|
-
April 14th, 2014, 10:07 PM
#16
1. Please open Notepad (Start>All Programs>Accessories>Notepad).
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
SecCenter::
{00000000-0000-0000-0000-000000000000}
{804E5358-FFA4-00D2-0D24-347CA8A3377C}
{AD166499-45F9-482A-A743-FDD3350758C7}
File::
c:\windows\system32\drivers\avgtpx86.sys
c:\windows\system32\drivers\avkmgr.sys
Folder::
c:\documents and settings\Donna\Application Data\Avira
c:\documents and settings\LocalService\Application Data\Avira
c:\program files\Avira
c:\documents and settings\All Users\Application Data\Avira
Driver::
avgtp
avkmgr
AntiVirSchedulerService
AntiVirWebService
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=-
At::
ClearJavaCache::
3. Save the above as CFScript.txt
4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
-
April 15th, 2014, 04:57 PM
#17
I could not get rid of Avair, but it seems like maybe you did. My Avast has timed out so I currently believe I have no antivirus. Let me know when I can put back Avast, since that is easier to control. New log below Thank you
ComboFix 14-04-09.02 - Donna 04/15/2014 15:41:14.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.532 [GMT -4:00]
Running from: c:\documents and settings\Donna\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Donna\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00EB-0D24-347CA8A3377C}
.
FILE ::
"c:\windows\system32\drivers\avgtpx86.sys"
"c:\windows\system32\drivers\avkmgr.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Avira
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\addr_file.html
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\CONFIG\AVWIN.INI
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\avevtdb.dbe
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\avguard_tchk.dbe
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavid2.dat
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavid2.dat_1
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavid2.dat_2
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\IDX\master.idx
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\IPM\IpmDocument.html
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\IPM\IpmMessages.xml
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\IPM\IpmTemplate.xml
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\JOBS\146bb2be.avj
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\JOBS\produpd.avj
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\JOBS\scanjob.avj
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\JOBS\startupd.avj
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\JOBS\updjob.avj
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\avesvc.log
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\avguard.log
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20140414-144022-968DB38B.LOG
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\avwsc.log
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\sched.log
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\setup.log
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\Upd-2014-04-07-11-21-46.log
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\Upd-2014-04-08-15-21-47.log
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\Upd-2014-04-10-08-04-32.log
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\Upd-2014-04-10-14-03-12.log
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\Upd-2014-04-11-15-37-48.log
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\Upd-2014-04-14-14-38-11.log
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\Upd-2014-04-15-14-55-30.log
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\folder.avp
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\rootkit.avp
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\REPORTS\1890b068.avl
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\REPORTS\22e6aca4.avl
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\REPORTS\2ca63733.avl
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\REPORTS\3bca945d.avl
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\REPORTS\84bd0931.avl
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\REPORTS\8a890483.avl
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\REPORTS\b7b40022.avl
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\REPORTS\d2d0b9d8.avl
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\CCGEN_53468a72\bc93a8b9.htm
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\CCGEN_53468a72\HTMLFILEDLG00000000DA6B3152.HTM
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\scaninfo(1132).tmp
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\scaninfo(272).tmp
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\scaninfo(320).tmp
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\scaninfo(324).tmp
c:\documents and settings\Donna\Application Data\Avira
c:\documents and settings\LocalService\Application Data\Avira
c:\program files\Avira
c:\program files\Avira\AntiVir Desktop\about.htm
c:\program files\Avira\AntiVir Desktop\aebb.dll
c:\program files\Avira\AntiVir Desktop\aecore.dll
c:\program files\Avira\AntiVir Desktop\aecrypto.dll
c:\program files\Avira\AntiVir Desktop\aedroid.dll
c:\program files\Avira\AntiVir Desktop\aeemu.dll
c:\program files\Avira\AntiVir Desktop\aeexp.dll
c:\program files\Avira\AntiVir Desktop\aegen.dll
c:\program files\Avira\AntiVir Desktop\aehelp.dll
c:\program files\Avira\AntiVir Desktop\aeheur.dll
c:\program files\Avira\AntiVir Desktop\aelibinf.dll
c:\program files\Avira\AntiVir Desktop\aelidb.dat
c:\program files\Avira\AntiVir Desktop\aemobile.dll
c:\program files\Avira\AntiVir Desktop\aeoffice.dll
c:\program files\Avira\AntiVir Desktop\aepack.dll
c:\program files\Avira\AntiVir Desktop\aerdl.dll
c:\program files\Avira\AntiVir Desktop\aesbx.dll
c:\program files\Avira\AntiVir Desktop\aescn.dll
c:\program files\Avira\AntiVir Desktop\aescript.dll
c:\program files\Avira\AntiVir Desktop\aeset.dat
c:\program files\Avira\AntiVir Desktop\aevdf.dat
c:\program files\Avira\AntiVir Desktop\aevdf.dll
c:\program files\Avira\AntiVir Desktop\alert_level.gif
c:\program files\Avira\AntiVir Desktop\alertcat.htm
c:\program files\Avira\AntiVir Desktop\alerttyp.htm
c:\program files\Avira\AntiVir Desktop\alertvir.htm
c:\program files\Avira\AntiVir Desktop\alldiscs.avp
c:\program files\Avira\AntiVir Desktop\alldrives.avp
c:\program files\Avira\AntiVir Desktop\android.html
c:\program files\Avira\AntiVir Desktop\android_bg_bl.jpg
c:\program files\Avira\AntiVir Desktop\android_bg_br.jpg
c:\program files\Avira\AntiVir Desktop\android_bg_ml.jpg
c:\program files\Avira\AntiVir Desktop\android_bg_mr.jpg
c:\program files\Avira\AntiVir Desktop\android_bg_tl.jpg
c:\program files\Avira\AntiVir Desktop\android_bg_tr.jpg
c:\program files\Avira\AntiVir Desktop\android_btn_gray_hover.gif
c:\program files\Avira\AntiVir Desktop\android_btn_gray_normal.gif
c:\program files\Avira\AntiVir Desktop\android_phone.gif
c:\program files\Avira\AntiVir Desktop\android_red_arrow.gif
c:\program files\Avira\AntiVir Desktop\android_video.gif
c:\program files\Avira\AntiVir Desktop\antivir.oem
c:\program files\Avira\AntiVir Desktop\antivir0.rdf
c:\program files\Avira\AntiVir Desktop\apcfile.dll
c:\program files\Avira\AntiVir Desktop\auccert.crt
c:\program files\Avira\AntiVir Desktop\avacl.dll
c:\program files\Avira\AntiVir Desktop\avarkt.dll
c:\program files\Avira\AntiVir Desktop\avbb.dll
c:\program files\Avira\AntiVir Desktop\avcenter.exe
c:\program files\Avira\AntiVir Desktop\avconfig.cpl
c:\program files\Avira\AntiVir Desktop\avconfig.dll
c:\program files\Avira\AntiVir Desktop\avconfig.exe
c:\program files\Avira\AntiVir Desktop\avconfigrc.dll
c:\program files\Avira\AntiVir Desktop\avesvc.dll
c:\program files\Avira\AntiVir Desktop\avesvcr.dll
c:\program files\Avira\AntiVir Desktop\avevtlog.dll
c:\program files\Avira\AntiVir Desktop\avevtrc.dll
c:\program files\Avira\AntiVir Desktop\avgio.dll
c:\program files\Avira\AntiVir Desktop\avgnt.exe
c:\program files\Avira\AntiVir Desktop\avgntflt.cat
c:\program files\Avira\AntiVir Desktop\avgntflt.inf
c:\program files\Avira\AntiVir Desktop\avgntflt.sys
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avguard.xml
c:\program files\Avira\AntiVir Desktop\avinet.dll
c:\program files\Avira\AntiVir Desktop\avipbb.cat
c:\program files\Avira\AntiVir Desktop\avipbb.inf
c:\program files\Avira\AntiVir Desktop\avipbb.sys
c:\program files\Avira\AntiVir Desktop\avipc.dll
c:\program files\Avira\AntiVir Desktop\avira-sparberater-win.msi
c:\program files\Avira\AntiVir Desktop\avkmgr.cat
c:\program files\Avira\AntiVir Desktop\avkmgr.inf
c:\program files\Avira\AntiVir Desktop\avkmgr.sys
c:\program files\Avira\AntiVir Desktop\avlode.dll
c:\program files\Avira\AntiVir Desktop\avlode.rdf
c:\program files\Avira\AntiVir Desktop\avmres.dll
c:\program files\Avira\AntiVir Desktop\avnotify.dll
c:\program files\Avira\AntiVir Desktop\avnotify.exe
c:\program files\Avira\AntiVir Desktop\avpref.dll
c:\program files\Avira\AntiVir Desktop\avreg.dll
c:\program files\Avira\AntiVir Desktop\avreg.yml
c:\program files\Avira\AntiVir Desktop\avrep.dll
c:\program files\Avira\AntiVir Desktop\avrestart.exe
c:\program files\Avira\AntiVir Desktop\avscan.dat
c:\program files\Avira\AntiVir Desktop\avscan.exe
c:\program files\Avira\AntiVir Desktop\avscanrc.dll
c:\program files\Avira\AntiVir Desktop\avscplr.dll
c:\program files\Avira\AntiVir Desktop\avsda.dll
c:\program files\Avira\AntiVir Desktop\avsda64.dll
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Avira\AntiVir Desktop\avsmtp.dll
c:\program files\Avira\AntiVir Desktop\avupgsvc.exe
c:\program files\Avira\AntiVir Desktop\avwebgrc.dll
c:\program files\Avira\AntiVir Desktop\avwebgrd.exe
c:\program files\Avira\AntiVir Desktop\avwebloader.dll
c:\program files\Avira\AntiVir Desktop\avwebloader.exe
c:\program files\Avira\AntiVir Desktop\avwebloadergui.dll
c:\program files\Avira\AntiVir Desktop\avwin.chm
c:\program files\Avira\AntiVir Desktop\avwinll.dll
c:\program files\Avira\AntiVir Desktop\avwmi.dll
c:\program files\Avira\AntiVir Desktop\avwsc.exe
c:\program files\Avira\AntiVir Desktop\bg_b.jpg
c:\program files\Avira\AntiVir Desktop\bg_bl.jpg
c:\program files\Avira\AntiVir Desktop\bg_br.jpg
c:\program files\Avira\AntiVir Desktop\bg_m.jpg
c:\program files\Avira\AntiVir Desktop\bg_ml.jpg
c:\program files\Avira\AntiVir Desktop\bg_mr.jpg
c:\program files\Avira\AntiVir Desktop\bg_t.jpg
c:\program files\Avira\AntiVir Desktop\bg_tl.jpg
c:\program files\Avira\AntiVir Desktop\bg_tr.jpg
c:\program files\Avira\AntiVir Desktop\btn_gray_hover.gif
c:\program files\Avira\AntiVir Desktop\btn_gray_normal.gif
c:\program files\Avira\AntiVir Desktop\build.dat
c:\program files\Avira\AntiVir Desktop\cacert.crt
c:\program files\Avira\AntiVir Desktop\ccavscanex.dll
c:\program files\Avira\AntiVir Desktop\ccavscanexrc.dll
c:\program files\Avira\AntiVir Desktop\ccev.dll
c:\program files\Avira\AntiVir Desktop\ccevrc.dll
c:\program files\Avira\AntiVir Desktop\ccevw.dll
c:\program files\Avira\AntiVir Desktop\ccfwmgt.dll
c:\program files\Avira\AntiVir Desktop\ccfwmgtrc.dll
c:\program files\Avira\AntiVir Desktop\ccgen.dll
c:\program files\Avira\AntiVir Desktop\ccgenrc.dll
c:\program files\Avira\AntiVir Desktop\ccgenw.dll
c:\program files\Avira\AntiVir Desktop\ccgrdrc.dll
c:\program files\Avira\AntiVir Desktop\ccgrdw.dll
c:\program files\Avira\AntiVir Desktop\ccguard.dll
c:\program files\Avira\AntiVir Desktop\cchips.dll
c:\program files\Avira\AntiVir Desktop\cchipsrc.dll
c:\program files\Avira\AntiVir Desktop\cclic.dll
c:\program files\Avira\AntiVir Desktop\cclicrc.dll
c:\program files\Avira\AntiVir Desktop\cclicw.dll
c:\program files\Avira\AntiVir Desktop\ccmainrc.dll
c:\program files\Avira\AntiVir Desktop\ccmsg.dll
c:\program files\Avira\AntiVir Desktop\ccmsgrc.dll
c:\program files\Avira\AntiVir Desktop\ccplg.xml
c:\program files\Avira\AntiVir Desktop\ccprofil.dll
c:\program files\Avira\AntiVir Desktop\ccquamgr.dll
c:\program files\Avira\AntiVir Desktop\ccquarc.dll
c:\program files\Avira\AntiVir Desktop\ccquaw.dll
c:\program files\Avira\AntiVir Desktop\ccreporc.dll
c:\program files\Avira\AntiVir Desktop\ccreport.dll
c:\program files\Avira\AntiVir Desktop\ccrepow.dll
c:\program files\Avira\AntiVir Desktop\ccscanrc.dll
c:\program files\Avira\AntiVir Desktop\ccscanw.dll
c:\program files\Avira\AntiVir Desktop\ccsched.dll
c:\program files\Avira\AntiVir Desktop\ccschedw.dll
c:\program files\Avira\AntiVir Desktop\ccscherc.dll
c:\program files\Avira\AntiVir Desktop\ccuac.exe
c:\program files\Avira\AntiVir Desktop\ccupdate.dll
c:\program files\Avira\AntiVir Desktop\ccupdrc.dll
c:\program files\Avira\AntiVir Desktop\ccupdw.dll
c:\program files\Avira\AntiVir Desktop\ccwebtabs.dll
c:\program files\Avira\AntiVir Desktop\ccwebtabsrc.dll
c:\program files\Avira\AntiVir Desktop\ccwgrd.dll
c:\program files\Avira\AntiVir Desktop\ccwgrdrc.dll
c:\program files\Avira\AntiVir Desktop\ccwgrdw.dll
c:\program files\Avira\AntiVir Desktop\ccwkrlib.dll
c:\program files\Avira\AntiVir Desktop\cfglib.dll
c:\program files\Avira\AntiVir Desktop\cfgprofile.dll
c:\program files\Avira\AntiVir Desktop\checkt.exe
c:\program files\Avira\AntiVir Desktop\default.wav
c:\program files\Avira\AntiVir Desktop\defaults.ini
c:\program files\Avira\AntiVir Desktop\extdlgfw.dll
c:\program files\Avira\AntiVir Desktop\fact.exe
c:\program files\Avira\AntiVir Desktop\factrc.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aebb.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aecore.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aecrypto.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aedroid.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aeemu.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aeexp.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aegen.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aehelp.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aeheur.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aelibinf.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aelidb.dat
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aemobile.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aeoffice.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aepack.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aerdl.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aesbx.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aescn.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aescript.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aeset.dat
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aevdf.dat
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aevdf.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\unacev2.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase000.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase001.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase002.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase003.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase004.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase005.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase006.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase007.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase008.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase009.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase010.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase011.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase012.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase013.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase014.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase015.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase016.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase017.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase018.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase019.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase020.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase021.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase022.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase023.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase024.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase025.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase026.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase027.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase028.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase029.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase030.vdf
c:\program files\Avira\AntiVir Desktop\FAILSAFE\vbase031.vdf
c:\program files\Avira\AntiVir Desktop\firewall.dll
c:\program files\Avira\AntiVir Desktop\gavid.xsl
c:\program files\Avira\AntiVir Desktop\gavidb.dll
c:\program files\Avira\AntiVir Desktop\gpavgio.dll
c:\program files\Avira\AntiVir Desktop\gpevtlog.dll
c:\program files\Avira\AntiVir Desktop\gpgavid.dll
c:\program files\Avira\AntiVir Desktop\gpgen.dll
c:\program files\Avira\AntiVir Desktop\gpgenrep.dll
c:\program files\Avira\AntiVir Desktop\gpgrd.dll
c:\program files\Avira\AntiVir Desktop\gpgui.dll
c:\program files\Avira\AntiVir Desktop\gpipc.dll
c:\program files\Avira\AntiVir Desktop\gplegacy.dll
c:\program files\Avira\AntiVir Desktop\gpschd.dll
c:\program files\Avira\AntiVir Desktop\grdcore.dll
c:\program files\Avira\AntiVir Desktop\guardgui.exe
c:\program files\Avira\AntiVir Desktop\guardmsg.dll
c:\program files\Avira\AntiVir Desktop\hbedv.key
c:\program files\Avira\AntiVir Desktop\inetset.bin
c:\program files\Avira\AntiVir Desktop\ipmgui.exe
c:\program files\Avira\AntiVir Desktop\libapr-1.dll
c:\program files\Avira\AntiVir Desktop\libapriconv-1.dll
c:\program files\Avira\AntiVir Desktop\libaprutil-1.dll
c:\program files\Avira\AntiVir Desktop\libcurl.dll
c:\program files\Avira\AntiVir Desktop\libdb44.dll
c:\program files\Avira\AntiVir Desktop\libdb53.dll
c:\program files\Avira\AntiVir Desktop\libeay32.dll
c:\program files\Avira\AntiVir Desktop\licmgr.dll
c:\program files\Avira\AntiVir Desktop\licmgr.exe
c:\program files\Avira\AntiVir Desktop\luke.dll
c:\program files\Avira\AntiVir Desktop\lukeres.dll
c:\program files\Avira\AntiVir Desktop\mgrs.dll
c:\program files\Avira\AntiVir Desktop\msgclient.dll
c:\program files\Avira\AntiVir Desktop\mydocs.avp
c:\program files\Avira\AntiVir Desktop\netnt.dll
c:\program files\Avira\AntiVir Desktop\offercast_avirav7_.exe
c:\program files\Avira\AntiVir Desktop\onlcfg.dll
c:\program files\Avira\AntiVir Desktop\prefix_msg.avr
c:\program files\Avira\AntiVir Desktop\process.avp
c:\program files\Avira\AntiVir Desktop\prodinfo.dat
c:\program files\Avira\AntiVir Desktop\productutilities.dll
c:\program files\Avira\AntiVir Desktop\quicksysscan.avp
c:\program files\Avira\AntiVir Desktop\rchelp.dll
c:\program files\Avira\AntiVir Desktop\rcimage.dll
c:\program files\Avira\AntiVir Desktop\rcnwload_ar.dll
c:\program files\Avira\AntiVir Desktop\rcnwload_de.dll
c:\program files\Avira\AntiVir Desktop\rcnwload_en.dll
c:\program files\Avira\AntiVir Desktop\rcnwload_es.dll
c:\program files\Avira\AntiVir Desktop\rcnwload_fr.dll
c:\program files\Avira\AntiVir Desktop\rcnwload_it.dll
c:\program files\Avira\AntiVir Desktop\rcnwload_jp.dll
c:\program files\Avira\AntiVir Desktop\rcnwload_ko.dll
c:\program files\Avira\AntiVir Desktop\rcnwload_nl.dll
c:\program files\Avira\AntiVir Desktop\rcnwload_pt.dll
c:\program files\Avira\AntiVir Desktop\rcnwload_ru.dll
c:\program files\Avira\AntiVir Desktop\rcnwload_tr.dll
c:\program files\Avira\AntiVir Desktop\rcnwload_zhcn.dll
c:\program files\Avira\AntiVir Desktop\rcnwload_zhtw.dll
c:\program files\Avira\AntiVir Desktop\rctext.dll
c:\program files\Avira\AntiVir Desktop\rdf.dll
c:\program files\Avira\AntiVir Desktop\red_arrow.gif
c:\program files\Avira\AntiVir Desktop\repair.dll
c:\program files\Avira\AntiVir Desktop\repair.rdf
c:\program files\Avira\AntiVir Desktop\restartrc.dll
c:\program files\Avira\AntiVir Desktop\rmdiscs.avp
c:\program files\Avira\AntiVir Desktop\scewxmlw.dll
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\sched.xml
c:\program files\Avira\AntiVir Desktop\schedr.dll
c:\program files\Avira\AntiVir Desktop\setup.dll
c:\program files\Avira\AntiVir Desktop\setup.exe
c:\program files\Avira\AntiVir Desktop\setuppending.exe
c:\program files\Avira\AntiVir Desktop\shlext.dll
c:\program files\Avira\AntiVir Desktop\socialshield.html
c:\program files\Avira\AntiVir Desktop\sqlite3.dll
c:\program files\Avira\AntiVir Desktop\ssleay32.dll
c:\program files\Avira\AntiVir Desktop\ssmdrv.inf
c:\program files\Avira\AntiVir Desktop\sweb.zip
c:\program files\Avira\AntiVir Desktop\sysdir.avp
c:\program files\Avira\AntiVir Desktop\sysscan.avp
c:\program files\Avira\AntiVir Desktop\systemutilities.dll
c:\program files\Avira\AntiVir Desktop\toolbar_eula.txt
c:\program files\Avira\AntiVir Desktop\unacev2.dll
c:\program files\Avira\AntiVir Desktop\update.dll
c:\program files\Avira\AntiVir Desktop\update.exe
c:\program files\Avira\AntiVir Desktop\updatemsg.avr
c:\program files\Avira\AntiVir Desktop\updaterc.dll
c:\program files\Avira\AntiVir Desktop\updext.dll
c:\program files\Avira\AntiVir Desktop\updgui.dll
c:\program files\Avira\AntiVir Desktop\updguirc.dll
c:\program files\Avira\AntiVir Desktop\updrgui.exe
c:\program files\Avira\AntiVir Desktop\vbase000.vdf
c:\program files\Avira\AntiVir Desktop\vbase001.vdf
c:\program files\Avira\AntiVir Desktop\vbase002.vdf
c:\program files\Avira\AntiVir Desktop\vbase003.vdf
c:\program files\Avira\AntiVir Desktop\vbase004.vdf
c:\program files\Avira\AntiVir Desktop\vbase005.vdf
c:\program files\Avira\AntiVir Desktop\vbase006.vdf
c:\program files\Avira\AntiVir Desktop\vbase007.vdf
c:\program files\Avira\AntiVir Desktop\vbase008.vdf
c:\program files\Avira\AntiVir Desktop\vbase009.vdf
c:\program files\Avira\AntiVir Desktop\vbase010.vdf
c:\program files\Avira\AntiVir Desktop\vbase011.vdf
c:\program files\Avira\AntiVir Desktop\vbase012.vdf
c:\program files\Avira\AntiVir Desktop\vbase013.vdf
c:\program files\Avira\AntiVir Desktop\vbase014.vdf
c:\program files\Avira\AntiVir Desktop\vbase015.vdf
c:\program files\Avira\AntiVir Desktop\vbase016.vdf
c:\program files\Avira\AntiVir Desktop\vbase017.vdf
c:\program files\Avira\AntiVir Desktop\vbase018.vdf
c:\program files\Avira\AntiVir Desktop\vbase019.vdf
c:\program files\Avira\AntiVir Desktop\vbase020.vdf
c:\program files\Avira\AntiVir Desktop\vbase021.vdf
c:\program files\Avira\AntiVir Desktop\vbase022.vdf
c:\program files\Avira\AntiVir Desktop\vbase023.vdf
c:\program files\Avira\AntiVir Desktop\vbase024.vdf
c:\program files\Avira\AntiVir Desktop\vbase025.vdf
c:\program files\Avira\AntiVir Desktop\vbase026.vdf
c:\program files\Avira\AntiVir Desktop\vbase027.vdf
c:\program files\Avira\AntiVir Desktop\vbase028.vdf
c:\program files\Avira\AntiVir Desktop\vbase029.vdf
c:\program files\Avira\AntiVir Desktop\vbase030.vdf
c:\program files\Avira\AntiVir Desktop\vbase031.vdf
c:\program files\Avira\AntiVir Desktop\video.gif
c:\program files\Avira\AntiVir Desktop\webcat0.dat
c:\program files\Avira\AntiVir Desktop\webcat1.dat
c:\program files\Avira\AntiVir Desktop\webcat2.dat
c:\program files\Avira\AntiVir Desktop\webcat3.dat
c:\program files\Avira\AntiVir Desktop\webcat4.dat
c:\program files\Avira\AntiVir Desktop\weblink.url
c:\program files\Avira\AntiVir Desktop\win32apiwrapper.dll
c:\program files\Avira\AntiVir Desktop\wksstats.dll
c:\windows\system32\SET2CA.tmp
c:\windows\system32\SET2CB.tmp
c:\windows\system32\SET2CC.tmp
c:\windows\system32\SET2D0.tmp
c:\windows\system32\SET2D1.tmp
c:\windows\system32\SET2D2.tmp
c:\windows\system32\SET2D6.tmp
c:\windows\system32\SET2D8.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ANTIVIRSCHEDULERSERVICE
-------\Legacy_AVGTP
-------\Legacy_AVKMGR
-------\Service_AntiVirSchedulerService
-------\Service_AntiVirWebService
-------\Service_avgtp
-------\Service_avkmgr
.
.
((((((((((((((((((((((((( Files Created from 2014-03-15 to 2014-04-15 )))))))))))))))))))))))))))))))
.
.
2014-04-07 15:11 . 2014-02-25 15:41 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-04-07 15:11 . 2014-02-25 15:41 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-04-07 15:11 . 2014-02-25 15:41 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-04-07 14:34 . 2014-04-10 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
2014-04-06 18:55 . 2014-04-06 18:56 -------- d-----w- c:\documents and settings\Administrator
2014-04-05 20:25 . 2014-04-06 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-04-03 14:07 . 2014-04-06 18:01 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-03 14:07 . 2014-04-06 17:58 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 14:07 . 2014-04-03 14:07 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-03 14:07 . 2014-03-05 13:26 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-29 21:13 . 2014-03-29 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\CDB
2014-03-29 21:09 . 2014-04-03 18:52 -------- d-----w- c:\documents and settings\Donna\Local Settings\Application Data\AVG SafeGuard toolbar
2014-03-29 21:08 . 2014-03-29 21:07 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-03-29 21:07 . 2014-03-29 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2014-03-29 21:07 . 2014-03-29 21:08 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2014-03-29 21:07 . 2014-03-29 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar
2014-03-29 21:07 . 2014-03-29 21:07 -------- d-----w- c:\documents and settings\Donna\Application Data\AVG SafeGuard toolbar
2014-03-29 21:07 . 2014-03-29 21:11 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2014-03-29 21:07 . 2014-03-29 21:07 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2014-03-25 20:11 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 13:16 . 2012-06-11 17:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 13:16 . 2011-07-28 13:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-06 17:59 . 2004-08-24 01:32 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59 . 2002-09-03 16:39 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59 . 2002-09-03 16:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 17:59 . 2002-09-03 16:29 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2014-02-07 02:01 . 2002-09-03 17:11 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2004-04-04 20:47 562688 ----a-w- c:\windows\system32\qedit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-03-29 21:10 3486232 ----a-w- c:\program files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll" [2014-03-29 3486232]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-13 13:39 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-13 3764024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2014-03-29 2544664]
.
c:\documents and settings\Donna\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-10-02 15:16 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-04-10 20:44 679936 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 08:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 05:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-11-22 19:49 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
2002-11-22 19:48 348160 ----a-w- c:\windows\system32\hphmon04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
2002-11-22 19:50 49152 ----a-w- c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 05:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
2002-09-17 23:31 53248 ----a-w- c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-06-23 16:33 438359 ----a-w- c:\progra~1\verizon\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-06 18:16 5058560 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-10-06 18:16 49152 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-10-06 18:16 741376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2003-10-24 19:53 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2009-10-02 15:40 3055616 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sp_rssrv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Pml Driver HPH11"=3 (0x3)
"PhotoshopElementsDeviceConnect"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"AdobeActiveFileMonitor"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [4/11/2013 9:12 AM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [4/11/2013 9:12 AM 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/11/2013 9:12 AM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/11/2013 9:12 AM 410528]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4/11/2013 9:12 AM 67824]
S3 cpuz134;cpuz134;\??\c:\docume~1\Donna\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Donna\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 5:12 PM 10664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 13:16]
.
2014-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2014-04-10 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2014-04-05 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2014-04-10 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2014-04-10 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2014-04-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-11 13:39]
.
2013-12-04 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2002-09-03 00:12]
.
2014-04-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-25 01:59]
.
2014-04-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-25 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-15 16:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\7.3.132.0\BBSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
c:\program files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
.
**************************************************************************
.
Completion time: 2014-04-15 16:47:13 - machine was rebooted
ComboFix-quarantined-files.txt 2014-04-15 20:47
ComboFix2.txt 2014-04-10 13:10
.
Pre-Run: 41,756,626,944 bytes free
Post-Run: 41,245,806,592 bytes free
.
- - End Of File - - B75ED9743BEC51E6B0650FC4C57D9496
8F558EB6672622401DA993E1E865C861
-
April 15th, 2014, 07:37 PM
#18
 Reinstall Avast as soon as possible like now 
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Scan button.
- When the scan has finished click on Clean button.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
April 16th, 2014, 12:00 PM
#19
second attempt to send requested logs
# AdwCleaner v3.023 - Report created 16/04/2014 at 10:22:20
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Donna - BUBBIE
# Running from : C:\Documents and Settings\Donna\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Donna\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Donna\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Donna\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Tom\Application Data\Viewpoint
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
*************************
AdwCleaner[R0].txt - [6981 octets] - [16/04/2014 10:20:55]
AdwCleaner[S0].txt - [7072 octets] - [16/04/2014 10:22:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7132 octets] ##########
# AdwCleaner v3.023 - Report created 16/04/2014 at 10:22:20
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Donna - BUBBIE
# Running from : C:\Documents and Settings\Donna\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Donna\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Donna\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Donna\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Tom\Application Data\Viewpoint
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
*************************
AdwCleaner[R0].txt - [6981 octets] - [16/04/2014 10:20:55]
AdwCleaner[S0].txt - [7072 octets] - [16/04/2014 10:22:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7132 octets] ##########
# AdwCleaner v3.023 - Report created 16/04/2014 at 10:22:20
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Donna - BUBBIE
# Running from : C:\Documents and Settings\Donna\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Donna\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Donna\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Donna\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Tom\Application Data\Viewpoint
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
*************************
AdwCleaner[R0].txt - [6981 octets] - [16/04/2014 10:20:55]
AdwCleaner[S0].txt - [7072 octets] - [16/04/2014 10:22:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7132 octets] ##########
-
April 16th, 2014, 12:06 PM
#20
Page 2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Donna on Wed 04/16/2014 at 10:43:27.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/16/2014 at 10:50:22.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 4/16/2014 11:12:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Donna\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.00 Mb Total Physical Memory | 598.22 Mb Available Physical Memory | 58.48% Memory free
1.28 Gb Paging File | 0.98 Gb Available in Paging File | 76.38% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 38.29 Gb Free Space | 51.40% Space Free | Partition Type: NTFS
Computer Name: BUBBIE | User Name: Donna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/04/16 11:11:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donna\Desktop\OTL.exe
PRC - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
PRC - [2014/01/13 09:39:06 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/13 09:39:04 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/17 05:05:54 | 001,837,672 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
PRC - [2012/10/17 05:05:10 | 000,673,384 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
PRC - [2010/07/13 01:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2009/10/02 11:40:30 | 000,487,424 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2014/04/16 05:45:20 | 002,213,376 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14041600\algo.dll
MOD - [2013/11/24 12:57:28 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/13 01:29:42 | 000,143,360 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\connectionDetector.dll
MOD - [2010/07/13 01:28:42 | 000,856,064 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\fsk.dll
MOD - [2010/07/13 01:26:12 | 000,018,432 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
MOD - [2010/07/13 01:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
MOD - [2010/07/13 01:25:50 | 000,028,160 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ticket.dll
MOD - [2010/07/13 01:25:42 | 000,011,776 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
MOD - [2010/07/13 01:22:36 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskinLocalize.dll
MOD - [2010/07/13 01:22:02 | 000,009,728 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskPower.dll
MOD - [2010/07/13 01:16:16 | 000,118,784 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskDocumentViewer.dll
MOD - [2010/07/13 01:15:58 | 000,010,240 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
MOD - [2010/07/13 01:15:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\Fskin.dll
MOD - [2010/07/13 01:13:42 | 000,033,792 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskMediaPlayers.dll
MOD - [2010/07/13 01:10:56 | 000,172,032 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\USBDetector.dll
MOD - [2010/04/02 21:23:36 | 000,815,104 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskSecurity.dll
MOD - [2010/04/02 20:44:16 | 000,086,016 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ebookUsb.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe -- (vToolbarUpdater18.0.5)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/03/12 09:16:37 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2014/01/13 09:39:04 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/10/02 11:40:30 | 000,487,424 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009/10/02 11:16:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2004/10/20 04:47:54 | 000,098,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/20 03:40:46 | 000,118,784 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2002/11/22 15:49:22 | 000,077,824 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\SMPLSCSI.SYS -- (SMPLSCSI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS -- (ONSIO)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Donna\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (ASPI32)
DRV - [2014/02/25 11:41:26 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2014/02/25 11:41:24 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2014/01/13 09:39:27 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/01/13 09:39:27 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/01/13 09:39:27 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/01/13 09:39:27 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/01/13 09:39:27 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/01/13 09:39:27 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/11/24 12:57:31 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2008/04/13 14:45:33 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/09/27 17:12:30 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gan_adapter.sys -- (hamachi_oem)
DRV - [2006/07/05 14:10:23 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/07/05 14:10:23 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2005/09/07 14:32:58 | 000,024,960 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/09/07 14:29:44 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/10/24 15:54:01 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/11/22 15:49:22 | 000,050,896 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2002/11/22 15:49:22 | 000,018,928 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2002/11/22 15:49:22 | 000,016,112 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2002/08/30 12:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X)
DRV - [2002/06/27 23:00:00 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2002/05/13 19:59:20 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2002/04/10 17:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 17:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 17:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 16:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 16:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-688789844-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1220945662-688789844-839522115-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1220945662-688789844-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1220945662-688789844-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1220945662-688789844-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-688789844-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2014/04/15 16:33:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1220945662-688789844-839522115-1004\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-1220945662-688789844-839522115-1004\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKU\S-1-5-21-1220945662-688789844-839522115-1004\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-1220945662-688789844-839522115-1004..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-688789844-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1220945662-688789844-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1220945662-688789844-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1220945662-688789844-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1220945662-688789844-839522115-1004\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CFC8AB4-8798-4E35-ABAA-E71E9258132D}: DhcpNameServer = 192.168.1.1 71.242.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Donna\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Donna\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/22 19:24:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/04/16 11:11:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Donna\Desktop\OTL.exe
[2014/04/16 10:43:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/04/16 10:41:24 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\Donna\Desktop\JRT.exe
[2014/04/16 10:20:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/10 08:24:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/04/07 11:48:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/04/07 11:48:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/04/07 11:48:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/04/07 11:48:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/04/07 11:12:35 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2014/04/07 11:11:45 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2014/04/07 11:11:44 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2014/04/07 11:11:42 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2014/04/07 10:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2014/04/07 10:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2014/04/07 10:01:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/04/07 09:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/04/07 09:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Desktop\avira_registry_cleaner_en
[2014/04/07 08:11:47 | 005,196,025 | R--- | C] (Swearware) -- C:\Documents and Settings\Donna\Desktop\ComboFix.exe
[2014/04/05 16:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/04/05 16:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Desktop\mbar
[2014/04/05 15:26:21 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Donna\Desktop\mbar-1.07.0.1009.exe
[2014/04/05 14:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Desktop\RK_Quarantine
[2014/04/03 10:58:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Donna\My Documents\My Videos
[2014/04/03 10:07:53 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/03 10:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/03 10:07:27 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 10:07:27 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/03 10:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/03 10:06:09 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Donna\Desktop\dds.com
[2014/03/29 17:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CDB
[2014/03/29 17:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\My Documents\Downloads
[2014/03/29 17:08:35 | 000,042,272 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2014/03/29 17:07:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/04/16 11:16:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/16 11:11:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donna\Desktop\OTL.exe
[2014/04/16 10:56:06 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/04/16 10:41:32 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\Donna\Desktop\JRT.exe
[2014/04/16 10:32:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2014/04/16 10:27:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/16 10:25:29 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/16 10:23:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/16 10:23:53 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/16 10:16:55 | 001,426,178 | ---- | M] () -- C:\Documents and Settings\Donna\Desktop\adwcleaner.exe
[2014/04/16 10:10:11 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/04/15 17:00:12 | 000,000,969 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/04/15 16:33:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/04/11 15:35:59 | 000,033,042 | ---- | M] () -- C:\Documents and Settings\Donna\Application Data\wklnhst.dat
[2014/04/10 17:13:21 | 000,481,662 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/10 17:13:21 | 000,079,736 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/04/10 15:56:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/10 14:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2014/04/10 08:25:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/04/10 08:19:27 | 005,196,025 | R--- | M] (Swearware) -- C:\Documents and Settings\Donna\Desktop\ComboFix.exe
[2014/04/08 15:11:49 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/07 09:19:17 | 000,090,968 | ---- | M] () -- C:\Documents and Settings\Donna\Desktop\avira_registry_cleaner_en.zip
[2014/04/07 08:46:18 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Donna\My Documents\to from MD.wps
[2014/04/06 14:01:40 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/06 13:58:15 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/05 15:26:21 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Donna\Desktop\mbar-1.07.0.1009.exe
[2014/04/05 14:33:41 | 003,972,608 | ---- | M] () -- C:\Documents and Settings\Donna\Desktop\RogueKiller.exe
[2014/04/04 20:40:18 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2014/04/04 08:43:38 | 029,216,768 | ---- | M] () -- C:\Documents and Settings\Donna\My Documents\Windows 8 Info page 1.wps
[2014/04/03 15:00:01 | 000,580,818 | R--- | M] () -- C:\Documents and Settings\Donna\My Documents\My new banking Backup_2014-04-03_145959.mbf
[2014/04/03 10:07:36 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/03 10:06:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Donna\Desktop\dds.com
[2014/04/03 09:45:57 | 000,009,606 | ---- | M] () -- C:\WINDOWS\System32\ScanResults.xml
[2014/04/03 09:24:46 | 000,001,056 | ---- | M] () -- C:\WINDOWS\System32\SettingsFile
[2014/03/29 17:14:42 | 000,000,163 | ---- | M] () -- C:\WINDOWS\Reimage.ini
[2014/03/29 17:07:26 | 000,042,272 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2014/03/25 16:01:49 | 000,541,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/04/16 10:16:43 | 001,426,178 | ---- | C] () -- C:\Documents and Settings\Donna\Desktop\adwcleaner.exe
[2014/04/10 08:25:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014/04/10 08:25:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/04/08 15:35:16 | 000,000,969 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/04/07 11:58:25 | 000,424,506 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/04/07 11:48:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/04/07 11:48:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/04/07 11:48:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/04/07 11:48:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/04/07 11:48:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/04/07 09:18:52 | 000,090,968 | ---- | C] () -- C:\Documents and Settings\Donna\Desktop\avira_registry_cleaner_en.zip
[2014/04/07 08:21:40 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Donna\My Documents\to from MD.wps
[2014/04/06 15:17:01 | 1072,766,976 | -HS- | C] () -- C:\hiberfil.sys
[2014/04/05 14:33:41 | 003,972,608 | ---- | C] () -- C:\Documents and Settings\Donna\Desktop\RogueKiller.exe
[2014/04/04 08:43:29 | 029,216,768 | ---- | C] () -- C:\Documents and Settings\Donna\My Documents\Windows 8 Info page 1.wps
[2014/04/03 15:00:01 | 000,580,818 | R--- | C] () -- C:\Documents and Settings\Donna\My Documents\My new banking Backup_2014-04-03_145959.mbf
[2014/04/03 10:07:36 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/03 09:45:57 | 000,009,606 | ---- | C] () -- C:\WINDOWS\System32\ScanResults.xml
[2014/04/03 09:24:46 | 000,001,056 | ---- | C] () -- C:\WINDOWS\System32\SettingsFile
[2014/03/29 17:00:05 | 000,000,163 | ---- | C] () -- C:\WINDOWS\Reimage.ini
[2014/03/29 16:29:42 | 000,000,222 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/29 16:29:38 | 000,000,216 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2013/12/29 11:28:13 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/04/11 09:12:23 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/04/11 09:12:22 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/02/03 15:28:36 | 000,128,960 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/02 12:56:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Comedy Noises
[2009/07/13 11:51:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Donna\Application Data\Configure Folder Actions
[2009/07/10 16:06:41 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/07/06 09:15:18 | 000,033,042 | ---- | C] () -- C:\Documents and Settings\Donna\Application Data\wklnhst.dat
[2009/04/05 10:56:50 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/18 19:49:59 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2003/12/07 11:26:48 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Donna\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2007/12/29 23:29:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/11/26 11:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/11/24 12:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2004/01/18 13:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2004/01/18 13:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2003/10/24 14:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2014/03/29 17:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CDB
[2009/10/02 11:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2014/03/29 17:07:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/04/27 09:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Designer's Gallery
[2009/07/10 16:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2005/03/01 16:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2012/09/01 16:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2007/12/29 20:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2014/04/10 07:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2012/03/08 01:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/07/10 16:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2013/11/24 13:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\AVAST Software
[2013/11/24 17:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\Avery
[2009/03/14 14:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\GARMIN
[2003/12/26 10:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\InterTrust
[2012/03/08 00:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\Leadertech
[2009/07/16 08:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\Nikon
[2014/02/21 11:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\Spyware Terminator
[2013/11/24 16:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\Template
[2013/12/27 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVAST Software
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\Key West and Florida Keys Screen Saver.scr:�SummaryInformation
< End of report >
-
April 16th, 2014, 12:10 PM
#21
I could only get this to work by sending pieces.. 4 in total if any are missing let me know, screen kept freezing. Thank you
OTL Extras logfile created on: 4/16/2014 11:12:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Donna\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.00 Mb Total Physical Memory | 598.22 Mb Available Physical Memory | 58.48% Memory free
1.28 Gb Paging File | 0.98 Gb Available in Paging File | 76.38% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 38.29 Gb Free Space | 51.40% Space Free | Partition Type: NTFS
Computer Name: BUBBIE | User Name: Donna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-1220945662-688789844-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet isabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- (Crawler.com)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 FaxApplications -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 DigitalWizards -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 SendFaxAppExe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Officejet Pro 8600) -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Officejet Pro 8600) -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet Pro 8600) -- (Hewlett-Packard Co.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{08F9879C-0AA3-4B0A-AACE-3498BBCAE175}" = Scrapbook Factory Deluxe 3.0
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15EE1439-3B90-4DA6-A4FD-3BF23E830C25}" = MS Export
"{17A7779A-D23F-11D3-8753-0050BABE1202}" = Microtek ScanWizard
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1DA6AB38-2876-4AE4-8236-24C2CF66601B}" = MediaFACE 4.0 Spiritual Image Library
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{25EF00A1-F17B-11D6-88EA-000476CD2443}" = Verizon Online Support Center
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{268D18A2-4539-4530-8192-F13EDD876FFC}" = MediaFACE 4.0 General Image Library
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{3365E735-48A6-4194-9988-CE59AC5AE503}" = Bing Bar
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{46235FF7-2CBE-4A84-BEDA-87348D1F7850}" = HP Officejet Pro 8600 Help
"{464D0521-C5A5-439E-A039-2D1EE8035F9F}" = PictureGear 4.6Lite
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{5B466707-08E2-4FC3-8FE6-A8C07EB525BC}" = Designer's Gallery StudioPlus
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79ACC31A-87EA-472A-853E-5AC6A97CE569}" = HP Officejet Pro 8600 Product Improvement Study
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{8739235F-201D-449C-A03F-277A85F0FE1E}" = MediaFACE 4.0 Music Image Library
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8EAB4100-B343-41AE-A880-418746998209}" = HP Officejet Pro 8600 Basic Device Software
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{9AD92782-CAC6-48DF-A060-BFD6FE7689E7}" = MediaFACE 4.0 Lifestyle Image Library
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9CCE527D-356F-41A8-9718-77A68AC065FB}" = PlayLinc
"{9DA735C0-3C3E-4CB3-BC26-BE95E768115F}" = Garmin City Navigator North America NT 2009 Update
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB46245B-CECA-406F-8790-3ABA0D01012F}" = Roxio VideoWave Movie Creator
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C79CA670-AF3B-427C-B77F-84B8E3652684}" = Designer's Gallery Interactive - Decorative Quilting
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D43E122B-C053-4545-999A-2219BF8F6422}" = Avery Wizard 5.0
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = Panorama Maker
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA84434F-25B6-4716-A390-AC678FB6516D}" = MediaFACE 4.0 Special Occasion Image Library
"{DB6D0A87-77BA-4083-85D1-D07604B3FAD7}" = CLIE MS SCSI Driver
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{EC1C38E3-AE7F-40D4-AA3A-C730FAE4FED3}" = Designer's Gallery Interactive - Floral Accents Trial
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FED4E1E2-9E19-44FE-8265-E4AAE03EBC80}" = MediaFACE 4.0 Business Image Library
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"ArcSoft Software Suite" = ArcSoft Software Suite
"avast" = avast! Free Antivirus
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"ClickArt Celebrations and Holidays 1.0" = ClickArt Celebrations and Holidays
"Corel Applications" = Corel Applications
"Family Tree Maker" = Family Tree Maker 7.0
"GoldenNugget95" = Virgin Interactive: Golden Nugget
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only)
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1DA6AB38-2876-4AE4-8236-24C2CF66601B}" = MediaFACE 4.0 Spiritual Image Library
"InstallShield_{268D18A2-4539-4530-8192-F13EDD876FFC}" = MediaFACE 4.0 General Image Library
"InstallShield_{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"InstallShield_{8739235F-201D-449C-A03F-277A85F0FE1E}" = MediaFACE 4.0 Music Image Library
"InstallShield_{9AD92782-CAC6-48DF-A060-BFD6FE7689E7}" = MediaFACE 4.0 Lifestyle Image Library
"InstallShield_{DA84434F-25B6-4716-A390-AC678FB6516D}" = MediaFACE 4.0 Special Occasion Image Library
"InstallShield_{FED4E1E2-9E19-44FE-8265-E4AAE03EBC80}" = MediaFACE 4.0 Business Image Library
"Jeopardy!" = Jeopardy!
"Key West and Florida Keys Screen Saver_is1" = Key West and Florida Keys Screen Saver
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.00.0.1000
"Metafile Companion 1.10" = Metafile Companion 1.10
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2008b" = Microsoft Money Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"PrintMaster Gold 3.00" = PrintMaster Gold 3.00
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"RealPlayer 6.0" = RealPlayer Basic
"Refrigeration Cycle Diagnostics" = Refrigeration Cycle Diagnostics
"Scrabble" = Scrabble
"SereneScreen Aquarium" = SereneScreen Aquarium
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"Spyware Terminator_is1" = Spyware Terminator
"Stationery Maker with Wizards" = Stationery Maker with Wizards
"Trivial Pursuit Millennium Edition" = Trivial Pursuit Millennium Edition
"Verizon Online DSL_is1" = Verizon Online DSL
"Verizon Online Help and Support" = Verizon Online Help and Support
"Verizon Yahoo! Applications" = Verizon Yahoo! Applications
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1220945662-688789844-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/10/2014 9:02:30 AM | Computer Name = BUBBIE | Source = Application Error | ID = 1000
Description = Faulting application avgnt.exe, version 14.0.3.332, faulting module
ccmsg.dll, version 14.0.3.336, fault address 0x0000990a.
Error - 4/10/2014 9:54:33 AM | Computer Name = BUBBIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/10/2014 9:54:33 AM | Computer Name = BUBBIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/10/2014 10:47:03 AM | Computer Name = BUBBIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/10/2014 5:08:17 PM | Computer Name = BUBBIE | Source = LoadPerf | ID = 3013
Description = Unable to update the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.
Error - 4/10/2014 5:08:17 PM | Computer Name = BUBBIE | Source = LoadPerf | ID = 3009
Error - 4/14/2014 2:45:12 PM | Computer Name = BUBBIE | Source = Application Hang
| ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/14/2014 2:45:14 PM | Computer Name = BUBBIE | Source = Application Hang
| ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/14/2014 2:45:14 PM | Computer Name = BUBBIE | Source = Application Hang
| ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/14/2014 2:45:21 PM | Computer Name = BUBBIE | Source = Application Hang
| ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/15/2014 4:17:24 PM | Computer Name = BUBBIE | Source = Application Error
| ID = 1000
Description = Faulting application avgnt.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Error encountered while reading event logs.
< End of report >
-
April 16th, 2014, 04:49 PM
#22
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe -- (vToolbarUpdater18.0.5)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\SMPLSCSI.SYS -- (SMPLSCSI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS -- (ONSIO)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Donna\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (ASPI32)
DRV - [2014/02/25 11:41:26 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2014/02/25 11:41:24 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
IE - HKU\S-1-5-21-1220945662-688789844-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-1220945662-688789844-839522115-1004\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-1220945662-688789844-839522115-1004\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKU\S-1-5-21-1220945662-688789844-839522115-1004\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O15 - HKU\S-1-5-21-1220945662-688789844-839522115-1004\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[2014/04/07 11:12:35 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2014/04/07 11:11:45 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2014/04/07 11:11:44 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2014/04/07 11:11:42 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2014/04/07 10:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2014/04/07 09:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Desktop\avira_registry_cleaner_en
[2014/04/15 17:00:12 | 000,000,969 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/03/29 17:14:42 | 000,000,163 | ---- | M] () -- C:\WINDOWS\Reimage.ini
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\Key West and Florida Keys Screen Saver.scr:�SummaryInformation
:Services
:Reg
:Files
C:\FRST
:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...
Download Security Check from here or here and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Click on "Run ESET Online Scanner" button.
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
-
April 17th, 2014, 03:21 PM
#23
Below is first log... unable to open "security check" I can get into the forums, but when I click on the security check it says the web page can not be found.
hold on others, to do in order you advised Thank you
All processes killed
========== OTL ==========
Service vToolbarUpdater18.0.5 stopped successfully!
Service vToolbarUpdater18.0.5 deleted successfully!
File C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll not found.
Service AntiVirService stopped successfully!
Service AntiVirService deleted successfully!
File C:\Program Files\Avira\AntiVir Desktop\avguard.exe not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service SMPLSCSI stopped successfully!
Service SMPLSCSI deleted successfully!
File System32\drivers\SMPLSCSI.SYS not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service ONSIO stopped successfully!
Service ONSIO deleted successfully!
File C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service cpuz134 stopped successfully!
Service cpuz134 deleted successfully!
File C:\DOCUME~1\Donna\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Service ASPI32 stopped successfully!
Service ASPI32 deleted successfully!
Service avipbb stopped successfully!
Service avipbb deleted successfully!
C:\WINDOWS\system32\drivers\avipbb.sys moved successfully.
Error: Unable to stop service avgntflt!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntflt deleted successfully.
C:\WINDOWS\system32\drivers\avgntflt.sys moved successfully.
HKU\S-1-5-21-1220945662-688789844-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_USERS\S-1-5-21-1220945662-688789844-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1220945662-688789844-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}\ not found.
Registry value HKEY_USERS\S-1-5-21-1220945662-688789844-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry key HKEY_USERS\S-1-5-21-1220945662-688789844-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@surf.mar@/\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\WINDOWS\system32\drivers\ssmdrv.sys moved successfully.
C:\WINDOWS\system32\drivers\avkmgr.sys moved successfully.
File C:\WINDOWS\System32\drivers\avipbb.sys not found.
File C:\WINDOWS\System32\drivers\avgntflt.sys not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Avira\Avira Desktop folder moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Avira folder moved successfully.
C:\Documents and Settings\Donna\Desktop\avira_registry_cleaner_en\en-us folder moved successfully.
C:\Documents and Settings\Donna\Desktop\avira_registry_cleaner_en folder moved successfully.
C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk moved successfully.
C:\WINDOWS\Reimage.ini moved successfully.
ADS C:\WINDOWS\Key West and Florida Keys Screen Saver.scr:�SummaryInformation deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Donna
->Temp folder emptied: 3693265 bytes
->Temporary Internet Files folder emptied: 24994483 bytes
->Flash cache emptied: 320384 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65670 bytes
->Google Chrome cache emptied: 6294938 bytes
->Flash cache emptied: 300 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Tom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 38357 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1260238 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 35.00 mb
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default User
User: Donna
User: LocalService
User: NetworkService
User: Tom
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: Donna
->Flash cache emptied: 0 bytes
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
User: Tom
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04172014_150028
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
April 17th, 2014, 04:03 PM
#24
There is a problem with Security Check links.
Get it from here: http://www.smartestcomputing.us.com/...securitycheck/
-
April 21st, 2014, 04:11 PM
#25
new results last scan left to do
thank you
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Spyware Terminator
Adobe Reader X (10.1.9)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
Farbar Service Scanner Version: 25-02-2014
Ran by Donna (administrator) on 21-04-2014 at 15:56:09
Running from "C:\Documents and Settings\Donna\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.
**** End of log ****
Could not find a log to send for TFC. am I doing something wrong ?
-
April 21st, 2014, 09:08 PM
#26
I don't need TFC log.
I need Eset log though.
-
April 22nd, 2014, 05:23 PM
#27
I seem to have made a mess of ESET. It said 1 scan or 30 days, the only download I could find was for 30 days antiviris scanner. I downloaded this and none of your instructions could be followed. Now I am at the point that I have to activate the antiviral, which I am afraid to do since it's not in your instructions. Please advise Thank you
-
April 22nd, 2014, 06:49 PM
#28
You downloaded and installed Eset anitivirus program.
Uninstall it and follow my instructions how to perform ONLINE SCANNER.
-
April 23rd, 2014, 09:58 AM
#29
I deleted the antivirus, which has now come back... I however can not get to the ESET Online scanner. I found a drop down box at the bottom of the screen that will list "on line scanner" but when you push go it simply comes back to the same page.... at the top of the same page on the right is the scanner, which tells you how to procede as it opens but I cannot find a way to open... please help
-
April 23rd, 2014, 01:05 PM
#30
I deleted the antivirus, which has now come back
Say again?
As for online scanner try different browser.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
