0.1180.89
    ````````Process Check: objlist.exe by Laurent````````
    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 5%
    ````````````````````End of Log``````````````````````



    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.15.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: USER-4B9D1717EB [administrator]

    9/15/2012 5:30:52 PM
    mbam-log-2012-09-15 (17-30-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 202527
    Time elapsed: 29 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 09/15/2012 at 08:06 PM

    Application Version : 5.5.1016

    Core Rules Database Version : 9236
    Trace Rules Database Version: 7048

    Scan type : Complete Scan
    Total Scan Time : 01:31:51

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 491
    Memory threats detected : 0
    Registry items scanned : 32004
    Registry threats detected : 0
    File items scanned : 54278
    File threats detected : 32

    Adware.Tracking Cookie
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt [ /a1.interclick ]
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt [ /adcenter.maltshovelmedia ]
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt [ /ads.undertone ]
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt [ /ads.webkinz ]
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt [ /ar.atwola ]
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt [ /at.atwola ]
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt [ /atwola ]
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt [ /burstnet ]
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt [ /chitika ]
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt [ /collective-media ]
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt [ /dc.tremormedia ]
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt [ /eyewonder ]
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt [ /imrworldwide ]
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt [ /interclick ]
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt [ /media.mtvnservices ]
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt [ /media6degrees ]
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt [ /revsci ]
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt [ /richmedia.yahoo ]
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt [ /specificmedia ]
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt [ /windowsmedia ]
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt [ /www.burstbeacon ]
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt [ /www.burstnet ]
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt [ /www.countryinns ]
    C:\Documents and Settings\Owner\Cookies\C7S99J02.txt [ /ad.wsod.com ]
    C:\Documents and Settings\Owner\Cookies\FS53P0TB.txt [ /viewablemedia.net ]
    C:\Documents and Settings\Owner\Cookies\MK9JLW33.txt [ /yieldmanager.net ]
    C:\Documents and Settings\Owner\Cookies\2VXB8KVZ.txt [ /invitemedia.com ]
    C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\[email protected][8].txt [ Cookie:eek:[email protected]/foryourhome/myaccount/ ]
    C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\[email protected][5].txt [ Cookie:eek:[email protected]/media ]
    C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\[email protected][4].txt [ Cookie:eek:[email protected]/accounts/ ]
    C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\[email protected][9].txt [ Cookie:eek:[email protected]/vztracker/ ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GJRVSLBI.DEFAULT\COOKIES.SQLITE ]
     
  5. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    34,588
    Looking at the Security Check, Flash is showing as up-to-date:

    Adobe Flash Player 11.4.402.265

    Are you getting the Flash direct from Adobe's site?

    -------------------

    Can you run the following tools, and copy/paste the logs that they produce here. If its over a few posts, that's fine :)


    Please download the latest version of TDSSKiller from here and save it to your Desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
      [​IMG]
    • Put a checkmark beside loaded modules.
      [​IMG]
    • A reboot will be needed to apply the changes. Do it.
    • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    • Then click on Change parameters in TDSSKiller.
    • Check all boxes then click OK.
      [​IMG]
    • Click the Start Scan button.
      [​IMG]
    • The scan should take no longer than 2 minutes.
    • If a suspicious object is detected, the default action will be Skip, click on Continue.
      [​IMG]
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      [​IMG]
      Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


    --------------------------

    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan
    [​IMG]

    On completion of the scan click save log, save it to your desktop and post in your next reply
    [​IMG]

    -------------------------

    Delete any copies of Combofix that you have.

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    eddie
     
  6. Techzip22

    Techzip22 Thread Starter

    Joined:
    Feb 15, 2010
    Messages:
    56
    I could not get the Kaspersky link to execute at all when I clicked on it. Tried multiple times and continued getting the error message 404 Not Found nginx. I didn't proceed beyond this first instruction as I wasn't sure if the other instructions were dependent on the Kaspersky results?
     
  7. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    34,588
    It was good to ask, as I prefer people to ask questions etc rather than stumble in the dark :)

    ---

    Okay, leave the aswmbr and tdsskiller for now, but can you run Combofix as mentioned above and post the log, and also this (after Combofix has finished):

    Download OTL to your Desktop

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Select All Users
    • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

      Code:
      netsvcs
      activex
      msconfig
      %SYSTEMDRIVE%\*.
      %PROGRAMFILES%\*.exe
      %LOCALAPPDATA%\*.exe
      %windir%\Installer\*.*
      %windir%\system32\tasks\*.*
      %systemroot%\Fonts\*.exe
      %systemroot%\*. /mp /s
      /md5start
      consrv.dll
      explorer.exe
      winlogon.exe
      regedit.exe
      Userinit.exe
      svchost.exe
      /md5stop
      C:\Windows\assembly\tmp\U\*.* /s
      %Temp%\smtmp\1\*.*
      %Temp%\smtmp\2\*.*
      %Temp%\smtmp\3\*.*
      %Temp%\smtmp\4\*.*
      >C:\commands.txt echo list vol /raw /hide /c
      /wait
      >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
      /wait
      type c:\diskreport.txt /c
      /wait
      erase c:\commands.txt /hide /c
      /wait
      erase c:\diskreport.txt /hide /c
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
     
  8. Techzip22

    Techzip22 Thread Starter

    Joined:
    Feb 15, 2010
    Messages:
    56
    Ok Eddie. Still a couple of questions. I was unable to determine how to disable my malwarebytes free edition or my spywareblaster. Was able to perform the other requested downloads but haven't run anything yet until I see what you suggest on these 2 issues?
     
  9. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    34,588
    Its okay to run OTL with both MBAM free and spywareblaster enabled. I have blaster, and can run OTL just fine :)
     
  10. Techzip22

    Techzip22 Thread Starter

    Joined:
    Feb 15, 2010
    Messages:
    56
    ComboFix 12-09-18.07 - Owner 09/20/2012 20:38:20.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.208 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\username123.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\windows\system32\Cache
    c:\windows\system32\Cache\232da2cac9dfa7d2.fb
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\a200a00cd6fa15fc.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\e0de16f883bea794.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-21 to 2012-09-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-15 22:13 . 2012-09-15 22:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2012-09-15 22:09 . 2012-09-15 22:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2012-09-15 22:06 . 2012-09-15 22:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
    2012-09-15 22:06 . 2012-09-15 22:06 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
    2012-09-15 22:06 . 2012-09-15 22:23 -------- d-----w- c:\program files\Google
    2012-09-15 22:04 . 2012-09-15 22:06 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-09-15 22:04 . 2012-09-15 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2012-09-15 20:42 . 2012-09-15 20:42 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
    2012-08-30 01:36 . 2008-04-14 09:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
    2012-08-30 01:36 . 2008-04-14 09:41 21504 ----a-w- c:\windows\system32\hidserv.dll
    2012-08-30 01:36 . 2008-04-14 04:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
    2012-08-30 01:36 . 2008-04-14 04:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2012-08-27 03:23 . 2012-08-27 03:23 -------- d-----w- c:\documents and settings\Owner\Application Data\SanDisk SecureAccess
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-10 01:04 . 2012-04-03 00:04 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-10 01:04 . 2011-06-15 01:23 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-07 21:04 . 2010-02-16 00:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-24 19:43 . 2010-11-12 17:19 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2012-07-26 07:21 . 2010-12-08 08:12 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05 . 2009-06-15 12:13 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:49 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:49 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2009-07-25 22:07 . 2009-07-25 22:06 77976864 ----a-w- c:\program files\iTunesSetup.exe
    2012-09-15 20:42 . 2012-02-25 22:42 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-07-20 00:48 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-20 2074208]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "SanDiskSecureAccess_Manager.exe"="c:\documents and settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe" [2012-08-27 30705792]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
    "RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-24 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-24 354840]
    "PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2008-12-24 92696]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-20 1107552]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2012-06-03 663360]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 31952]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/13/2012 9:26 PM 64512]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 237408]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 301920]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 2:54 PM 116608]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/7/2009 11:40 PM 24652]
    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [7/19/2012 8:48 PM 935008]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [6/15/2009 8:31 AM 135936]
    R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [6/15/2009 9:22 AM 5088416]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [6/15/2009 9:22 AM 110080]
    R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [6/15/2009 8:55 AM 157696]
    S0 cerc6;cerc6; [x]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/15/2012 6:07 PM 136176]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152720]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 8:04 PM 250568]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [4/21/2011 7:39 PM 167264]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/15/2012 6:07 PM 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/5/2012 10:58 PM 114144]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 16:06]
    .
    2012-09-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 01:04]
    .
    2011-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-15 22:06]
    .
    2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-15 22:06]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\gjrvslbi.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    Notify-NavLogon - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-09-20 20:51
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2012-09-20 20:55:27
    ComboFix-quarantined-files.txt 2012-09-21 00:55
    .
    Pre-Run: 144,362,393,600 bytes free
    Post-Run: 146,516,459,520 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 2F9C1681E252C3BEA1D6C14F64A32C2D
     
  11. Techzip22

    Techzip22 Thread Starter

    Joined:
    Feb 15, 2010
    Messages:
    56
    OTL Extras logfile created on: 9/20/2012 9:05:44 PM - Run 1
    OTL by OldTimer - Version 3.2.64.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1014.20 Mb Total Physical Memory | 468.43 Mb Available Physical Memory | 46.19% Memory free
    2.38 Gb Paging File | 1.51 Gb Available in Paging File | 63.47% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 136.49 Gb Free Space | 91.58% Space Free | Partition Type: NTFS

    Computer Name: USER-4B9D1717EB | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1343024091-1275210071-1935655697-1003\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series" = Canon MX410 series MP Drivers
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
    "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
    "{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D10CB652-9332-4242-B7A9-2D61570144F7}" = Realtek Card Reader
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "AVG" = AVG 2012
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
    "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
    "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "Dell Webcam Central" = Dell Webcam Central
    "Google Chrome" = Google Chrome
    "ie8" = Windows Internet Explorer 8
    "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
    "LPCO" = Intel(R) Graphics Media Accelerator 500
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "SpywareBlaster_is1" = SpywareBlaster 4.6
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "WMFDist11" = Windows Media Format 11 runtime
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1343024091-1275210071-1935655697-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "@@[email protected]@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
    "Move Media Player" = Move Media Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/8/2012 5:43:25 PM | Computer Name = USER-4B9D1717EB | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4265

    Error - 9/9/2012 8:55:55 PM | Computer Name = USER-4B9D1717EB | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 9/13/2012 8:42:06 PM | Computer Name = USER-4B9D1717EB | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 9/15/2012 4:46:18 PM | Computer Name = USER-4B9D1717EB | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/15/2012 4:46:29 PM | Computer Name = USER-4B9D1717EB | Source = Application Hang | ID = 1001
    Description = Fault bucket -1150946237.

    Error - 9/17/2012 7:20:24 PM | Computer Name = USER-4B9D1717EB | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 9/20/2012 8:09:48 PM | Computer Name = USER-4B9D1717EB | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 9/20/2012 8:10:00 PM | Computer Name = USER-4B9D1717EB | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 9/20/2012 8:18:33 PM | Computer Name = USER-4B9D1717EB | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/20/2012 8:19:04 PM | Computer Name = USER-4B9D1717EB | Source = Application Hang | ID = 1001
    Description = Fault bucket -1150946237.

    [ System Events ]
    Error - 7/20/2012 9:28:15 PM | Computer Name = USER-4B9D1717EB | Source = Service Control Manager | ID = 7034
    Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 7/24/2012 10:04:23 PM | Computer Name = USER-4B9D1717EB | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 10.0.0.70 on the
    Network
    Card with network address 00225F79CCEE.

    Error - 8/20/2012 11:27:58 PM | Computer Name = USER-4B9D1717EB | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.102 for the Network Card with network
    address 00225F79CCEE has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/30/2012 7:10:29 PM | Computer Name = USER-4B9D1717EB | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.11 for the Network Card with network
    address 00225F79CCEE has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/30/2012 11:10:10 PM | Computer Name = USER-4B9D1717EB | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.10.134 for the Network Card with network
    address 00225F79CCEE has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/31/2012 6:29:43 PM | Computer Name = USER-4B9D1717EB | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.11 for the Network Card with network
    address 00225F79CCEE has been denied by the DHCP server 172.17.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 9/6/2012 8:42:56 PM | Computer Name = USER-4B9D1717EB | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 9/15/2012 8:26:40 PM | Computer Name = USER-4B9D1717EB | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000001'
    while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
    the volume.

    Error - 9/20/2012 8:07:04 PM | Computer Name = USER-4B9D1717EB | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000001'
    while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
    the volume.

    Error - 9/20/2012 8:37:49 PM | Computer Name = USER-4B9D1717EB | Source = Service Control Manager | ID = 7034
    Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
    It has done this 1 time(s).


    < End of report >
     
  12. Techzip22

    Techzip22 Thread Starter

    Joined:
    Feb 15, 2010
    Messages:
    56
    OTL Extras logfile created on: 9/20/2012 9:05:44 PM - Run 1
    OTL by OldTimer - Version 3.2.64.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1014.20 Mb Total Physical Memory | 468.43 Mb Available Physical Memory | 46.19% Memory free
    2.38 Gb Paging File | 1.51 Gb Available in Paging File | 63.47% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 136.49 Gb Free Space | 91.58% Space Free | Partition Type: NTFS

    Computer Name: USER-4B9D1717EB | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1343024091-1275210071-1935655697-1003\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series" = Canon MX410 series MP Drivers
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
    "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
    "{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D10CB652-9332-4242-B7A9-2D61570144F7}" = Realtek Card Reader
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "AVG" = AVG 2012
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
    "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
    "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "Dell Webcam Central" = Dell Webcam Central
    "Google Chrome" = Google Chrome
    "ie8" = Windows Internet Explorer 8
    "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
    "LPCO" = Intel(R) Graphics Media Accelerator 500
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "SpywareBlaster_is1" = SpywareBlaster 4.6
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "WMFDist11" = Windows Media Format 11 runtime
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1343024091-1275210071-1935655697-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "@@[email protected]@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
    "Move Media Player" = Move Media Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/8/2012 5:43:25 PM | Computer Name = USER-4B9D1717EB | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4265

    Error - 9/9/2012 8:55:55 PM | Computer Name = USER-4B9D1717EB | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 9/13/2012 8:42:06 PM | Computer Name = USER-4B9D1717EB | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 9/15/2012 4:46:18 PM | Computer Name = USER-4B9D1717EB | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/15/2012 4:46:29 PM | Computer Name = USER-4B9D1717EB | Source = Application Hang | ID = 1001
    Description = Fault bucket -1150946237.

    Error - 9/17/2012 7:20:24 PM | Computer Name = USER-4B9D1717EB | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 9/20/2012 8:09:48 PM | Computer Name = USER-4B9D1717EB | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 9/20/2012 8:10:00 PM | Computer Name = USER-4B9D1717EB | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 9/20/2012 8:18:33 PM | Computer Name = USER-4B9D1717EB | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 15.0.1.4631, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/20/2012 8:19:04 PM | Computer Name = USER-4B9D1717EB | Source = Application Hang | ID = 1001
    Description = Fault bucket -1150946237.

    [ System Events ]
    Error - 7/20/2012 9:28:15 PM | Computer Name = USER-4B9D1717EB | Source = Service Control Manager | ID = 7034
    Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 7/24/2012 10:04:23 PM | Computer Name = USER-4B9D1717EB | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 10.0.0.70 on the
    Network
    Card with network address 00225F79CCEE.

    Error - 8/20/2012 11:27:58 PM | Computer Name = USER-4B9D1717EB | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.102 for the Network Card with network
    address 00225F79CCEE has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/30/2012 7:10:29 PM | Computer Name = USER-4B9D1717EB | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.11 for the Network Card with network
    address 00225F79CCEE has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/30/2012 11:10:10 PM | Computer Name = USER-4B9D1717EB | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.10.134 for the Network Card with network
    address 00225F79CCEE has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/31/2012 6:29:43 PM | Computer Name = USER-4B9D1717EB | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.11 for the Network Card with network
    address 00225F79CCEE has been denied by the DHCP server 172.17.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 9/6/2012 8:42:56 PM | Computer Name = USER-4B9D1717EB | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 9/15/2012 8:26:40 PM | Computer Name = USER-4B9D1717EB | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000001'
    while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
    the volume.

    Error - 9/20/2012 8:07:04 PM | Computer Name = USER-4B9D1717EB | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000001'
    while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
    the volume.

    Error - 9/20/2012 8:37:49 PM | Computer Name = USER-4B9D1717EB | Source = Service Control Manager | ID = 7034
    Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
    It has done this 1 time(s).


    < End of report >
     
  13. Techzip22

    Techzip22 Thread Starter

    Joined:
    Feb 15, 2010
    Messages:
    56
    Sorry Eddie, I think I posted the Extras.Txt log twice. This should be the OTL log.

    Also I think I resolved the Flash Player issue. It downloaded and installed properly from the Adobe site after I disabled my AVG antivirus.


    OTL logfile created on: 9/20/2012 9:05:44 PM - Run 1
    OTL by OldTimer - Version 3.2.64.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1014.20 Mb Total Physical Memory | 468.43 Mb Available Physical Memory | 46.19% Memory free
    2.38 Gb Paging File | 1.51 Gb Available in Paging File | 63.47% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 136.49 Gb Free Space | 91.58% Space Free | Partition Type: NTFS

    Computer Name: USER-4B9D1717EB | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/20 20:24:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2012/09/06 16:05:46 | 004,780,928 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2012/07/19 20:48:49 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    PRC - [2012/07/19 20:48:05 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2010/09/09 14:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    PRC - [2009/02/23 09:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    PRC - [2008/12/24 09:22:02 | 000,092,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\PersistenceThread.exe
    PRC - [2008/11/11 11:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/20 20:09:40 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    MOD - [2012/09/20 20:09:40 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
    MOD - [2012/09/15 18:16:28 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    MOD - [2012/09/15 18:15:39 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2012/07/19 20:48:57 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
    MOD - [2012/07/19 20:48:49 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    MOD - [2012/07/19 20:48:05 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2008/11/26 11:39:24 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
    MOD - [2008/11/26 11:39:16 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
    MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/09/15 16:42:44 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/09/09 21:04:41 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/07/19 20:48:49 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
    SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2012/06/02 23:40:06 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/11/10 09:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\username123\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
    DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2008/12/11 17:24:20 | 004,959,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2008/11/26 11:39:24 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2008/10/28 10:48:04 | 000,135,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV - [2008/09/25 21:51:42 | 000,115,328 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2008/08/26 18:57:14 | 000,157,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
    DRV - [2008/07/30 08:44:18 | 000,110,080 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003\..\SearchScopes,DefaultScope = {435DB65F-DBB8-4616-9457-5946F74FBF89}
    IE - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003\..\SearchScopes\{435DB65F-DBB8-4616-9457-5946F74FBF89}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={E414414D-3607-41F2-9C56-02E512C32722}&mid=d8bf564a495947d6a84fd16b199d251d-9380c6562bbb23578a2c1057b5b75165dfbde5f3&lang=us&ds=AVG&pr=fr&d=2011-12-14 20:27:56&v=9.0.0.18&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003\..\SearchScopes\{D005214B-83E3-4A6F-AB03-F1CD030E7FBE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
    IE - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledAddons: [email protected]:7
    FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
    FF - prefs.js..extensions.enabledItems: [email protected]:7
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
    FF - prefs.js..extensions.enabledItems: [email protected]:7.007.026.001
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/15 17:08:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/09/01 20:52:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.12\ [2012/07/19 20:50:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/05 22:12:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/15 16:42:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/16 17:37:00 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Owner\Application Data\Move Networks [2009/11/07 20:19:43 | 000,000,000 | ---D | M]

    [2009/07/07 22:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2012/05/04 18:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gjrvslbi.default\extensions
    [2011/11/25 21:03:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2009/11/07 20:19:43 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOVE NETWORKS
    [2012/07/05 22:12:04 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
    [2012/09/15 16:42:46 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
    [2012/07/19 20:48:00 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/09/15 16:42:40 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/09/15 16:42:40 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071701000002.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - Extension: AVG Safe Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
    CHR - Extension: AVG Do Not Track = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

    O1 HOSTS File: ([2012/09/20 20:51:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
    O4 - HKLM..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O4 - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
    O4 - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O4 - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
    O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF54FCB5-4CFE-48DA-8835-4A2349296318}: DhcpNameServer = 192.168.1.1 71.252.0.12
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/15 08:19:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
    ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/20 20:55:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/09/20 20:35:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/09/20 20:33:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/09/20 20:33:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/09/20 20:33:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/09/20 20:33:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/09/20 20:32:58 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/20 20:32:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/09/20 20:24:33 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2012/09/19 21:40:13 | 004,752,754 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\username123.exe
    [2012/09/15 18:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
    [2012/09/15 18:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2012/09/15 18:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2012/09/15 18:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
    [2012/09/15 18:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    [2012/09/15 18:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2012/09/15 18:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2012/09/15 18:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/09/15 18:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2012/09/15 18:01:37 | 020,435,736 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    [2012/09/15 17:26:35 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/09/15 17:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    [2012/09/06 20:30:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
    [2012/09/06 20:30:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
    [2012/09/06 20:30:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
    [2012/09/06 20:23:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
    [2012/08/26 23:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SanDisk SecureAccess
    [2009/07/25 18:06:01 | 077,976,864 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/20 20:51:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/09/20 20:35:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/09/20 20:30:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/09/20 20:24:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2012/09/20 20:16:10 | 095,346,364 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012/09/20 20:09:21 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
    [2012/09/20 20:09:21 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
    [2012/09/20 20:07:20 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2012/09/20 20:06:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/20 20:06:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/09/19 22:39:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/19 21:40:35 | 004,752,754 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\username123.exe
    [2012/09/19 21:13:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/09/15 18:22:38 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2012/09/15 18:22:38 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/09/15 18:05:35 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/09/15 18:01:45 | 020,435,736 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    [2012/09/15 17:28:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/15 17:26:39 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/09/15 17:09:00 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
    [2012/09/15 16:50:45 | 000,854,156 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
    [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/09/06 20:37:57 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\0j7xvrdy.exe
    [2012/09/06 20:30:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
    [2012/09/06 20:23:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
    [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/20 20:35:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/09/20 20:35:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/09/20 20:33:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/09/20 20:33:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/09/20 20:33:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/09/20 20:33:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/09/20 20:33:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/09/15 18:22:38 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2012/09/15 18:22:38 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/09/15 18:08:26 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/15 18:08:25 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/15 18:05:35 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/09/15 17:28:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/15 16:50:44 | 000,854,156 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
    [2012/09/06 20:37:57 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\0j7xvrdy.exe
    [2012/07/25 22:49:18 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\.backup.dm
    [2012/07/05 23:14:31 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/03/16 21:31:51 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2012/03/16 21:31:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2012/02/16 22:17:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/04/25 21:16:30 | 000,029,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/07/07 21:21:47 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat

    ========== ZeroAccess Check ==========


    ========== LOP Check ==========

    [2009/07/07 23:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
    [2012/07/19 20:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    [2011/08/20 19:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2012/06/02 23:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2012/05/04 19:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
    [2012/05/04 19:26:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2012/05/04 19:29:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
    [2011/03/25 21:44:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2012/09/20 20:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2009/07/07 23:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/08/22 17:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/07/25 18:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/12/24 15:06:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    [2011/12/15 18:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG Secure Search
    [2011/03/25 21:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
    [2012/06/02 22:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG2012
    [2012/09/19 21:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk
    [2012/08/26 23:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk SecureAccess
    [2009/07/07 21:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*. >
    [2012/06/02 22:47:15 | 000,000,000 | ---D | M] -- C:\$AVG
    [2012/09/20 20:35:53 | 000,000,000 | RHSD | M] -- C:\cmdcons
    [2012/09/19 21:20:13 | 000,000,000 | ---D | M] -- C:\Config.Msi
    [2012/07/05 23:14:27 | 000,000,000 | ---D | M] -- C:\DELL
    [2009/06/15 08:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings
    [2012/09/19 21:35:40 | 000,000,000 | R--D | M] -- C:\Program Files
    [2012/09/20 20:55:36 | 000,000,000 | ---D | M] -- C:\Qoobox
    [2009/06/15 08:28:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
    [2012/09/20 20:55:33 | 000,000,000 | ---D | M] -- C:\WINDOWS

    < %PROGRAMFILES%\*.exe >
    [2009/07/25 18:07:13 | 077,976,864 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
    Invalid Environment Variable: LOCALAPPDATA

    < %windir%\Installer\*.* >
    [2012/09/15 17:09:21 | 005,174,272 | ---- | M] () -- C:\WINDOWS\Installer\116526.msi
    [2012/02/22 15:17:30 | 002,221,568 | R--- | M] () -- C:\WINDOWS\Installer\11aa6e2.msp
    [2011/09/06 20:05:12 | 000,028,160 | ---- | M] () -- C:\WINDOWS\Installer\124e5b.msi
    [2011/09/06 20:07:16 | 002,295,808 | ---- | M] () -- C:\WINDOWS\Installer\124e60.msi
    [2009/04/04 07:35:30 | 038,325,760 | R--- | M] () -- C:\WINDOWS\Installer\130658.msp
    [2008/08/11 11:49:32 | 022,457,344 | R--- | M] () -- C:\WINDOWS\Installer\130664.msp
    [2009/04/04 07:35:48 | 036,977,152 | R--- | M] () -- C:\WINDOWS\Installer\13066e.msp
    [2012/07/18 15:53:36 | 010,937,344 | R--- | M] () -- C:\WINDOWS\Installer\13a03e6.msp
    [2012/06/26 18:03:12 | 003,875,840 | R--- | M] () -- C:\WINDOWS\Installer\13a03f2.msp
    [2009/06/15 09:41:33 | 008,440,832 | ---- | M] () -- C:\WINDOWS\Installer\1425ac.msi
    [2009/06/15 09:48:05 | 000,360,448 | ---- | M] () -- C:\WINDOWS\Installer\1425b1.msi
    [2009/06/15 09:48:21 | 000,355,840 | ---- | M] () -- C:\WINDOWS\Installer\1425b6.msi
    [2012/09/19 21:39:18 | 000,022,016 | ---- | M] () -- C:\WINDOWS\Installer\17be14.msi
    [2011/07/27 07:39:50 | 009,892,352 | R--- | M] () -- C:\WINDOWS\Installer\18e9cc3.msp
    [2011/09/06 21:48:02 | 008,181,248 | R--- | M] () -- C:\WINDOWS\Installer\18e9ccf.msp
    [2011/08/10 17:42:04 | 007,070,208 | R--- | M] () -- C:\WINDOWS\Installer\18e9cd7.msp
    [2011/08/10 17:43:30 | 003,795,968 | R--- | M] () -- C:\WINDOWS\Installer\18e9cdf.msp
    [2011/09/03 16:30:04 | 000,467,456 | ---- | M] () -- C:\WINDOWS\Installer\1c0d6d.msi
    [2010/11/24 10:51:00 | 002,190,336 | R--- | M] () -- C:\WINDOWS\Installer\1c0d83.msp
    [2009/04/04 07:35:30 | 038,325,760 | R--- | M] () -- C:\WINDOWS\Installer\1c0d9f.msp
    [2011/09/03 16:32:18 | 000,470,528 | ---- | M] () -- C:\WINDOWS\Installer\1c0da5.msi
    [2008/08/11 11:49:32 | 022,457,344 | R--- | M] () -- C:\WINDOWS\Installer\1c0dac.msp
    [2009/04/04 07:35:48 | 036,977,152 | R--- | M] () -- C:\WINDOWS\Installer\1c0db6.msp
    [2011/09/03 16:33:59 | 000,223,744 | ---- | M] () -- C:\WINDOWS\Installer\1c0dbd.msi
    [2010/11/24 10:51:00 | 002,190,336 | R--- | M] () -- C:\WINDOWS\Installer\215d7.msp
    [2009/04/04 07:35:30 | 038,325,760 | ---- | M] () -- C:\WINDOWS\Installer\215d8.msp
    [2009/07/07 23:40:31 | 000,122,880 | ---- | M] () -- C:\WINDOWS\Installer\23fdd4.msi
    [2012/01/03 13:58:05 | 015,929,344 | R--- | M] () -- C:\WINDOWS\Installer\25345d.msp
    [2009/07/07 22:07:29 | 000,236,032 | ---- | M] () -- C:\WINDOWS\Installer\302276.msi
    [2011/04/29 12:30:12 | 001,197,056 | R--- | M] () -- C:\WINDOWS\Installer\3f813.msp
    [2010/11/20 23:33:46 | 001,980,928 | R--- | M] () -- C:\WINDOWS\Installer\3f81f.msp
    [2011/03/17 20:01:58 | 009,563,648 | R--- | M] () -- C:\WINDOWS\Installer\3f827.msp
    [2011/04/29 12:33:30 | 008,173,568 | R--- | M] () -- C:\WINDOWS\Installer\3f833.msp
    [2009/07/27 04:31:24 | 003,738,624 | R--- | M] () -- C:\WINDOWS\Installer\3f83b.msp
    [2010/08/13 18:02:20 | 002,545,664 | R--- | M] () -- C:\WINDOWS\Installer\3f847.msp
    [2011/04/29 12:28:40 | 001,995,264 | R--- | M] () -- C:\WINDOWS\Installer\3f84f.msp
    [2012/04/02 20:55:45 | 001,530,368 | ---- | M] () -- C:\WINDOWS\Installer\402905.msi
    [2012/04/02 20:58:00 | 001,718,784 | ---- | M] () -- C:\WINDOWS\Installer\402953.msi
    [2012/04/02 21:14:57 | 004,288,000 | ---- | M] () -- C:\WINDOWS\Installer\4034dc.msi
    [2012/09/19 21:19:46 | 002,208,768 | ---- | M] () -- C:\WINDOWS\Installer\484d2.msi
    [2012/04/04 09:32:41 | 016,613,376 | R--- | M] () -- C:\WINDOWS\Installer\486a4.msp
    [2009/06/15 08:29:03 | 000,264,704 | ---- | M] () -- C:\WINDOWS\Installer\49422.msi
    [2011/09/26 19:40:07 | 001,769,984 | ---- | M] () -- C:\WINDOWS\Installer\52fb79.msi
    [2011/08/27 19:16:18 | 020,333,056 | R--- | M] () -- C:\WINDOWS\Installer\666d5.msp
    [2012/04/28 21:43:58 | 008,459,264 | R--- | M] () -- C:\WINDOWS\Installer\6f7f5.msp
    [2012/04/04 22:38:16 | 003,620,864 | R--- | M] () -- C:\WINDOWS\Installer\6f7fd.msp
    [2012/04/04 22:38:44 | 002,831,360 | R--- | M] () -- C:\WINDOWS\Installer\6f809.msp
    [2011/09/05 18:01:26 | 013,135,872 | R--- | M] () -- C:\WINDOWS\Installer\a288825.msp
    [2011/03/25 21:41:28 | 000,219,648 | ---- | M] () -- C:\WINDOWS\Installer\b09f0.msi
    [2011/11/11 17:16:20 | 008,458,240 | R--- | M] () -- C:\WINDOWS\Installer\be3988.msp
    [2011/11/01 14:34:30 | 002,531,840 | R--- | M] () -- C:\WINDOWS\Installer\be3990.msp
    [2011/11/01 14:34:28 | 002,247,168 | R--- | M] () -- C:\WINDOWS\Installer\be399c.msp
    [2011/11/01 14:34:30 | 001,552,384 | R--- | M] () -- C:\WINDOWS\Installer\bfb79d.msp
    [2011/04/29 12:30:12 | 001,197,056 | R--- | M] () -- C:\WINDOWS\Installer\c5a02.msp
    [2010/11/20 23:33:46 | 001,980,928 | R--- | M] () -- C:\WINDOWS\Installer\c5a0e.msp
    [2011/03/17 20:01:58 | 009,563,648 | R--- | M] () -- C:\WINDOWS\Installer\c5a16.msp
    [2011/04/29 12:33:30 | 008,173,568 | R--- | M] () -- C:\WINDOWS\Installer\c5a22.msp
    [2009/07/27 04:31:24 | 003,738,624 | R--- | M] () -- C:\WINDOWS\Installer\c5a2a.msp
    [2010/08/13 18:02:20 | 002,545,664 | R--- | M] () -- C:\WINDOWS\Installer\c5a36.msp
    [2011/04/29 12:28:40 | 001,995,264 | R--- | M] () -- C:\WINDOWS\Installer\c5a3e.msp
    [2011/09/15 19:37:40 | 037,148,160 | R--- | M] () -- C:\WINDOWS\Installer\ccfec.msp
    [2011/09/15 19:37:32 | 038,176,256 | R--- | M] () -- C:\WINDOWS\Installer\cd005.msp
    [2009/06/15 08:50:45 | 008,691,712 | ---- | M] () -- C:\WINDOWS\Installer\d5633.msi
    [2012/03/13 21:26:16 | 006,976,512 | ---- | M] () -- C:\WINDOWS\Installer\de462.msi
    [2012/07/27 21:47:34 | 013,123,584 | R--- | M] () -- C:\WINDOWS\Installer\e0f87.msp
    [2011/10/30 21:22:07 | 002,002,432 | ---- | M] () -- C:\WINDOWS\Installer\f16c7.msi
    [2011/10/30 21:38:40 | 003,470,848 | ---- | M] () -- C:\WINDOWS\Installer\f21ca.msi
    [2011/10/30 21:42:00 | 009,474,048 | ---- | M] () -- C:\WINDOWS\Installer\f2499.msi
    [2010/08/22 16:52:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{85991ED2-010C-4930-96FA-52F43C2CE98A}.SchedServiceConfig.rmi
    [2011/10/30 21:24:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}.SchedServiceConfig.rmi
    [2011/09/26 19:39:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{C23CD6DA-1958-43A5-ADD0-59396572E02E}.SchedServiceConfig.rmi
    [2009/07/25 18:16:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}.SchedServiceConfig.rmi
    [2012/04/02 20:57:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}.SchedServiceConfig.rmi

    < %windir%\system32\tasks\*.* >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\*. /mp /s >

    < MD5 for: EXPLORER.EXE >
    [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
    [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

    < MD5 for: REGEDIT.EXE >
    [2008/04/14 08:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\erdnt\cache\regedit.exe
    [2008/04/14 08:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
    [2008/04/14 08:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\system32\dllcache\regedit.exe

    < MD5 for: SVCHOST.EXE >
    [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
    [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
    [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
    [2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
    [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
    [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
    [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
    [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    < C:\Windows\assembly\tmp\U\*.* /s >
    [2009/06/15 08:17:02 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
    [2009/06/15 08:28:30 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
    [2009/07/07 22:19:33 | 000,000,486 | ---- | C] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2011/08/28 12:17:38 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    [2012/04/02 20:04:26 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    [2012/09/15 18:08:25 | 000,000,880 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/15 18:08:26 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

    < %Temp%\smtmp\1\*.* >

    < %Temp%\smtmp\2\*.* >

    < %Temp%\smtmp\3\*.* >

    < %Temp%\smtmp\4\*.* >

    < type c:\diskreport.txt /c >
    Microsoft DiskPart version 5.1.3565
    Copyright (C) 1999-2003 Microsoft Corporation.
    On computer: USER-4B9D1717EB
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    Volume 0 C NTFS Partition 149 GB Healthy System

    < End of report >
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    34,588
    Good to hear (y)

    Also, there's not much sign of malware, but we'll clean up what we can, to make it smoother for you :)


    Can you uninstall this via either Start | Programs or AddRemove Programs in the Control Panel:

    Viewpoint Media Player

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
      :OTL
      PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
      SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
      SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
      DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
      DRV - File not found [Kernel | On_Demand | Unknown] -- C:\username123\mbr.sys -- (mbr)
      DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
      DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
      DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
      DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
      DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
      [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
      CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-21-1343024091-1275210071-1935655697-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
      ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
      ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
      [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [2009/07/07 23:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      :Files
      ipconfig /flushdns /c
      :Commands 
      [purity] 
      [resethosts] 
      [emptytemp] 
      [emptyjava]
      [EMPTYFLASH] 
      [CREATERESTOREPOINT] 
      [Reboot]
    • Then click the Run Fix button at the top
    • Click OK.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.
     
  15. Techzip22

    Techzip22 Thread Starter

    Joined:
    Feb 15, 2010
    Messages:
    56
    Glad to hear that there is not much malware...still wondering what is causing the browser openings to be so slow? It is taking almost 2 minutes or more for any of my browsers to open.

    Thanks Eddie!


    ========== OTL ==========
    No active process named ViewpointService.exe was found!
    Service AppMgmt stopped successfully!
    Service AppMgmt deleted successfully!
    File %SystemRoot%\System32\appmgmts.dll not found.
    Error: No service named Viewpoint Manager Service was found to stop!
    Service\Driver key Viewpoint Manager Service not found.
    File C:\Program Files\Viewpoint\Common\ViewpointService.exe not found.
    Service WDICA stopped successfully!
    Service WDICA deleted successfully!
    Service USBCCID stopped successfully!
    Service USBCCID deleted successfully!
    File system32\DRIVERS\Rts5161ccid.sys not found.
    Service Rts516xIR stopped successfully!
    Service Rts516xIR deleted successfully!
    File system32\DRIVERS\Rts516xIR.sys not found.
    Service PDRFRAME stopped successfully!
    Service PDRFRAME deleted successfully!
    Service PDRELI stopped successfully!
    Service PDRELI deleted successfully!
    Service PDFRAME stopped successfully!
    Service PDFRAME deleted successfully!
    Service PDCOMP stopped successfully!
    Service PDCOMP deleted successfully!
    Service PCIDump stopped successfully!
    Service PCIDump deleted successfully!
    Error: No service named mbr was found to stop!
    Service\Driver key mbr not found.
    File C:\username123\mbr.sys not found.
    Service lbrtfdc stopped successfully!
    Service lbrtfdc deleted successfully!
    Service i2omgmt stopped successfully!
    Service i2omgmt deleted successfully!
    Service Changer stopped successfully!
    Service Changer deleted successfully!
    Service cerc6 stopped successfully!
    Service cerc6 deleted successfully!
    Service catchme stopped successfully!
    Service catchme deleted successfully!
    File C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.
    File C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll not found.
    File C:\Program Files\mozilla firefox\plugins\npViewpoint.dll not found.
    File C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-21-1343024091-1275210071-1935655697-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56468 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner
    ->Temp folder emptied: 1045098 bytes
    ->Temporary Internet Files folder emptied: 9463477 bytes
    ->FireFox cache emptied: 91851934 bytes
    ->Google Chrome cache emptied: 46294410 bytes
    ->Apple Safari cache emptied: 13649920 bytes
    ->Flash cache emptied: 676 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2410774 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 157.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Owner

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Owner
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.64.0 log created on 09232012_210035

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1068006

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice