IE works in safe mode only
- Thread starter jacobi239
- Start date
Does it open in regular mode and just don't go anywhere or what exactly happens? I would assume you have some sort of malware on your system. Would suggest doing the following.
1.
Please download AdwCleaner by Xplode onto your Desktop.
•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
2.
Please download Junkware Removal Tool to your desktop.
•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.
3.
Please download Malwarebytes' Anti-Malware and save it to your desktop.
If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.
EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE
But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.
Please post the log that Malwarebytes displays on your screen.
4.
Download OTL to your Desktop
•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.
post the logs from the following 4 programs.
1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
1.
Please download AdwCleaner by Xplode onto your Desktop.
•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
2.
Please download Junkware Removal Tool to your desktop.
•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.
3.
Please download Malwarebytes' Anti-Malware and save it to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
- then click Finish.
- If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware
If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.
EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE
But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.
Please post the log that Malwarebytes displays on your screen.
4.
Download OTL to your Desktop
•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.
post the logs from the following 4 programs.
1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
IE works only in safe mode
Hi,
and thanks for the advice.My IE starts and then no responce.
I done 2 projects so far I couldn't disable my avg while doing junk renoval.
# AdwCleaner v3.023 - Report created 17/04/2014 at 10:27:22
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - YOUR-W04GTXLD67
# Running from : C:\Documents and Settings\Administrator\Local Settings\Temp\dlm1.tmp\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : BackupStack
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard
Folder Deleted : C:\Program Files\BrowserSafeguard
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AirInstaller
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\PCFixSpeed
Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Documents and Settings\Administrator\My Documents\PC Health Kit
File Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Documents and Settings\Administrator\Desktop\MyPC Backup.lnk
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v28.0 (en-US)
[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mvexwpgc.default\prefs.js ]
[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oj99jesp.default\prefs.js ]
-\\ Google Chrome v34.0.1847.116
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4116 octets] - [17/04/2014 10:23:39]
AdwCleaner[S0].txt - [3955 octets] - [17/04/2014 10:27:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4015 octets] ##########
-------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Thu 04/17/2014 at 10:57:31.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\hot deals"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/17/2014 at 11:03:17.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hi,
and thanks for the advice.My IE starts and then no responce.
I done 2 projects so far I couldn't disable my avg while doing junk renoval.
# AdwCleaner v3.023 - Report created 17/04/2014 at 10:27:22
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - YOUR-W04GTXLD67
# Running from : C:\Documents and Settings\Administrator\Local Settings\Temp\dlm1.tmp\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : BackupStack
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard
Folder Deleted : C:\Program Files\BrowserSafeguard
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AirInstaller
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\PCFixSpeed
Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Documents and Settings\Administrator\My Documents\PC Health Kit
File Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Documents and Settings\Administrator\Desktop\MyPC Backup.lnk
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v28.0 (en-US)
[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mvexwpgc.default\prefs.js ]
[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oj99jesp.default\prefs.js ]
-\\ Google Chrome v34.0.1847.116
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4116 octets] - [17/04/2014 10:23:39]
AdwCleaner[S0].txt - [3955 octets] - [17/04/2014 10:27:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4015 octets] ##########
-------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Thu 04/17/2014 at 10:57:31.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\hot deals"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/17/2014 at 11:03:17.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 4/17/2014 4:54:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
447.48 Mb Total Physical Memory | 87.28 Mb Available Physical Memory | 19.50% Memory free
1.03 Gb Paging File | 0.77 Gb Available in Paging File | 74.91% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.64 Gb Total Space | 51.27 Gb Free Space | 73.62% Space Free | Partition Type: NTFS
Drive D: | 4.87 Gb Total Space | 0.96 Gb Free Space | 19.76% Space Free | Partition Type: FAT32
Computer Name: YOUR-W04GTXLD67 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/04/17 16:54:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/04/06 17:12:06 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/31 06:21:00 | 001,805,624 | ---- | M] (AVG) [Auto | Stopped] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2014/03/31 06:20:58 | 000,035,640 | ---- | M] (AVG) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2014/03/15 03:40:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/23 22:22:30 | 003,782,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (mrtRate)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/04/17 16:12:58 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/02/10 13:06:30 | 000,012,320 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2014/01/19 22:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/11/25 22:56:22 | 000,210,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/11/25 22:56:22 | 000,149,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/11/25 22:49:18 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/01 00:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 23:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/01 01:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/10 01:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 17:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/08/03 23:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/10/11 07:15:45 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/09/03 01:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/07/30 04:15:00 | 000,126,348 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvcap.sys -- (nvcap)
DRV - [2003/07/30 04:15:00 | 000,013,006 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvxbar.sys -- (NVXBAR)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2003/07/02 01:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/06/19 03:59:00 | 000,140,800 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/05/06 17:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/04/28 08:13:06 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/04/11 10:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/02/20 18:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 00:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2014/04/12 11:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2014/04/12 16:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oj99jesp.default\extensions
[2014/04/08 09:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/04/08 09:53:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2002/08/29 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [PC Clean Maestro Startup] "C:\Program Files\CompuClever\PC Clean Maestro\pccum.exe" /systray File not found
O4 - HKCU..\Run: [RecordNow!] File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe (Adobe Systems Incorporated)
O4 - HKCU..\RunOnce: [Install Spybot - Search & Destroy] C:\Documents and Settings\Administrator\Local Settings\Temp\air4F.exe (Safer-Networking Ltd. )
O4 - HKCU..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[S0].txt ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\mswsock.dll File not found
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1396457108359 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1396567406078 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96B400D7-4128-44C4-9D7C-7D885FFC8225}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/11 05:16:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/04/17 16:54:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/04/17 15:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/17 15:46:44 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/17 15:46:44 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/17 15:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/17 15:44:04 | 017,305,616 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-2.0.1.1004.exe
[2014/04/17 10:57:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/04/17 10:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG2014
[2014/04/17 10:48:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
[2014/04/17 10:22:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/17 10:20:07 | 000,929,416 | ---- | C] (CNET Download.com) -- C:\Documents and Settings\Administrator\Desktop\cbsidlm-cbsi188-AdwCleaner-SEO-75851221.exe
[2014/04/16 14:25:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJQuickMenu
[2014/04/16 13:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2014/04/16 12:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MG2500 series User Registration
[2014/04/16 12:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2014/04/16 12:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
[2014/04/16 12:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MG2500 series Manual
[2014/04/16 12:43:50 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2014/04/16 11:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2014/04/16 11:40:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2014/04/13 17:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\System Optimizer Pro
[2014/04/13 16:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline
[2014/04/13 11:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014/04/13 11:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2014/04/13 11:38:34 | 004,845,384 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\spsetup125.exe
[2014/04/12 17:03:20 | 000,982,016 | ---- | C] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\MiniToolBox.exe
[2014/04/12 11:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2014/04/12 11:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2014/04/12 11:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2014/04/12 11:19:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2014/04/08 18:16:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2014/04/08 18:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2014/04/08 18:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2014/04/08 18:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/04/08 18:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2014/04/08 18:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/04/08 18:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/04/08 18:05:48 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2014/04/08 18:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/04/08 18:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/04/08 18:04:32 | 004,787,368 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup412.exe
[2014/04/08 17:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CompuClever
[2014/04/08 17:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\CompuClever
[2014/04/08 17:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\CompuClever
[2014/04/08 17:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2014/04/08 17:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2014/04/08 17:46:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2014/04/08 17:46:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2014/04/08 17:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\interMute
[2014/04/08 17:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2014/04/08 17:45:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2014/04/08 17:45:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2014/04/08 17:45:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2014/04/08 17:45:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2014/04/08 17:45:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2014/04/08 17:45:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2014/04/08 17:45:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2014/04/08 17:45:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2014/04/08 17:45:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2014/04/08 17:45:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2014/04/08 17:45:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2014/04/08 17:45:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2014/04/08 17:45:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2014/04/08 17:45:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2014/04/08 17:45:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2014/04/08 17:45:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Zone.com Deluxe Games
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\WINDOWS
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Symantec
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sonic
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Online Services
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142000}
[2014/04/07 12:37:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/04/06 17:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014/04/06 17:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/04/06 17:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/04/06 16:38:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/04/06 15:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2014/04/06 15:07:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2014/04/06 13:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2014/04/06 13:12:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2014/04/06 13:12:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2014/04/06 12:55:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2014/04/06 12:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014/04/06 12:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/04/06 12:54:16 | 000,000,000 | ---D | C] -- C:\236ad1633a15eb7b2aa2604e
[2014/04/06 12:52:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2014/04/05 16:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2014/04/05 16:50:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2014/04/05 16:50:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2014/04/05 16:50:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2014/04/05 16:41:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2014/04/05 16:32:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2014/04/05 15:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
447.48 Mb Total Physical Memory | 87.28 Mb Available Physical Memory | 19.50% Memory free
1.03 Gb Paging File | 0.77 Gb Available in Paging File | 74.91% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.64 Gb Total Space | 51.27 Gb Free Space | 73.62% Space Free | Partition Type: NTFS
Drive D: | 4.87 Gb Total Space | 0.96 Gb Free Space | 19.76% Space Free | Partition Type: FAT32
Computer Name: YOUR-W04GTXLD67 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/04/17 16:54:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/04/06 17:12:06 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/31 06:21:00 | 001,805,624 | ---- | M] (AVG) [Auto | Stopped] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2014/03/31 06:20:58 | 000,035,640 | ---- | M] (AVG) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2014/03/15 03:40:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/23 22:22:30 | 003,782,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (mrtRate)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/04/17 16:12:58 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/02/10 13:06:30 | 000,012,320 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2014/01/19 22:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/11/25 22:56:22 | 000,210,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/11/25 22:56:22 | 000,149,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/11/25 22:49:18 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/01 00:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 23:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/01 01:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/10 01:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 17:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/08/03 23:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/10/11 07:15:45 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/09/03 01:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/07/30 04:15:00 | 000,126,348 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvcap.sys -- (nvcap)
DRV - [2003/07/30 04:15:00 | 000,013,006 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvxbar.sys -- (NVXBAR)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2003/07/02 01:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/06/19 03:59:00 | 000,140,800 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/05/06 17:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/04/28 08:13:06 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/04/11 10:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/02/20 18:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 00:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2014/04/12 11:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2014/04/12 16:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oj99jesp.default\extensions
[2014/04/08 09:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/04/08 09:53:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2002/08/29 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [PC Clean Maestro Startup] "C:\Program Files\CompuClever\PC Clean Maestro\pccum.exe" /systray File not found
O4 - HKCU..\Run: [RecordNow!] File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe (Adobe Systems Incorporated)
O4 - HKCU..\RunOnce: [Install Spybot - Search & Destroy] C:\Documents and Settings\Administrator\Local Settings\Temp\air4F.exe (Safer-Networking Ltd. )
O4 - HKCU..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[S0].txt ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\mswsock.dll File not found
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1396457108359 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1396567406078 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96B400D7-4128-44C4-9D7C-7D885FFC8225}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/11 05:16:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/04/17 16:54:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/04/17 15:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/17 15:46:44 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/17 15:46:44 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/17 15:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/17 15:44:04 | 017,305,616 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-2.0.1.1004.exe
[2014/04/17 10:57:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/04/17 10:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG2014
[2014/04/17 10:48:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
[2014/04/17 10:22:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/17 10:20:07 | 000,929,416 | ---- | C] (CNET Download.com) -- C:\Documents and Settings\Administrator\Desktop\cbsidlm-cbsi188-AdwCleaner-SEO-75851221.exe
[2014/04/16 14:25:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJQuickMenu
[2014/04/16 13:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2014/04/16 12:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MG2500 series User Registration
[2014/04/16 12:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2014/04/16 12:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
[2014/04/16 12:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MG2500 series Manual
[2014/04/16 12:43:50 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2014/04/16 11:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2014/04/16 11:40:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2014/04/13 17:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\System Optimizer Pro
[2014/04/13 16:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline
[2014/04/13 11:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014/04/13 11:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2014/04/13 11:38:34 | 004,845,384 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\spsetup125.exe
[2014/04/12 17:03:20 | 000,982,016 | ---- | C] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\MiniToolBox.exe
[2014/04/12 11:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2014/04/12 11:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2014/04/12 11:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2014/04/12 11:19:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2014/04/08 18:16:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2014/04/08 18:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2014/04/08 18:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2014/04/08 18:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/04/08 18:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2014/04/08 18:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/04/08 18:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/04/08 18:05:48 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2014/04/08 18:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/04/08 18:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/04/08 18:04:32 | 004,787,368 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup412.exe
[2014/04/08 17:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CompuClever
[2014/04/08 17:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\CompuClever
[2014/04/08 17:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\CompuClever
[2014/04/08 17:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2014/04/08 17:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2014/04/08 17:46:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2014/04/08 17:46:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2014/04/08 17:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\interMute
[2014/04/08 17:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2014/04/08 17:45:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2014/04/08 17:45:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2014/04/08 17:45:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2014/04/08 17:45:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2014/04/08 17:45:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2014/04/08 17:45:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2014/04/08 17:45:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2014/04/08 17:45:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2014/04/08 17:45:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2014/04/08 17:45:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2014/04/08 17:45:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2014/04/08 17:45:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2014/04/08 17:45:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2014/04/08 17:45:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2014/04/08 17:45:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2014/04/08 17:45:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Zone.com Deluxe Games
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\WINDOWS
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Symantec
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sonic
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Online Services
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2014/04/08 17:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142000}
[2014/04/07 12:37:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/04/06 17:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014/04/06 17:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/04/06 17:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/04/06 16:38:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/04/06 15:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2014/04/06 15:07:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2014/04/06 13:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2014/04/06 13:12:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2014/04/06 13:12:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2014/04/06 12:55:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2014/04/06 12:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014/04/06 12:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/04/06 12:54:16 | 000,000,000 | ---D | C] -- C:\236ad1633a15eb7b2aa2604e
[2014/04/06 12:52:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2014/04/05 16:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2014/04/05 16:50:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2014/04/05 16:50:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2014/04/05 16:50:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2014/04/05 16:41:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2014/04/05 16:32:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2014/04/05 15:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2014/04/05 15:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2014/04/03 17:32:36 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/03 17:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/04/03 17:11:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2014/04/03 17:09:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/04/03 17:09:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2014/04/03 16:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AVG
[2014/04/03 16:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2014/04/02 16:48:23 | 000,035,640 | ---- | C] (AVG) -- C:\WINDOWS\System32\uxtuneup.dll
[2014/04/02 16:45:40 | 000,036,152 | ---- | C] (AVG) -- C:\WINDOWS\System32\TURegOpt.exe
[2014/04/02 16:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
[2014/04/02 16:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2014/04/02 16:41:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/04/02 16:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Avg2014
[2014/04/02 16:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2014/04/02 16:04:56 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/04/02 16:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/04/02 16:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/04/02 15:57:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/04/02 15:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/04/02 11:12:35 | 000,000,000 | ---D | C] -- C:\Program Files\InstallConverter bundle uninstaller
[2014/04/02 10:32:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2014/04/02 10:25:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2014/04/02 10:25:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2014/04/02 10:23:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2014/04/02 10:17:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2014/03/31 18:06:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2014/03/30 17:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\InstallConverter
[2014/03/30 17:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter
[2014/03/26 13:48:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2014/03/26 11:46:08 | 000,827,392 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2014/03/26 11:46:08 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2014/03/25 22:34:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/03/25 22:34:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2014/03/25 20:42:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014/03/25 20:26:33 | 000,000,000 | R--D | C] -- C:\Program Files
[2014/03/25 20:26:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2014/03/25 20:26:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2014/03/25 20:26:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2014/03/25 20:26:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2014/03/25 20:26:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2014/03/25 20:26:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2014/03/25 20:26:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2014/03/25 20:26:17 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2014/03/25 20:26:06 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2014/03/25 20:24:39 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2014/03/25 19:49:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/03/25 19:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2014/03/25 19:08:35 | 003,374,640 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\dllcache\tourP.exe
[2014/03/25 19:08:20 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2014/03/25 19:08:20 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2014/03/25 19:04:54 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/04/17 16:54:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/04/17 16:39:45 | 002,954,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Document.rtf
[2014/04/17 16:12:58 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/17 16:11:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/17 15:46:48 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/17 15:45:48 | 017,305,616 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-2.0.1.1004.exe
[2014/04/17 10:36:47 | 000,000,182 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2014/04/17 10:29:42 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/17 10:29:42 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/17 10:29:41 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/04/17 10:20:28 | 000,929,416 | ---- | M] (CNET Download.com) -- C:\Documents and Settings\Administrator\Desktop\cbsidlm-cbsi188-AdwCleaner-SEO-75851221.exe
[2014/04/16 14:39:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/16 14:38:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/16 12:52:09 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Quick Menu.lnk
[2014/04/16 12:44:36 | 000,001,979 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MG2500 series On-screen Manual.lnk
[2014/04/16 12:05:39 | 000,483,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/16 12:05:39 | 000,080,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/04/16 10:49:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/13 11:42:51 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2014/04/13 11:39:42 | 004,845,384 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\spsetup125.exe
[2014/04/12 16:28:24 | 000,982,016 | ---- | M] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\MiniToolBox.exe
[2014/04/12 12:04:21 | 000,000,555 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Pro_sch_FDF323B2-C25E-11E3-B9D5-000EA6422817.job
[2014/04/12 11:40:15 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/04/10 07:39:24 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\How to reset your Internet Explorer proxy settings..website
[2014/04/08 18:29:52 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/04/08 18:29:52 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/04/08 18:18:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/08 18:15:27 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/08 18:11:50 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/04/08 18:07:10 | 004,787,368 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup412.exe
[2014/04/08 17:59:54 | 000,000,875 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Clean Maestro.lnk
[2014/04/08 15:45:45 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/08 09:54:01 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/04/07 20:25:59 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2014/04/07 12:44:41 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2014/04/06 17:02:11 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/04/05 16:41:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2014/04/03 16:06:06 | 000,001,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to wordpad.lnk
[2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/02 16:05:26 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/04/02 10:21:30 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2014/03/31 06:21:06 | 000,036,152 | ---- | M] (AVG) -- C:\WINDOWS\System32\TURegOpt.exe
[2014/03/31 06:20:58 | 000,035,640 | ---- | M] (AVG) -- C:\WINDOWS\System32\uxtuneup.dll
[2014/03/26 11:46:08 | 000,827,392 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2014/03/25 20:39:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2014/03/25 20:38:08 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2014/03/25 19:47:06 | 000,003,694 | RHS- | M] () -- C:\WINDOWS\System32\drivers\HP_DT078A-ABA S6030NX NA410_YC_Pres_QMXK403_E41NAheRED4_4_IKamet2_SASUSTek Computer INC._V2.01_B3.06_T031219_WXH1_L409_M448_J80_7AMD_8Athlon XP 2800+_92.08_111063044_N11063065_P_Z11C1044C_K_A11063059_U11063038_G11067205.MRK
[2014/03/25 19:46:06 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2014/03/25 19:43:46 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/04/17 16:41:48 | 002,954,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Document.rtf
[2014/04/17 15:46:48 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/16 14:48:25 | 000,175,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1328348360-3828850535-3708530146-1003-0.dat
[2014/04/16 14:48:18 | 000,143,502 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/04/16 12:52:09 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Quick Menu.lnk
[2014/04/16 12:44:36 | 000,001,979 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MG2500 series On-screen Manual.lnk
[2014/04/16 11:36:03 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\CNC176DD.TBL
[2014/04/13 11:42:51 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2014/04/12 11:25:00 | 000,000,555 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Pro_sch_FDF323B2-C25E-11E3-B9D5-000EA6422817.job
[2014/04/12 11:16:13 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\How to reset your Internet Explorer proxy settings..website
[2014/04/08 18:33:45 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/08 18:14:17 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/08 18:11:50 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/04/08 18:08:43 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/08 18:06:00 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/04/08 18:06:00 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/04/08 18:06:00 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/04/08 18:05:53 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/04/08 17:59:54 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Clean Maestro.lnk
[2014/04/08 17:47:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/08 17:45:31 | 000,014,546 | ---- | C] () -- C:\Documents and Settings\Administrator\ml1.srt
[2014/04/08 17:45:31 | 000,014,236 | ---- | C] () -- C:\Documents and Settings\Administrator\ml2.srt
[2014/04/08 17:45:31 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/04/08 17:45:31 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/08 17:45:31 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RealOne Player.lnk
[2014/04/08 17:45:31 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2014/04/08 17:45:31 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2014/04/08 17:45:30 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2014/04/08 17:45:30 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2014/04/08 17:45:30 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2014/04/08 17:45:30 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2014/04/08 09:54:01 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/04/08 09:54:01 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/04/07 20:26:00 | 000,001,903 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2014/04/07 20:26:00 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2014/04/07 20:26:00 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
[2014/04/06 17:12:08 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/06 17:02:25 | 000,000,222 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/06 17:02:24 | 000,000,216 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/06 13:54:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/04/06 13:54:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2014/04/05 16:50:45 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2014/04/05 16:50:45 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2014/04/05 16:50:45 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2014/04/05 16:50:44 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2014/04/05 16:50:44 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2014/04/05 16:50:44 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2014/04/05 16:50:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2014/04/05 16:50:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2014/04/05 16:50:44 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2014/04/05 16:50:44 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2014/04/05 16:50:44 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2014/04/05 16:50:43 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2014/04/05 16:50:43 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2014/04/05 16:50:43 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2014/04/05 16:50:43 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2014/04/05 16:50:43 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2014/04/05 16:50:43 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2014/04/05 16:50:43 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2014/04/05 16:50:42 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2014/04/05 16:50:42 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2014/04/05 16:50:42 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2014/04/05 16:50:42 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2014/04/05 16:50:42 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2014/04/05 16:50:42 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2014/04/05 16:50:42 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2014/04/05 16:50:42 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2014/04/05 16:50:42 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2014/04/05 16:50:42 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2014/04/05 16:50:42 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2014/04/05 16:50:42 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2014/04/05 16:50:42 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2014/04/05 16:50:42 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2014/04/05 16:50:42 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2014/04/05 16:50:41 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2014/04/05 16:50:41 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2014/04/05 16:50:41 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2014/04/05 16:50:41 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2014/04/05 16:50:41 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2014/04/05 16:50:41 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2014/04/05 16:50:41 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2014/04/05 16:50:41 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2014/04/05 16:50:41 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2014/04/05 16:50:41 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2014/04/05 16:50:41 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2014/04/05 16:50:41 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2014/04/05 16:50:41 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2014/04/05 16:50:41 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2014/04/05 16:50:41 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2014/04/05 16:50:41 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2014/04/05 16:50:41 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2014/04/05 16:50:41 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2014/04/05 16:50:41 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2014/04/05 16:50:41 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2014/04/05 16:50:41 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2014/04/05 16:50:41 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2014/04/05 16:50:41 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2014/04/05 16:50:41 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2014/04/05 16:50:40 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2014/04/05 16:50:40 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2014/04/05 16:50:40 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2014/04/05 16:50:40 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2014/04/05 16:50:40 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2014/04/05 16:50:40 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2014/04/05 16:50:40 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2014/04/05 16:50:39 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2014/04/05 16:50:39 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2014/04/05 16:50:39 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2014/04/05 16:50:39 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2014/04/05 16:50:38 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2014/04/05 16:50:38 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2014/04/05 16:50:38 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2014/04/05 16:50:38 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2014/04/05 16:50:38 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2014/04/05 16:50:38 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2014/04/05 16:50:38 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2014/04/05 16:50:38 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2014/04/05 16:50:38 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2014/04/05 16:50:38 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2014/04/05 16:50:38 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2014/04/05 16:50:37 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2014/04/03 16:06:06 | 000,001,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to wordpad.lnk
[2014/04/02 16:45:30 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
[2014/04/02 16:05:26 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/04/02 11:39:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\UpdtNv28.exe
[2014/04/02 10:26:12 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2014/04/02 10:26:12 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2014/04/02 10:26:11 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2014/03/25 22:34:24 | 000,000,196 | RHS- | C] () -- C:\BOOT.BAK
[2014/03/25 22:34:22 | 000,245,920 | RHS- | C] () -- C:\cmldr
[2014/03/25 20:41:14 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2014/03/25 20:38:53 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2014/03/25 20:36:35 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2014/03/25 19:47:06 | 000,003,694 | RHS- | C] () -- C:\WINDOWS\System32\drivers\HP_DT078A-ABA S6030NX NA410_YC_Pres_QMXK403_E41NAheRED4_4_IKamet2_SASUSTek Computer INC._V2.01_B3.06_T031219_WXH1_L409_M448_J80_7AMD_8Athlon XP 2800+_92.08_111063044_N11063065_P_Z11C1044C_K_A11063059_U11063038_G11067205.MRK
[2014/03/25 19:08:51 | 000,021,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\XMLDSOC.CAT
[2014/03/25 19:08:48 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2014/03/25 19:08:44 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\win87em.dll
[2014/03/25 19:08:43 | 001,326,080 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi
[2014/03/25 19:08:43 | 000,390,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WFC.CAT
[2014/03/25 19:08:42 | 000,937,984 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.sve
[2014/03/25 19:08:42 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\wdl.trm
[2014/03/25 19:08:41 | 001,095,680 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.nld
[2014/03/25 19:08:41 | 000,957,440 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.enu
[2014/03/25 19:08:41 | 000,867,840 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.ita
[2014/03/25 19:08:41 | 000,786,944 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.fra
[2014/03/25 19:08:41 | 000,750,080 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.esn
[2014/03/25 19:08:40 | 001,309,184 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.deu
[2014/03/25 19:08:40 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.sve
[2014/03/25 19:08:40 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.nld
[2014/03/25 19:08:40 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.ita
[2014/03/25 19:08:40 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.fra
[2014/03/25 19:08:40 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.esn
[2014/03/25 19:08:40 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.enu
[2014/03/25 19:08:40 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.deu
[2014/03/25 19:08:40 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2014/03/25 19:08:37 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tsd32.dll
[2014/03/25 19:08:33 | 000,022,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\TCLASSES.CAT
[2014/03/25 19:08:32 | 000,003,577 | ---- | C] () -- C:\WINDOWS\System32\sysprtj.sep
[2014/03/25 19:08:32 | 000,003,214 | ---- | C] () -- C:\WINDOWS\System32\sysprint.sep
[2014/03/25 19:08:30 | 000,046,133 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm
[2014/03/25 19:08:30 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2014/03/25 19:08:23 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\share.exe
[2014/03/25 19:08:22 | 000,033,464 | ---- | C] () -- C:\WINDOWS\System32\services.msc
[2014/03/25 19:08:20 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2014/03/25 19:08:20 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2014/03/25 19:08:19 | 000,003,167 | ---- | C] () -- C:\WINDOWS\System32\rsaci.rat
[2014/03/25 19:08:17 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2014/03/25 19:08:17 | 000,003,708 | ---- | C] () -- C:\WINDOWS\System32\pubprn.vbs
[2014/03/25 19:08:17 | 000,003,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs
[2014/03/25 19:08:17 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\pscript.sep
[2014/03/25 19:08:12 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2014/03/25 19:08:12 | 000,058,273 | R--- | C] () -- C:\WINDOWS\System32\perfmon.msc
[2014/03/25 19:08:12 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2014/03/25 19:08:11 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\pcl.sep
[2014/03/25 19:08:09 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2014/03/25 19:08:09 | 000,006,788 | ---- | C] () -- C:\WINDOWS\System32\oembios.sig
[2014/03/25 19:08:09 | 000,006,788 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.sig
[2014/03/25 19:08:09 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2014/03/25 19:08:09 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.dat
[2014/03/25 19:08:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2014/03/25 19:08:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.bin
[2014/03/25 19:08:05 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2014/03/25 19:08:03 | 000,032,968 | ---- | C] () -- C:\WINDOWS\System32\ntmsoprq.msc
[2014/03/25 19:08:03 | 000,026,209 | ---- | C] () -- C:\WINDOWS\System32\ntmsmgr.msc
[2014/03/25 19:08:02 | 000,048,794 | ---- | C] () -- C:\WINDOWS\System32\ntimage.gif
[2014/03/25 19:08:02 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys
[2014/03/25 19:08:02 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys
[2014/03/25 19:08:02 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys
[2014/03/25 19:08:02 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys
[2014/03/25 19:08:02 | 000,027,866 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos.sys
[2014/03/25 19:08:01 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2014/03/25 19:08:00 | 000,149,848 | ---- | C] () -- C:\WINDOWS\System32\noise.deu
[2014/03/25 19:08:00 | 000,049,196 | ---- | C] () -- C:\WINDOWS\System32\noise.fra
[2014/03/25 19:08:00 | 000,019,684 | ---- | C] () -- C:\WINDOWS\System32\noise.esn
[2014/03/25 19:08:00 | 000,019,618 | ---- | C] () -- C:\WINDOWS\System32\noise.ita
[2014/03/25 19:08:00 | 000,013,730 | ---- | C] () -- C:\WINDOWS\System32\noise.sve
[2014/03/25 19:08:00 | 000,013,256 | ---- | C] () -- C:\WINDOWS\System32\noise.nld
[2014/03/25 19:08:00 | 000,007,052 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe
[2014/03/25 19:08:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2014/03/25 19:08:00 | 000,000,697 | ---- | C] () -- C:\WINDOWS\System32\noise.tha
[2014/03/25 19:07:59 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2014/03/25 19:07:57 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2014/03/25 19:07:50 | 000,014,031 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSJDBC.CAT
[2014/03/25 19:07:47 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2014/03/25 19:07:47 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2014/03/25 19:07:47 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2014/03/25 19:07:46 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe
[2014/03/25 19:07:43 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2014/03/25 19:07:42 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2014/03/25 19:07:40 | 000,039,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mem.exe
[2014/03/25 19:07:39 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2014/03/25 19:07:39 | 000,024,124 | ---- | C] () -- C:\WINDOWS\System32\dllcache\marlett.ttf
[2014/03/25 19:06:23 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2014/03/25 19:06:23 | 000,000,707 | ---- | C] () -- C:\WINDOWS\_default.pif
[2014/03/25 19:06:18 | 000,018,832 | ---- | C] () -- C:\WINDOWS\System32\v7vga.rom
[2014/03/25 19:06:16 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2014/03/25 19:06:16 | 000,042,166 | ---- | C] () -- C:\WINDOWS\System32\lusrmgr.msc
[2014/03/25 19:05:42 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\dllcache\key01.sys
[2014/03/25 19:05:42 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\dllcache\keyboard.sys
[2014/03/25 19:05:40 | 000,956,990 | ---- | C] () -- C:\WINDOWS\System32\instcat.sql
[2014/03/25 19:05:38 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2014/03/25 19:05:38 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2014/03/25 19:05:37 | 000,004,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\himem.sys
[2014/03/25 19:05:36 | 000,021,232 | ---- | C] () -- C:\WINDOWS\System32\graphics.pro
[2014/03/25 19:05:34 | 003,440,660 | ---- | C] () -- C:\WINDOWS\System32\drivers\gm.dls
[2014/03/25 19:05:33 | 000,152,844 | ---- | C] () -- C:\WINDOWS\System32\dllcache\framdit.ttf
[2014/03/25 19:05:33 | 000,135,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\framd.ttf
[2014/03/25 19:05:33 | 000,032,760 | ---- | C] () -- C:\WINDOWS\System32\fsmgmt.msc
[2014/03/25 19:05:32 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fastopen.exe
[2014/03/25 19:05:32 | 000,000,080 | ---- | C] () -- C:\WINDOWS\explorer.scf
[2014/03/25 19:05:31 | 000,127,213 | ---- | C] () -- C:\WINDOWS\System32\ega.cpi
[2014/03/25 19:05:31 | 000,056,678 | ---- | C] () -- C:\WINDOWS\System32\eventvwr.msc
[2014/03/25 19:05:31 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\edlin.exe
[2014/03/25 19:05:31 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe
[2014/03/25 19:05:31 | 000,006,708 | ---- | C] () -- C:\WINDOWS\System32\esentprf.hxx
[2014/03/25 19:05:30 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2014/03/25 19:05:30 | 000,052,311 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DX3.CAT
[2014/03/25 19:05:29 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2014/03/25 19:05:29 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\dsound.vxd
[2014/03/25 19:05:04 | 000,041,397 | ---- | C] () -- C:\WINDOWS\System32\dfrg.msc
[2014/03/25 19:05:04 | 000,033,673 | ---- | C] () -- C:\WINDOWS\System32\diskmgmt.msc
[2014/03/25 19:05:03 | 000,056,081 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DAJAVAC.CAT
[2014/03/25 19:05:03 | 000,033,079 | ---- | C] () -- C:\WINDOWS\System32\devmgmt.msc
[2014/03/25 19:05:03 | 000,020,634 | ---- | C] () -- C:\WINDOWS\System32\dllcache\debug.exe
[2014/03/25 19:05:03 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2014/03/25 19:05:00 | 000,038,302 | ---- | C] () -- C:\WINDOWS\System32\compmgmt.msc
[2014/03/25 19:05:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\dllcache\country.sys
[2014/03/25 19:04:56 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\cmos.ram
[2014/03/25 19:04:55 | 000,657,548 | ---- | C] () -- C:\WINDOWS\System32\dllcache\CLASSES.CAT
[2014/03/25 19:04:55 | 000,082,944 | ---- | C] () -- C:\WINDOWS\clock.avi
[2014/03/25 19:04:55 | 000,071,859 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm
[2014/03/25 19:04:54 | 000,042,339 | ---- | C] () -- C:\WINDOWS\System32\certmgr.msc
[2014/03/25 19:04:54 | 000,041,762 | ---- | C] () -- C:\WINDOWS\System32\ciadv.msc
[2014/03/25 19:04:53 | 000,028,420 | ---- | C] () -- C:\WINDOWS\System32\bios1.rom
[2014/03/25 19:04:53 | 000,008,191 | ---- | C] () -- C:\WINDOWS\System32\bios4.rom
[2014/03/25 19:04:44 | 000,012,498 | ---- | C] () -- C:\WINDOWS\System32\dllcache\append.exe
[2014/03/25 19:04:44 | 000,009,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ansi.sys
[2014/03/25 19:04:43 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\dllcache\12520850.cpx
[2014/03/25 19:04:43 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\12520850.cpx
[2014/03/25 19:04:43 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\12520437.cpx
[2014/03/25 19:04:43 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\12520437.cpx
========== ZeroAccess Check ==========
[2003/10/11 05:44:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/04/17 10:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG2014
[2014/04/08 17:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CompuClever
[2003/10/14 08:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\interMute
[2014/04/13 16:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline
[2003/10/11 08:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2014/04/02 16:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2014/04/06 17:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/04/16 11:40:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2014/04/16 13:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2014/04/16 14:25:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJQuickMenu
[2014/04/16 12:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2014/04/02 15:57:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/04/17 10:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/04/02 16:51:53 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
========== Purity Check ==========
< End of report >
[2014/04/03 17:32:36 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/03 17:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/04/03 17:11:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2014/04/03 17:09:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/04/03 17:09:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2014/04/03 16:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AVG
[2014/04/03 16:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2014/04/02 16:48:23 | 000,035,640 | ---- | C] (AVG) -- C:\WINDOWS\System32\uxtuneup.dll
[2014/04/02 16:45:40 | 000,036,152 | ---- | C] (AVG) -- C:\WINDOWS\System32\TURegOpt.exe
[2014/04/02 16:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
[2014/04/02 16:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2014/04/02 16:41:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/04/02 16:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Avg2014
[2014/04/02 16:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2014/04/02 16:04:56 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/04/02 16:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/04/02 16:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/04/02 15:57:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/04/02 15:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/04/02 11:12:35 | 000,000,000 | ---D | C] -- C:\Program Files\InstallConverter bundle uninstaller
[2014/04/02 10:32:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2014/04/02 10:25:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2014/04/02 10:25:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2014/04/02 10:23:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2014/04/02 10:17:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2014/03/31 18:06:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2014/03/30 17:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\InstallConverter
[2014/03/30 17:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter
[2014/03/26 13:48:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2014/03/26 11:46:08 | 000,827,392 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2014/03/26 11:46:08 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2014/03/25 22:34:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/03/25 22:34:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2014/03/25 20:42:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014/03/25 20:26:33 | 000,000,000 | R--D | C] -- C:\Program Files
[2014/03/25 20:26:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2014/03/25 20:26:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2014/03/25 20:26:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2014/03/25 20:26:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2014/03/25 20:26:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2014/03/25 20:26:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2014/03/25 20:26:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2014/03/25 20:26:17 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2014/03/25 20:26:06 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2014/03/25 20:24:39 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2014/03/25 19:49:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/03/25 19:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2014/03/25 19:08:35 | 003,374,640 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\dllcache\tourP.exe
[2014/03/25 19:08:20 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2014/03/25 19:08:20 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2014/03/25 19:04:54 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/04/17 16:54:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/04/17 16:39:45 | 002,954,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Document.rtf
[2014/04/17 16:12:58 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/17 16:11:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/17 15:46:48 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/17 15:45:48 | 017,305,616 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-2.0.1.1004.exe
[2014/04/17 10:36:47 | 000,000,182 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2014/04/17 10:29:42 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/17 10:29:42 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/17 10:29:41 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/04/17 10:20:28 | 000,929,416 | ---- | M] (CNET Download.com) -- C:\Documents and Settings\Administrator\Desktop\cbsidlm-cbsi188-AdwCleaner-SEO-75851221.exe
[2014/04/16 14:39:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/16 14:38:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/16 12:52:09 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Quick Menu.lnk
[2014/04/16 12:44:36 | 000,001,979 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MG2500 series On-screen Manual.lnk
[2014/04/16 12:05:39 | 000,483,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/16 12:05:39 | 000,080,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/04/16 10:49:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/13 11:42:51 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2014/04/13 11:39:42 | 004,845,384 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\spsetup125.exe
[2014/04/12 16:28:24 | 000,982,016 | ---- | M] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\MiniToolBox.exe
[2014/04/12 12:04:21 | 000,000,555 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Pro_sch_FDF323B2-C25E-11E3-B9D5-000EA6422817.job
[2014/04/12 11:40:15 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/04/10 07:39:24 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\How to reset your Internet Explorer proxy settings..website
[2014/04/08 18:29:52 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/04/08 18:29:52 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/04/08 18:18:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/08 18:15:27 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/08 18:11:50 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/04/08 18:07:10 | 004,787,368 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup412.exe
[2014/04/08 17:59:54 | 000,000,875 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Clean Maestro.lnk
[2014/04/08 15:45:45 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/08 09:54:01 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/04/07 20:25:59 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2014/04/07 12:44:41 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2014/04/06 17:02:11 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/04/05 16:41:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2014/04/03 16:06:06 | 000,001,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to wordpad.lnk
[2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/02 16:05:26 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/04/02 10:21:30 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2014/03/31 06:21:06 | 000,036,152 | ---- | M] (AVG) -- C:\WINDOWS\System32\TURegOpt.exe
[2014/03/31 06:20:58 | 000,035,640 | ---- | M] (AVG) -- C:\WINDOWS\System32\uxtuneup.dll
[2014/03/26 11:46:08 | 000,827,392 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2014/03/25 20:39:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2014/03/25 20:38:08 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2014/03/25 19:47:06 | 000,003,694 | RHS- | M] () -- C:\WINDOWS\System32\drivers\HP_DT078A-ABA S6030NX NA410_YC_Pres_QMXK403_E41NAheRED4_4_IKamet2_SASUSTek Computer INC._V2.01_B3.06_T031219_WXH1_L409_M448_J80_7AMD_8Athlon XP 2800+_92.08_111063044_N11063065_P_Z11C1044C_K_A11063059_U11063038_G11067205.MRK
[2014/03/25 19:46:06 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2014/03/25 19:43:46 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/04/17 16:41:48 | 002,954,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Document.rtf
[2014/04/17 15:46:48 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/16 14:48:25 | 000,175,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1328348360-3828850535-3708530146-1003-0.dat
[2014/04/16 14:48:18 | 000,143,502 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/04/16 12:52:09 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Quick Menu.lnk
[2014/04/16 12:44:36 | 000,001,979 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MG2500 series On-screen Manual.lnk
[2014/04/16 11:36:03 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\CNC176DD.TBL
[2014/04/13 11:42:51 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2014/04/12 11:25:00 | 000,000,555 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Pro_sch_FDF323B2-C25E-11E3-B9D5-000EA6422817.job
[2014/04/12 11:16:13 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\How to reset your Internet Explorer proxy settings..website
[2014/04/08 18:33:45 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/08 18:14:17 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/08 18:11:50 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/04/08 18:08:43 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/08 18:06:00 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/04/08 18:06:00 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/04/08 18:06:00 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/04/08 18:05:53 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/04/08 17:59:54 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Clean Maestro.lnk
[2014/04/08 17:47:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/08 17:45:31 | 000,014,546 | ---- | C] () -- C:\Documents and Settings\Administrator\ml1.srt
[2014/04/08 17:45:31 | 000,014,236 | ---- | C] () -- C:\Documents and Settings\Administrator\ml2.srt
[2014/04/08 17:45:31 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/04/08 17:45:31 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/08 17:45:31 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RealOne Player.lnk
[2014/04/08 17:45:31 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2014/04/08 17:45:31 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2014/04/08 17:45:30 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2014/04/08 17:45:30 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2014/04/08 17:45:30 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2014/04/08 17:45:30 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2014/04/08 09:54:01 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/04/08 09:54:01 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/04/07 20:26:00 | 000,001,903 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2014/04/07 20:26:00 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2014/04/07 20:26:00 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
[2014/04/06 17:12:08 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/06 17:02:25 | 000,000,222 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/06 17:02:24 | 000,000,216 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/06 13:54:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/04/06 13:54:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2014/04/05 16:50:45 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2014/04/05 16:50:45 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2014/04/05 16:50:45 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2014/04/05 16:50:44 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2014/04/05 16:50:44 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2014/04/05 16:50:44 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2014/04/05 16:50:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2014/04/05 16:50:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2014/04/05 16:50:44 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2014/04/05 16:50:44 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2014/04/05 16:50:44 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2014/04/05 16:50:43 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2014/04/05 16:50:43 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2014/04/05 16:50:43 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2014/04/05 16:50:43 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2014/04/05 16:50:43 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2014/04/05 16:50:43 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2014/04/05 16:50:43 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2014/04/05 16:50:42 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2014/04/05 16:50:42 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2014/04/05 16:50:42 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2014/04/05 16:50:42 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2014/04/05 16:50:42 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2014/04/05 16:50:42 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2014/04/05 16:50:42 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2014/04/05 16:50:42 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2014/04/05 16:50:42 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2014/04/05 16:50:42 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2014/04/05 16:50:42 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2014/04/05 16:50:42 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2014/04/05 16:50:42 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2014/04/05 16:50:42 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2014/04/05 16:50:42 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2014/04/05 16:50:41 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2014/04/05 16:50:41 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2014/04/05 16:50:41 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2014/04/05 16:50:41 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2014/04/05 16:50:41 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2014/04/05 16:50:41 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2014/04/05 16:50:41 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2014/04/05 16:50:41 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2014/04/05 16:50:41 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2014/04/05 16:50:41 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2014/04/05 16:50:41 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2014/04/05 16:50:41 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2014/04/05 16:50:41 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2014/04/05 16:50:41 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2014/04/05 16:50:41 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2014/04/05 16:50:41 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2014/04/05 16:50:41 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2014/04/05 16:50:41 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2014/04/05 16:50:41 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2014/04/05 16:50:41 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2014/04/05 16:50:41 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2014/04/05 16:50:41 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2014/04/05 16:50:41 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2014/04/05 16:50:41 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2014/04/05 16:50:40 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2014/04/05 16:50:40 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2014/04/05 16:50:40 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2014/04/05 16:50:40 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2014/04/05 16:50:40 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2014/04/05 16:50:40 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2014/04/05 16:50:40 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2014/04/05 16:50:39 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2014/04/05 16:50:39 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2014/04/05 16:50:39 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2014/04/05 16:50:39 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2014/04/05 16:50:38 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2014/04/05 16:50:38 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2014/04/05 16:50:38 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2014/04/05 16:50:38 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2014/04/05 16:50:38 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2014/04/05 16:50:38 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2014/04/05 16:50:38 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2014/04/05 16:50:38 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2014/04/05 16:50:38 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2014/04/05 16:50:38 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2014/04/05 16:50:38 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2014/04/05 16:50:37 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2014/04/03 16:06:06 | 000,001,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to wordpad.lnk
[2014/04/02 16:45:30 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
[2014/04/02 16:05:26 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/04/02 11:39:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\UpdtNv28.exe
[2014/04/02 10:26:12 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2014/04/02 10:26:12 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2014/04/02 10:26:11 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2014/03/25 22:34:24 | 000,000,196 | RHS- | C] () -- C:\BOOT.BAK
[2014/03/25 22:34:22 | 000,245,920 | RHS- | C] () -- C:\cmldr
[2014/03/25 20:41:14 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2014/03/25 20:38:53 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2014/03/25 20:36:35 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2014/03/25 19:47:06 | 000,003,694 | RHS- | C] () -- C:\WINDOWS\System32\drivers\HP_DT078A-ABA S6030NX NA410_YC_Pres_QMXK403_E41NAheRED4_4_IKamet2_SASUSTek Computer INC._V2.01_B3.06_T031219_WXH1_L409_M448_J80_7AMD_8Athlon XP 2800+_92.08_111063044_N11063065_P_Z11C1044C_K_A11063059_U11063038_G11067205.MRK
[2014/03/25 19:08:51 | 000,021,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\XMLDSOC.CAT
[2014/03/25 19:08:48 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2014/03/25 19:08:44 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\win87em.dll
[2014/03/25 19:08:43 | 001,326,080 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi
[2014/03/25 19:08:43 | 000,390,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WFC.CAT
[2014/03/25 19:08:42 | 000,937,984 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.sve
[2014/03/25 19:08:42 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\wdl.trm
[2014/03/25 19:08:41 | 001,095,680 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.nld
[2014/03/25 19:08:41 | 000,957,440 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.enu
[2014/03/25 19:08:41 | 000,867,840 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.ita
[2014/03/25 19:08:41 | 000,786,944 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.fra
[2014/03/25 19:08:41 | 000,750,080 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.esn
[2014/03/25 19:08:40 | 001,309,184 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.deu
[2014/03/25 19:08:40 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.sve
[2014/03/25 19:08:40 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.nld
[2014/03/25 19:08:40 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.ita
[2014/03/25 19:08:40 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.fra
[2014/03/25 19:08:40 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.esn
[2014/03/25 19:08:40 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.enu
[2014/03/25 19:08:40 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.deu
[2014/03/25 19:08:40 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2014/03/25 19:08:37 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tsd32.dll
[2014/03/25 19:08:33 | 000,022,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\TCLASSES.CAT
[2014/03/25 19:08:32 | 000,003,577 | ---- | C] () -- C:\WINDOWS\System32\sysprtj.sep
[2014/03/25 19:08:32 | 000,003,214 | ---- | C] () -- C:\WINDOWS\System32\sysprint.sep
[2014/03/25 19:08:30 | 000,046,133 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm
[2014/03/25 19:08:30 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2014/03/25 19:08:23 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\share.exe
[2014/03/25 19:08:22 | 000,033,464 | ---- | C] () -- C:\WINDOWS\System32\services.msc
[2014/03/25 19:08:20 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2014/03/25 19:08:20 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2014/03/25 19:08:19 | 000,003,167 | ---- | C] () -- C:\WINDOWS\System32\rsaci.rat
[2014/03/25 19:08:17 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2014/03/25 19:08:17 | 000,003,708 | ---- | C] () -- C:\WINDOWS\System32\pubprn.vbs
[2014/03/25 19:08:17 | 000,003,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs
[2014/03/25 19:08:17 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\pscript.sep
[2014/03/25 19:08:12 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2014/03/25 19:08:12 | 000,058,273 | R--- | C] () -- C:\WINDOWS\System32\perfmon.msc
[2014/03/25 19:08:12 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2014/03/25 19:08:11 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\pcl.sep
[2014/03/25 19:08:09 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2014/03/25 19:08:09 | 000,006,788 | ---- | C] () -- C:\WINDOWS\System32\oembios.sig
[2014/03/25 19:08:09 | 000,006,788 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.sig
[2014/03/25 19:08:09 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2014/03/25 19:08:09 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.dat
[2014/03/25 19:08:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2014/03/25 19:08:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.bin
[2014/03/25 19:08:05 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2014/03/25 19:08:03 | 000,032,968 | ---- | C] () -- C:\WINDOWS\System32\ntmsoprq.msc
[2014/03/25 19:08:03 | 000,026,209 | ---- | C] () -- C:\WINDOWS\System32\ntmsmgr.msc
[2014/03/25 19:08:02 | 000,048,794 | ---- | C] () -- C:\WINDOWS\System32\ntimage.gif
[2014/03/25 19:08:02 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys
[2014/03/25 19:08:02 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys
[2014/03/25 19:08:02 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys
[2014/03/25 19:08:02 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys
[2014/03/25 19:08:02 | 000,027,866 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos.sys
[2014/03/25 19:08:01 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2014/03/25 19:08:00 | 000,149,848 | ---- | C] () -- C:\WINDOWS\System32\noise.deu
[2014/03/25 19:08:00 | 000,049,196 | ---- | C] () -- C:\WINDOWS\System32\noise.fra
[2014/03/25 19:08:00 | 000,019,684 | ---- | C] () -- C:\WINDOWS\System32\noise.esn
[2014/03/25 19:08:00 | 000,019,618 | ---- | C] () -- C:\WINDOWS\System32\noise.ita
[2014/03/25 19:08:00 | 000,013,730 | ---- | C] () -- C:\WINDOWS\System32\noise.sve
[2014/03/25 19:08:00 | 000,013,256 | ---- | C] () -- C:\WINDOWS\System32\noise.nld
[2014/03/25 19:08:00 | 000,007,052 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe
[2014/03/25 19:08:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2014/03/25 19:08:00 | 000,000,697 | ---- | C] () -- C:\WINDOWS\System32\noise.tha
[2014/03/25 19:07:59 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2014/03/25 19:07:57 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2014/03/25 19:07:50 | 000,014,031 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSJDBC.CAT
[2014/03/25 19:07:47 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2014/03/25 19:07:47 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2014/03/25 19:07:47 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2014/03/25 19:07:46 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe
[2014/03/25 19:07:43 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2014/03/25 19:07:42 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2014/03/25 19:07:40 | 000,039,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mem.exe
[2014/03/25 19:07:39 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2014/03/25 19:07:39 | 000,024,124 | ---- | C] () -- C:\WINDOWS\System32\dllcache\marlett.ttf
[2014/03/25 19:06:23 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2014/03/25 19:06:23 | 000,000,707 | ---- | C] () -- C:\WINDOWS\_default.pif
[2014/03/25 19:06:18 | 000,018,832 | ---- | C] () -- C:\WINDOWS\System32\v7vga.rom
[2014/03/25 19:06:16 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2014/03/25 19:06:16 | 000,042,166 | ---- | C] () -- C:\WINDOWS\System32\lusrmgr.msc
[2014/03/25 19:05:42 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\dllcache\key01.sys
[2014/03/25 19:05:42 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\dllcache\keyboard.sys
[2014/03/25 19:05:40 | 000,956,990 | ---- | C] () -- C:\WINDOWS\System32\instcat.sql
[2014/03/25 19:05:38 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2014/03/25 19:05:38 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2014/03/25 19:05:37 | 000,004,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\himem.sys
[2014/03/25 19:05:36 | 000,021,232 | ---- | C] () -- C:\WINDOWS\System32\graphics.pro
[2014/03/25 19:05:34 | 003,440,660 | ---- | C] () -- C:\WINDOWS\System32\drivers\gm.dls
[2014/03/25 19:05:33 | 000,152,844 | ---- | C] () -- C:\WINDOWS\System32\dllcache\framdit.ttf
[2014/03/25 19:05:33 | 000,135,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\framd.ttf
[2014/03/25 19:05:33 | 000,032,760 | ---- | C] () -- C:\WINDOWS\System32\fsmgmt.msc
[2014/03/25 19:05:32 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fastopen.exe
[2014/03/25 19:05:32 | 000,000,080 | ---- | C] () -- C:\WINDOWS\explorer.scf
[2014/03/25 19:05:31 | 000,127,213 | ---- | C] () -- C:\WINDOWS\System32\ega.cpi
[2014/03/25 19:05:31 | 000,056,678 | ---- | C] () -- C:\WINDOWS\System32\eventvwr.msc
[2014/03/25 19:05:31 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\edlin.exe
[2014/03/25 19:05:31 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe
[2014/03/25 19:05:31 | 000,006,708 | ---- | C] () -- C:\WINDOWS\System32\esentprf.hxx
[2014/03/25 19:05:30 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2014/03/25 19:05:30 | 000,052,311 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DX3.CAT
[2014/03/25 19:05:29 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2014/03/25 19:05:29 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\dsound.vxd
[2014/03/25 19:05:04 | 000,041,397 | ---- | C] () -- C:\WINDOWS\System32\dfrg.msc
[2014/03/25 19:05:04 | 000,033,673 | ---- | C] () -- C:\WINDOWS\System32\diskmgmt.msc
[2014/03/25 19:05:03 | 000,056,081 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DAJAVAC.CAT
[2014/03/25 19:05:03 | 000,033,079 | ---- | C] () -- C:\WINDOWS\System32\devmgmt.msc
[2014/03/25 19:05:03 | 000,020,634 | ---- | C] () -- C:\WINDOWS\System32\dllcache\debug.exe
[2014/03/25 19:05:03 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2014/03/25 19:05:00 | 000,038,302 | ---- | C] () -- C:\WINDOWS\System32\compmgmt.msc
[2014/03/25 19:05:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\dllcache\country.sys
[2014/03/25 19:04:56 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\cmos.ram
[2014/03/25 19:04:55 | 000,657,548 | ---- | C] () -- C:\WINDOWS\System32\dllcache\CLASSES.CAT
[2014/03/25 19:04:55 | 000,082,944 | ---- | C] () -- C:\WINDOWS\clock.avi
[2014/03/25 19:04:55 | 000,071,859 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm
[2014/03/25 19:04:54 | 000,042,339 | ---- | C] () -- C:\WINDOWS\System32\certmgr.msc
[2014/03/25 19:04:54 | 000,041,762 | ---- | C] () -- C:\WINDOWS\System32\ciadv.msc
[2014/03/25 19:04:53 | 000,028,420 | ---- | C] () -- C:\WINDOWS\System32\bios1.rom
[2014/03/25 19:04:53 | 000,008,191 | ---- | C] () -- C:\WINDOWS\System32\bios4.rom
[2014/03/25 19:04:44 | 000,012,498 | ---- | C] () -- C:\WINDOWS\System32\dllcache\append.exe
[2014/03/25 19:04:44 | 000,009,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ansi.sys
[2014/03/25 19:04:43 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\dllcache\12520850.cpx
[2014/03/25 19:04:43 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\12520850.cpx
[2014/03/25 19:04:43 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\12520437.cpx
[2014/03/25 19:04:43 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\12520437.cpx
========== ZeroAccess Check ==========
[2003/10/11 05:44:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/04/17 10:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG2014
[2014/04/08 17:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CompuClever
[2003/10/14 08:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\interMute
[2014/04/13 16:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Tech Hotline
[2003/10/11 08:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2014/04/02 16:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2014/04/06 17:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/04/16 11:40:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2014/04/16 13:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2014/04/16 14:25:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJQuickMenu
[2014/04/16 12:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2014/04/02 15:57:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/04/17 10:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/04/02 16:51:53 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
========== Purity Check ==========
< End of report >
I see you have some old software installed so lets run another scan and post its log along with a log that it does but doesn't show you.
1.
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.
2.
After combofix has ran and produced a log, please navigate to c:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents back here.
Please both both the combofix log and the add-remove programs log.
1.
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
- Download this file here :
Combofix
- When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
- Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
- We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
- Close all open Windows including this one.
- Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
- Please click on I agree on the disclaimer window.
- ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
- ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
- Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
- At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
- Please click on yes in the next window to continue scanning for malware.
- ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
- ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
- While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
- When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
- This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
- When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
- Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.
2.
After combofix has ran and produced a log, please navigate to c:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents back here.
Please both both the combofix log and the add-remove programs log.
ComboFix 14-04-17.01 - Administrator 04/18/2014 11:20:50.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.269 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-03-18 to 2014-04-18 )))))))))))))))))))))))))))))))
.
.
2014-04-17 20:46 . 2014-04-03 14:51 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-17 20:46 . 2014-04-03 14:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-17 15:57 . 2014-04-17 15:57 -------- d-----w- c:\windows\ERUNT
2014-04-17 15:22 . 2014-04-17 15:27 -------- d-----w- C:\AdwCleaner
2014-04-16 16:39 . 2013-03-24 10:00 87040 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPBX.DLL
2014-04-16 16:39 . 2013-03-24 10:00 317952 ----a-w- c:\windows\system32\CNMLMBX.DLL
2014-04-16 16:39 . 2013-03-24 10:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDBX.DLL
2014-04-16 16:37 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2014-04-16 16:36 . 2013-02-04 20:10 321536 ----a-w- c:\windows\system32\CNC_BXL.dll
2014-04-16 16:36 . 2012-11-08 18:03 262656 ----a-w- c:\windows\system32\CNC_BXC.dll
2014-04-16 16:36 . 2012-11-08 18:02 96768 ----a-w- c:\windows\system32\CNC_BXI.dll
2014-04-16 16:36 . 2008-08-25 23:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2014-04-08 23:05 . 2013-09-20 15:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-04-08 22:45 . 2014-04-18 16:27 -------- d-----w- c:\documents and settings\Administrator
2014-04-08 14:54 . 2014-04-08 14:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2014-04-07 22:14 . 2014-04-07 22:14 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2014-04-06 22:12 . 2014-04-06 22:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-06 22:12 . 2014-04-06 22:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-06 21:38 . 2014-04-13 16:19 -------- d-----w- c:\windows\system32\MRT
2014-04-06 19:25 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2014-04-06 19:19 . 2013-07-03 01:59 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys
2014-04-06 19:18 . 2013-08-09 00:55 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-04-06 18:54 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2014-04-06 18:20 . 2013-11-06 01:03 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2014-04-06 18:12 . 2014-04-07 15:33 -------- d--h--w- c:\windows\$hf_mig$
2014-04-06 17:55 . 2014-04-06 20:54 -------- d-----w- c:\windows\system32\XPSViewer
2014-04-06 17:54 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2014-04-06 17:54 . 2014-04-06 17:54 -------- d-----w- C:\236ad1633a15eb7b2aa2604e
2014-04-06 17:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2014-04-06 17:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2014-04-06 17:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2014-04-06 17:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2014-04-05 21:41 . 2008-04-14 04:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2014-04-05 21:41 . 2008-04-14 06:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2014-04-03 22:32 . 2014-04-18 15:35 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-03 22:16 . 2014-04-03 22:16 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2014-04-03 22:14 . 2014-04-03 22:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2014-04-03 22:14 . 2014-04-03 22:14 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2014-04-03 22:09 . 2014-04-03 22:11 -------- dc-h--w- c:\windows\ie8
2014-04-03 21:47 . 2014-04-03 21:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AVG
2014-04-03 21:47 . 2014-04-03 21:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG
2014-04-02 21:48 . 2014-03-31 11:20 35640 ----a-w- c:\windows\system32\uxtuneup.dll
2014-04-02 21:45 . 2014-03-31 11:21 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2014-04-02 21:45 . 2014-04-02 21:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG
2014-04-02 21:05 . 2014-04-02 21:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Avg2014
2014-04-02 21:04 . 2014-04-02 21:04 -------- d-----w- C:\$AVG
2014-04-02 20:57 . 2014-04-02 23:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Avg2014
2014-04-02 20:57 . 2014-04-02 20:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\MFAData
2014-04-02 16:39 . 2005-06-21 23:56 53248 ----a-w- c:\windows\UpdtNv28.exe
2014-04-02 15:32 . 2014-04-16 17:00 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2014-04-02 15:25 . 2012-06-02 20:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-04-02 15:23 . 2014-04-05 21:50 -------- d-----w- c:\windows\ServicePackFiles
2014-04-02 15:19 . 2009-01-08 00:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2014-04-02 15:17 . 2014-04-07 17:10 -------- d-----w- c:\windows\EHome
2014-03-26 18:48 . 2014-03-26 18:48 -------- d-----w- c:\windows\wt
2014-03-26 16:46 . 2014-03-26 16:46 827392 ----a-w- c:\windows\system32\FLASH.OCX
2014-03-26 16:46 . 2014-03-26 16:46 -------- d-sh--w- c:\windows\ftpcache
2014-03-26 01:45 . 2014-03-26 01:45 -------- d-sh--w- c:\documents and settings\Owner\UserData
2014-03-26 01:39 . 2008-04-14 06:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2014-03-26 01:39 . 2008-04-14 06:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2014-03-26 01:39 . 2008-04-14 06:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2014-03-26 01:39 . 2008-04-14 06:15 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2014-03-26 01:39 . 2008-04-14 04:09 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2014-03-26 01:39 . 2008-04-14 06:15 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2014-03-26 01:39 . 2008-04-14 06:15 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2014-03-26 01:39 . 2008-04-14 06:45 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2014-03-26 01:39 . 2008-04-14 05:49 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-03-26 01:39 . 2008-04-14 05:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-03-26 01:39 . 2001-08-17 21:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2014-03-26 01:39 . 2008-04-14 06:16 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2014-03-26 01:24 . 2014-04-16 16:37 -------- dcsh--r- c:\windows\system32\dllcache
2014-03-26 00:43 . 2008-04-14 06:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2014-03-26 00:43 . 2008-04-14 06:09 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2014-03-26 00:07 . 2008-04-14 11:42 36864 ----a-w- c:\windows\system32\netstat.exe
2014-03-26 00:06 . 2008-04-14 11:42 338432 ----a-w- c:\windows\system32\zipfldr.dll
2014-03-26 00:05 . 2002-08-29 10:00 9728 ----a-w- c:\windows\system32\label.exe
2014-03-26 00:04 . 2010-08-23 16:12 617472 ----a-w- c:\windows\system32\comctl32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-05 21:53 . 2014-04-05 21:53 36864 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\gnu.dll
2014-04-05 21:53 . 2014-04-05 21:53 114688 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\ZipLib.dll
2014-04-05 21:53 . 2014-04-05 21:53 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\WinVerifyTrust.dll
2014-04-05 21:53 . 2014-04-05 21:53 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\hwinv.dll
2014-04-05 21:53 . 2014-04-05 21:53 69632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\msxmlwrapper.dll
2014-04-05 21:53 . 2014-04-05 21:53 32768 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchapi.dll
2014-04-05 21:53 . 2014-04-05 21:53 98304 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PluginCtrl.dll
2014-04-05 21:53 . 2014-04-05 21:53 315392 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\pchmsxml.dll
2014-04-05 21:52 . 2014-04-05 21:52 307200 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\pchealthplugin.dll
2014-04-05 21:52 . 2014-04-05 21:52 3072 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchealthde.exe
2014-04-05 21:52 . 2014-04-05 21:52 24576 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pcdapi.dll
2014-04-05 21:52 . 2014-04-05 21:52 45056 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\util.dll
2014-04-05 21:52 . 2014-04-05 21:52 434176 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\motivede.dll
2014-04-05 21:52 . 2014-04-05 21:52 26572 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\INV16.dll
2014-04-05 21:52 . 2014-04-05 21:52 356352 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\client_motkt.dll
2014-04-05 21:52 . 2014-04-05 21:52 282624 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\clientutil52.dll
2014-04-05 21:52 . 2014-04-05 21:52 139264 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\ContentUpdater.exe
2014-04-05 21:52 . 2014-04-05 21:52 307200 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\pchnotify.exe
2014-04-05 21:52 . 2014-04-05 21:52 122880 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\SearchCtrl.dll
2014-04-05 21:52 . 2014-04-05 21:52 69632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\msxmlwrapper.dll
2014-04-05 21:52 . 2014-04-05 21:52 5632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\GUI.dll
2014-04-05 21:52 . 2014-04-05 21:52 4096 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\winverifytrustwrapper.dll
2014-04-05 21:52 . 2014-04-05 21:52 159744 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHButton.exe
2014-04-05 21:52 . 2014-04-05 21:52 344064 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\api.dll
2014-04-05 21:52 . 2014-04-05 21:52 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\FDIWrapper.dll
2014-04-05 21:52 . 2014-04-05 21:52 315392 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchmsxml.dll
2014-04-05 21:52 . 2014-04-05 21:52 212992 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\jsharpinterp.dll
2014-04-05 21:52 . 2014-04-05 21:52 114688 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\asst_ui.dll
2014-04-05 21:52 . 2014-04-05 21:52 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHI18N.dll
2014-02-07 02:01 . 2003-10-11 10:06 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2002-12-12 14:14 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-20 03:46 . 2014-01-20 03:46 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-08-19 852038]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 53248]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-03-20 4971024]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2013-05-03 1282120]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe -q [2003-10-14 557056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe -startup [2003-10-11 16384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [11/25/2013 10:56 PM 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [10/31/2013 11:30 PM 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/10/2013 1:43 AM 27448]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [8/1/2013 5:08 PM 193848]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [11/25/2013 10:49 PM 120600]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [11/25/2013 10:56 PM 210712]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [1/19/2014 10:46 PM 22808]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11/1/2013 12:00 AM 176952]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2/23/2014 10:22 PM 3782672]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/24/2013 2:33 AM 348008]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [4/17/2014 3:46 PM 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [4/17/2014 3:46 PM 857912]
S2 mrtRate;mrtRate; [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [4/8/2014 6:05 PM 3921880]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4/8/2014 6:05 PM 1042272]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [4/8/2014 6:05 PM 171416]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [3/31/2014 6:21 AM 1805624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/17/2014 3:46 PM 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [4/3/2014 5:32 PM 107736]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [2/10/2014 1:06 PM 12320]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-08 23:13 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-06 22:12]
.
2014-04-18 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-08 15:57]
.
2014-03-26 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-08-16 05:37]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-08 23:08]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-08 23:08]
.
2014-04-18 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-04-06 01:59]
.
2014-04-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-04-06 01:59]
.
2014-04-08 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-08 15:49]
.
2014-04-08 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-04-08 15:51]
.
2003-10-14 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-10-14 07:17]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://srch-qus10.hpwis.com/
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oj99jesp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-RecordNow! - (no file)
HKCU-Run-PC Clean Maestro Startup - c:\program files\CompuClever\PC Clean Maestro\pccum.exe
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-18 11:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1328348360-3828850535-3708530146-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,d1,e1,ac,a2,26,45,47,b3,7c,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,d1,e1,ac,a2,26,45,47,b3,7c,3e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-04-18 11:30:40
ComboFix-quarantined-files.txt 2014-04-18 16:30
.
Pre-Run: 54,933,184,512 bytes free
Post-Run: 55,224,369,152 bytes free
.
- - End Of File - - 96E6309D94616905B41BFC75B5654A24
8CC68602644010DFDB2A22CB60DDF258
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.269 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-03-18 to 2014-04-18 )))))))))))))))))))))))))))))))
.
.
2014-04-17 20:46 . 2014-04-03 14:51 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-17 20:46 . 2014-04-03 14:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-17 15:57 . 2014-04-17 15:57 -------- d-----w- c:\windows\ERUNT
2014-04-17 15:22 . 2014-04-17 15:27 -------- d-----w- C:\AdwCleaner
2014-04-16 16:39 . 2013-03-24 10:00 87040 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPBX.DLL
2014-04-16 16:39 . 2013-03-24 10:00 317952 ----a-w- c:\windows\system32\CNMLMBX.DLL
2014-04-16 16:39 . 2013-03-24 10:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDBX.DLL
2014-04-16 16:37 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2014-04-16 16:36 . 2013-02-04 20:10 321536 ----a-w- c:\windows\system32\CNC_BXL.dll
2014-04-16 16:36 . 2012-11-08 18:03 262656 ----a-w- c:\windows\system32\CNC_BXC.dll
2014-04-16 16:36 . 2012-11-08 18:02 96768 ----a-w- c:\windows\system32\CNC_BXI.dll
2014-04-16 16:36 . 2008-08-25 23:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2014-04-08 23:05 . 2013-09-20 15:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-04-08 22:45 . 2014-04-18 16:27 -------- d-----w- c:\documents and settings\Administrator
2014-04-08 14:54 . 2014-04-08 14:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2014-04-07 22:14 . 2014-04-07 22:14 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2014-04-06 22:12 . 2014-04-06 22:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-06 22:12 . 2014-04-06 22:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-06 21:38 . 2014-04-13 16:19 -------- d-----w- c:\windows\system32\MRT
2014-04-06 19:25 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2014-04-06 19:19 . 2013-07-03 01:59 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys
2014-04-06 19:18 . 2013-08-09 00:55 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-04-06 18:54 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2014-04-06 18:20 . 2013-11-06 01:03 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2014-04-06 18:12 . 2014-04-07 15:33 -------- d--h--w- c:\windows\$hf_mig$
2014-04-06 17:55 . 2014-04-06 20:54 -------- d-----w- c:\windows\system32\XPSViewer
2014-04-06 17:54 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2014-04-06 17:54 . 2014-04-06 17:54 -------- d-----w- C:\236ad1633a15eb7b2aa2604e
2014-04-06 17:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2014-04-06 17:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2014-04-06 17:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2014-04-06 17:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2014-04-05 21:41 . 2008-04-14 04:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2014-04-05 21:41 . 2008-04-14 06:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2014-04-03 22:32 . 2014-04-18 15:35 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-03 22:16 . 2014-04-03 22:16 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2014-04-03 22:14 . 2014-04-03 22:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2014-04-03 22:14 . 2014-04-03 22:14 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2014-04-03 22:09 . 2014-04-03 22:11 -------- dc-h--w- c:\windows\ie8
2014-04-03 21:47 . 2014-04-03 21:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AVG
2014-04-03 21:47 . 2014-04-03 21:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG
2014-04-02 21:48 . 2014-03-31 11:20 35640 ----a-w- c:\windows\system32\uxtuneup.dll
2014-04-02 21:45 . 2014-03-31 11:21 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2014-04-02 21:45 . 2014-04-02 21:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG
2014-04-02 21:05 . 2014-04-02 21:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Avg2014
2014-04-02 21:04 . 2014-04-02 21:04 -------- d-----w- C:\$AVG
2014-04-02 20:57 . 2014-04-02 23:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Avg2014
2014-04-02 20:57 . 2014-04-02 20:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\MFAData
2014-04-02 16:39 . 2005-06-21 23:56 53248 ----a-w- c:\windows\UpdtNv28.exe
2014-04-02 15:32 . 2014-04-16 17:00 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2014-04-02 15:25 . 2012-06-02 20:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-04-02 15:23 . 2014-04-05 21:50 -------- d-----w- c:\windows\ServicePackFiles
2014-04-02 15:19 . 2009-01-08 00:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2014-04-02 15:17 . 2014-04-07 17:10 -------- d-----w- c:\windows\EHome
2014-03-26 18:48 . 2014-03-26 18:48 -------- d-----w- c:\windows\wt
2014-03-26 16:46 . 2014-03-26 16:46 827392 ----a-w- c:\windows\system32\FLASH.OCX
2014-03-26 16:46 . 2014-03-26 16:46 -------- d-sh--w- c:\windows\ftpcache
2014-03-26 01:45 . 2014-03-26 01:45 -------- d-sh--w- c:\documents and settings\Owner\UserData
2014-03-26 01:39 . 2008-04-14 06:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2014-03-26 01:39 . 2008-04-14 06:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2014-03-26 01:39 . 2008-04-14 06:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2014-03-26 01:39 . 2008-04-14 06:15 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2014-03-26 01:39 . 2008-04-14 04:09 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2014-03-26 01:39 . 2008-04-14 06:15 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2014-03-26 01:39 . 2008-04-14 06:15 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2014-03-26 01:39 . 2008-04-14 06:45 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2014-03-26 01:39 . 2008-04-14 05:49 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-03-26 01:39 . 2008-04-14 05:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-03-26 01:39 . 2001-08-17 21:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2014-03-26 01:39 . 2008-04-14 06:16 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2014-03-26 01:24 . 2014-04-16 16:37 -------- dcsh--r- c:\windows\system32\dllcache
2014-03-26 00:43 . 2008-04-14 06:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2014-03-26 00:43 . 2008-04-14 06:09 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2014-03-26 00:07 . 2008-04-14 11:42 36864 ----a-w- c:\windows\system32\netstat.exe
2014-03-26 00:06 . 2008-04-14 11:42 338432 ----a-w- c:\windows\system32\zipfldr.dll
2014-03-26 00:05 . 2002-08-29 10:00 9728 ----a-w- c:\windows\system32\label.exe
2014-03-26 00:04 . 2010-08-23 16:12 617472 ----a-w- c:\windows\system32\comctl32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-05 21:53 . 2014-04-05 21:53 36864 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\gnu.dll
2014-04-05 21:53 . 2014-04-05 21:53 114688 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\ZipLib.dll
2014-04-05 21:53 . 2014-04-05 21:53 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\WinVerifyTrust.dll
2014-04-05 21:53 . 2014-04-05 21:53 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\hwinv.dll
2014-04-05 21:53 . 2014-04-05 21:53 69632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\msxmlwrapper.dll
2014-04-05 21:53 . 2014-04-05 21:53 32768 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchapi.dll
2014-04-05 21:53 . 2014-04-05 21:53 98304 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PluginCtrl.dll
2014-04-05 21:53 . 2014-04-05 21:53 315392 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\pchmsxml.dll
2014-04-05 21:52 . 2014-04-05 21:52 307200 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\pchealthplugin.dll
2014-04-05 21:52 . 2014-04-05 21:52 3072 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchealthde.exe
2014-04-05 21:52 . 2014-04-05 21:52 24576 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pcdapi.dll
2014-04-05 21:52 . 2014-04-05 21:52 45056 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\util.dll
2014-04-05 21:52 . 2014-04-05 21:52 434176 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\motivede.dll
2014-04-05 21:52 . 2014-04-05 21:52 26572 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\INV16.dll
2014-04-05 21:52 . 2014-04-05 21:52 356352 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\client_motkt.dll
2014-04-05 21:52 . 2014-04-05 21:52 282624 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\clientutil52.dll
2014-04-05 21:52 . 2014-04-05 21:52 139264 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\ContentUpdater.exe
2014-04-05 21:52 . 2014-04-05 21:52 307200 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\pchnotify.exe
2014-04-05 21:52 . 2014-04-05 21:52 122880 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\SearchCtrl.dll
2014-04-05 21:52 . 2014-04-05 21:52 69632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\msxmlwrapper.dll
2014-04-05 21:52 . 2014-04-05 21:52 5632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\GUI.dll
2014-04-05 21:52 . 2014-04-05 21:52 4096 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\winverifytrustwrapper.dll
2014-04-05 21:52 . 2014-04-05 21:52 159744 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHButton.exe
2014-04-05 21:52 . 2014-04-05 21:52 344064 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\api.dll
2014-04-05 21:52 . 2014-04-05 21:52 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\FDIWrapper.dll
2014-04-05 21:52 . 2014-04-05 21:52 315392 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchmsxml.dll
2014-04-05 21:52 . 2014-04-05 21:52 212992 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\jsharpinterp.dll
2014-04-05 21:52 . 2014-04-05 21:52 114688 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\asst_ui.dll
2014-04-05 21:52 . 2014-04-05 21:52 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHI18N.dll
2014-02-07 02:01 . 2003-10-11 10:06 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2002-12-12 14:14 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-20 03:46 . 2014-01-20 03:46 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-08-19 852038]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 53248]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-03-20 4971024]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2013-05-03 1282120]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe -q [2003-10-14 557056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe -startup [2003-10-11 16384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [11/25/2013 10:56 PM 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [10/31/2013 11:30 PM 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/10/2013 1:43 AM 27448]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [8/1/2013 5:08 PM 193848]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [11/25/2013 10:49 PM 120600]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [11/25/2013 10:56 PM 210712]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [1/19/2014 10:46 PM 22808]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11/1/2013 12:00 AM 176952]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2/23/2014 10:22 PM 3782672]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/24/2013 2:33 AM 348008]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [4/17/2014 3:46 PM 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [4/17/2014 3:46 PM 857912]
S2 mrtRate;mrtRate; [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [4/8/2014 6:05 PM 3921880]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4/8/2014 6:05 PM 1042272]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [4/8/2014 6:05 PM 171416]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [3/31/2014 6:21 AM 1805624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/17/2014 3:46 PM 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [4/3/2014 5:32 PM 107736]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [2/10/2014 1:06 PM 12320]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-08 23:13 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-06 22:12]
.
2014-04-18 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-08 15:57]
.
2014-03-26 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-08-16 05:37]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-08 23:08]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-08 23:08]
.
2014-04-18 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-04-06 01:59]
.
2014-04-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-04-06 01:59]
.
2014-04-08 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-08 15:49]
.
2014-04-08 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-04-08 15:51]
.
2003-10-14 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-10-14 07:17]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://srch-qus10.hpwis.com/
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oj99jesp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-RecordNow! - (no file)
HKCU-Run-PC Clean Maestro Startup - c:\program files\CompuClever\PC Clean Maestro\pccum.exe
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-18 11:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1328348360-3828850535-3708530146-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,d1,e1,ac,a2,26,45,47,b3,7c,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,d1,e1,ac,a2,26,45,47,b3,7c,3e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-04-18 11:30:40
ComboFix-quarantined-files.txt 2014-04-18 16:30
.
Pre-Run: 54,933,184,512 bytes free
Post-Run: 55,224,369,152 bytes free
.
- - End Of File - - 96E6309D94616905B41BFC75B5654A24
8CC68602644010DFDB2A22CB60DDF258
Adobe Flash Player 12 ActiveX
Adobe Photoshop Album Starter Edition
Adobe Reader 6.0
AiO_Scan
AIOMinimal
AiOSoftware
AVG 2014
AVG PC TuneUp 2014
AVG PC TuneUp 2014 (en-US)
Blackhawk Striker from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
Canon IJ Scan Utility
Canon MG2500 series MP Drivers
Canon MG2500 series On-screen Manual
Canon MG2500 series User Registration
Canon My Image Garden
Canon My Image Garden Design Files
Canon My Printer
Canon Quick Menu
CCleaner
Compaq Connections
Compaq Instant Support
Copy
CreativeProjects
Director
DocProc
Easy Internet Sign-up
Excavation from Compaq (remove only)
Fax
Five Card Frenzy from Compaq (remove only)
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PSC & OfficeJet 3.0
HP Software Update
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstallConverter
InstantShare
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
Java 2 Runtime Environment, SE v1.4.2
KBD
LiveUpdate 1.90 (Symantec Corporation)
Malwarebytes Anti-Malware version 2.0.1.1004
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works 7.0
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSICMATCH® Jukebox
NVIDIA GART Driver
Orbital from Compaq (remove only)
Otto from Compaq (remove only)
Overball from Compaq (remove only)
PC-Doctor for Windows
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Polar Bowler from Compaq (remove only)
PrintScreen
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
Quicken 2004
QuickProjects
Readme
RealOne Player
RecordNow!
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SkinsHP1
SkinsHP2
Slyder from Compaq (remove only)
Sonic Update Manager
SpamSubtract
Speccy
Spybot - Search & Destroy
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Visual Studio 2012 x86 Redistributables
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
Yahoo! Companion
Zone Deluxe Games
Adobe Photoshop Album Starter Edition
Adobe Reader 6.0
AiO_Scan
AIOMinimal
AiOSoftware
AVG 2014
AVG PC TuneUp 2014
AVG PC TuneUp 2014 (en-US)
Blackhawk Striker from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
Canon IJ Scan Utility
Canon MG2500 series MP Drivers
Canon MG2500 series On-screen Manual
Canon MG2500 series User Registration
Canon My Image Garden
Canon My Image Garden Design Files
Canon My Printer
Canon Quick Menu
CCleaner
Compaq Connections
Compaq Instant Support
Copy
CreativeProjects
Director
DocProc
Easy Internet Sign-up
Excavation from Compaq (remove only)
Fax
Five Card Frenzy from Compaq (remove only)
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PSC & OfficeJet 3.0
HP Software Update
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstallConverter
InstantShare
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
Java 2 Runtime Environment, SE v1.4.2
KBD
LiveUpdate 1.90 (Symantec Corporation)
Malwarebytes Anti-Malware version 2.0.1.1004
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works 7.0
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSICMATCH® Jukebox
NVIDIA GART Driver
Orbital from Compaq (remove only)
Otto from Compaq (remove only)
Overball from Compaq (remove only)
PC-Doctor for Windows
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Polar Bowler from Compaq (remove only)
PrintScreen
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
Quicken 2004
QuickProjects
Readme
RealOne Player
RecordNow!
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SkinsHP1
SkinsHP2
Slyder from Compaq (remove only)
Sonic Update Manager
SpamSubtract
Speccy
Spybot - Search & Destroy
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Visual Studio 2012 x86 Redistributables
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
Yahoo! Companion
Zone Deluxe Games
Please uninstall the following programs.
Adobe Reader 6.0
AVG PC TuneUp 2014
AVG PC TuneUp 2014 (en-US)
Java 2 Runtime Environment, SE v1.4.2
LiveUpdate 1.90 (Symantec Corporation)
avg pctuneup is garbage. Then download the latest version of java and Adobe reader here.
www.java.com
http://get.adobe.com/reader/
Make sure you uncheck ask software when installing java and mcafee security scan when installing Adobe reader.
Go into internet options in control panel and go to the connections tab, click on the lan settings button, make sure that "automatically detect settings" is checked, make sure "proxy server" is unchecked and then go into the advanced tab and click on both reset buttons at the bottom. Restart pc and let me know if you have internet now.
Adobe Reader 6.0
AVG PC TuneUp 2014
AVG PC TuneUp 2014 (en-US)
Java 2 Runtime Environment, SE v1.4.2
LiveUpdate 1.90 (Symantec Corporation)
avg pctuneup is garbage. Then download the latest version of java and Adobe reader here.
www.java.com
http://get.adobe.com/reader/
Make sure you uncheck ask software when installing java and mcafee security scan when installing Adobe reader.
Go into internet options in control panel and go to the connections tab, click on the lan settings button, make sure that "automatically detect settings" is checked, make sure "proxy server" is unchecked and then go into the advanced tab and click on both reset buttons at the bottom. Restart pc and let me know if you have internet now.
ComboFix 14-04-17.01 - Administrator 04/18/2014 11:20:50.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.269 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-03-18 to 2014-04-18 )))))))))))))))))))))))))))))))
.
.
2014-04-17 20:46 . 2014-04-03 14:51 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-17 20:46 . 2014-04-03 14:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-17 15:57 . 2014-04-17 15:57 -------- d-----w- c:\windows\ERUNT
2014-04-17 15:22 . 2014-04-17 15:27 -------- d-----w- C:\AdwCleaner
2014-04-16 16:39 . 2013-03-24 10:00 87040 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPBX.DLL
2014-04-16 16:39 . 2013-03-24 10:00 317952 ----a-w- c:\windows\system32\CNMLMBX.DLL
2014-04-16 16:39 . 2013-03-24 10:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDBX.DLL
2014-04-16 16:37 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2014-04-16 16:36 . 2013-02-04 20:10 321536 ----a-w- c:\windows\system32\CNC_BXL.dll
2014-04-16 16:36 . 2012-11-08 18:03 262656 ----a-w- c:\windows\system32\CNC_BXC.dll
2014-04-16 16:36 . 2012-11-08 18:02 96768 ----a-w- c:\windows\system32\CNC_BXI.dll
2014-04-16 16:36 . 2008-08-25 23:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2014-04-08 23:05 . 2013-09-20 15:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-04-08 22:45 . 2014-04-18 16:27 -------- d-----w- c:\documents and settings\Administrator
2014-04-08 14:54 . 2014-04-08 14:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2014-04-07 22:14 . 2014-04-07 22:14 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2014-04-06 22:12 . 2014-04-06 22:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-06 22:12 . 2014-04-06 22:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-06 21:38 . 2014-04-13 16:19 -------- d-----w- c:\windows\system32\MRT
2014-04-06 19:25 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2014-04-06 19:19 . 2013-07-03 01:59 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys
2014-04-06 19:18 . 2013-08-09 00:55 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-04-06 18:54 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2014-04-06 18:20 . 2013-11-06 01:03 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2014-04-06 18:12 . 2014-04-07 15:33 -------- d--h--w- c:\windows\$hf_mig$
2014-04-06 17:55 . 2014-04-06 20:54 -------- d-----w- c:\windows\system32\XPSViewer
2014-04-06 17:54 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2014-04-06 17:54 . 2014-04-06 17:54 -------- d-----w- C:\236ad1633a15eb7b2aa2604e
2014-04-06 17:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2014-04-06 17:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2014-04-06 17:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2014-04-06 17:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2014-04-05 21:41 . 2008-04-14 04:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2014-04-05 21:41 . 2008-04-14 06:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2014-04-03 22:32 . 2014-04-18 15:35 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-03 22:16 . 2014-04-03 22:16 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2014-04-03 22:14 . 2014-04-03 22:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2014-04-03 22:14 . 2014-04-03 22:14 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2014-04-03 22:09 . 2014-04-03 22:11 -------- dc-h--w- c:\windows\ie8
2014-04-03 21:47 . 2014-04-03 21:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AVG
2014-04-03 21:47 . 2014-04-03 21:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG
2014-04-02 21:48 . 2014-03-31 11:20 35640 ----a-w- c:\windows\system32\uxtuneup.dll
2014-04-02 21:45 . 2014-03-31 11:21 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2014-04-02 21:45 . 2014-04-02 21:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG
2014-04-02 21:05 . 2014-04-02 21:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Avg2014
2014-04-02 21:04 . 2014-04-02 21:04 -------- d-----w- C:\$AVG
2014-04-02 20:57 . 2014-04-02 23:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Avg2014
2014-04-02 20:57 . 2014-04-02 20:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\MFAData
2014-04-02 16:39 . 2005-06-21 23:56 53248 ----a-w- c:\windows\UpdtNv28.exe
2014-04-02 15:32 . 2014-04-16 17:00 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2014-04-02 15:25 . 2012-06-02 20:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-04-02 15:23 . 2014-04-05 21:50 -------- d-----w- c:\windows\ServicePackFiles
2014-04-02 15:19 . 2009-01-08 00:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2014-04-02 15:17 . 2014-04-07 17:10 -------- d-----w- c:\windows\EHome
2014-03-26 18:48 . 2014-03-26 18:48 -------- d-----w- c:\windows\wt
2014-03-26 16:46 . 2014-03-26 16:46 827392 ----a-w- c:\windows\system32\FLASH.OCX
2014-03-26 16:46 . 2014-03-26 16:46 -------- d-sh--w- c:\windows\ftpcache
2014-03-26 01:45 . 2014-03-26 01:45 -------- d-sh--w- c:\documents and settings\Owner\UserData
2014-03-26 01:39 . 2008-04-14 06:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2014-03-26 01:39 . 2008-04-14 06:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2014-03-26 01:39 . 2008-04-14 06:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2014-03-26 01:39 . 2008-04-14 06:15 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2014-03-26 01:39 . 2008-04-14 04:09 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2014-03-26 01:39 . 2008-04-14 06:15 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2014-03-26 01:39 . 2008-04-14 06:15 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2014-03-26 01:39 . 2008-04-14 06:45 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2014-03-26 01:39 . 2008-04-14 05:49 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-03-26 01:39 . 2008-04-14 05:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-03-26 01:39 . 2001-08-17 21:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2014-03-26 01:39 . 2008-04-14 06:16 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2014-03-26 01:24 . 2014-04-16 16:37 -------- dcsh--r- c:\windows\system32\dllcache
2014-03-26 00:43 . 2008-04-14 06:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2014-03-26 00:43 . 2008-04-14 06:09 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2014-03-26 00:07 . 2008-04-14 11:42 36864 ----a-w- c:\windows\system32\netstat.exe
2014-03-26 00:06 . 2008-04-14 11:42 338432 ----a-w- c:\windows\system32\zipfldr.dll
2014-03-26 00:05 . 2002-08-29 10:00 9728 ----a-w- c:\windows\system32\label.exe
2014-03-26 00:04 . 2010-08-23 16:12 617472 ----a-w- c:\windows\system32\comctl32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-05 21:53 . 2014-04-05 21:53 36864 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\gnu.dll
2014-04-05 21:53 . 2014-04-05 21:53 114688 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\ZipLib.dll
2014-04-05 21:53 . 2014-04-05 21:53 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\WinVerifyTrust.dll
2014-04-05 21:53 . 2014-04-05 21:53 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\hwinv.dll
2014-04-05 21:53 . 2014-04-05 21:53 69632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\msxmlwrapper.dll
2014-04-05 21:53 . 2014-04-05 21:53 32768 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchapi.dll
2014-04-05 21:53 . 2014-04-05 21:53 98304 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PluginCtrl.dll
2014-04-05 21:53 . 2014-04-05 21:53 315392 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\pchmsxml.dll
2014-04-05 21:52 . 2014-04-05 21:52 307200 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\pchealthplugin.dll
2014-04-05 21:52 . 2014-04-05 21:52 3072 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchealthde.exe
2014-04-05 21:52 . 2014-04-05 21:52 24576 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pcdapi.dll
2014-04-05 21:52 . 2014-04-05 21:52 45056 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\util.dll
2014-04-05 21:52 . 2014-04-05 21:52 434176 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\motivede.dll
2014-04-05 21:52 . 2014-04-05 21:52 26572 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\INV16.dll
2014-04-05 21:52 . 2014-04-05 21:52 356352 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\client_motkt.dll
2014-04-05 21:52 . 2014-04-05 21:52 282624 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\clientutil52.dll
2014-04-05 21:52 . 2014-04-05 21:52 139264 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\ContentUpdater.exe
2014-04-05 21:52 . 2014-04-05 21:52 307200 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\pchnotify.exe
2014-04-05 21:52 . 2014-04-05 21:52 122880 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\SearchCtrl.dll
2014-04-05 21:52 . 2014-04-05 21:52 69632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\msxmlwrapper.dll
2014-04-05 21:52 . 2014-04-05 21:52 5632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\GUI.dll
2014-04-05 21:52 . 2014-04-05 21:52 4096 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\winverifytrustwrapper.dll
2014-04-05 21:52 . 2014-04-05 21:52 159744 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHButton.exe
2014-04-05 21:52 . 2014-04-05 21:52 344064 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\api.dll
2014-04-05 21:52 . 2014-04-05 21:52 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\FDIWrapper.dll
2014-04-05 21:52 . 2014-04-05 21:52 315392 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchmsxml.dll
2014-04-05 21:52 . 2014-04-05 21:52 212992 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\jsharpinterp.dll
2014-04-05 21:52 . 2014-04-05 21:52 114688 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\asst_ui.dll
2014-04-05 21:52 . 2014-04-05 21:52 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHI18N.dll
2014-02-07 02:01 . 2003-10-11 10:06 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2002-12-12 14:14 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-20 03:46 . 2014-01-20 03:46 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-08-19 852038]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 53248]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-03-20 4971024]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2013-05-03 1282120]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe -q [2003-10-14 557056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe -startup [2003-10-11 16384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [11/25/2013 10:56 PM 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [10/31/2013 11:30 PM 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/10/2013 1:43 AM 27448]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [8/1/2013 5:08 PM 193848]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [11/25/2013 10:49 PM 120600]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [11/25/2013 10:56 PM 210712]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [1/19/2014 10:46 PM 22808]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11/1/2013 12:00 AM 176952]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2/23/2014 10:22 PM 3782672]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/24/2013 2:33 AM 348008]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [4/17/2014 3:46 PM 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [4/17/2014 3:46 PM 857912]
S2 mrtRate;mrtRate; [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [4/8/2014 6:05 PM 3921880]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4/8/2014 6:05 PM 1042272]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [4/8/2014 6:05 PM 171416]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [3/31/2014 6:21 AM 1805624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/17/2014 3:46 PM 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [4/3/2014 5:32 PM 107736]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [2/10/2014 1:06 PM 12320]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-08 23:13 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-06 22:12]
.
2014-04-18 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-08 15:57]
.
2014-03-26 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-08-16 05:37]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-08 23:08]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-08 23:08]
.
2014-04-18 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-04-06 01:59]
.
2014-04-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-04-06 01:59]
.
2014-04-08 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-08 15:49]
.
2014-04-08 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-04-08 15:51]
.
2003-10-14 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-10-14 07:17]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://srch-qus10.hpwis.com/
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oj99jesp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-RecordNow! - (no file)
HKCU-Run-PC Clean Maestro Startup - c:\program files\CompuClever\PC Clean Maestro\pccum.exe
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-18 11:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1328348360-3828850535-3708530146-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,d1,e1,ac,a2,26,45,47,b3,7c,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,d1,e1,ac,a2,26,45,47,b3,7c,3e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-04-18 11:30:40
ComboFix-quarantined-files.txt 2014-04-18 16:30
.
Pre-Run: 54,933,184,512 bytes free
Post-Run: 55,224,369,152 bytes free
.
- - End Of File - - 96E6309D94616905B41BFC75B5654A24
8CC68602644010DFDB2A22CB60DDF258
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.269 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-03-18 to 2014-04-18 )))))))))))))))))))))))))))))))
.
.
2014-04-17 20:46 . 2014-04-03 14:51 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-17 20:46 . 2014-04-03 14:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-17 15:57 . 2014-04-17 15:57 -------- d-----w- c:\windows\ERUNT
2014-04-17 15:22 . 2014-04-17 15:27 -------- d-----w- C:\AdwCleaner
2014-04-16 16:39 . 2013-03-24 10:00 87040 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPBX.DLL
2014-04-16 16:39 . 2013-03-24 10:00 317952 ----a-w- c:\windows\system32\CNMLMBX.DLL
2014-04-16 16:39 . 2013-03-24 10:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDBX.DLL
2014-04-16 16:37 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2014-04-16 16:36 . 2013-02-04 20:10 321536 ----a-w- c:\windows\system32\CNC_BXL.dll
2014-04-16 16:36 . 2012-11-08 18:03 262656 ----a-w- c:\windows\system32\CNC_BXC.dll
2014-04-16 16:36 . 2012-11-08 18:02 96768 ----a-w- c:\windows\system32\CNC_BXI.dll
2014-04-16 16:36 . 2008-08-25 23:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2014-04-08 23:05 . 2013-09-20 15:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-04-08 22:45 . 2014-04-18 16:27 -------- d-----w- c:\documents and settings\Administrator
2014-04-08 14:54 . 2014-04-08 14:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2014-04-07 22:14 . 2014-04-07 22:14 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2014-04-06 22:12 . 2014-04-06 22:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-06 22:12 . 2014-04-06 22:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-06 21:38 . 2014-04-13 16:19 -------- d-----w- c:\windows\system32\MRT
2014-04-06 19:25 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2014-04-06 19:19 . 2013-07-03 01:59 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys
2014-04-06 19:18 . 2013-08-09 00:55 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-04-06 18:54 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2014-04-06 18:20 . 2013-11-06 01:03 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2014-04-06 18:12 . 2014-04-07 15:33 -------- d--h--w- c:\windows\$hf_mig$
2014-04-06 17:55 . 2014-04-06 20:54 -------- d-----w- c:\windows\system32\XPSViewer
2014-04-06 17:54 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2014-04-06 17:54 . 2014-04-06 17:54 -------- d-----w- C:\236ad1633a15eb7b2aa2604e
2014-04-06 17:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2014-04-06 17:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2014-04-06 17:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2014-04-06 17:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2014-04-05 21:41 . 2008-04-14 04:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2014-04-05 21:41 . 2008-04-14 06:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2014-04-03 22:32 . 2014-04-18 15:35 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-03 22:16 . 2014-04-03 22:16 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2014-04-03 22:14 . 2014-04-03 22:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2014-04-03 22:14 . 2014-04-03 22:14 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2014-04-03 22:09 . 2014-04-03 22:11 -------- dc-h--w- c:\windows\ie8
2014-04-03 21:47 . 2014-04-03 21:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AVG
2014-04-03 21:47 . 2014-04-03 21:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG
2014-04-02 21:48 . 2014-03-31 11:20 35640 ----a-w- c:\windows\system32\uxtuneup.dll
2014-04-02 21:45 . 2014-03-31 11:21 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2014-04-02 21:45 . 2014-04-02 21:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG
2014-04-02 21:05 . 2014-04-02 21:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Avg2014
2014-04-02 21:04 . 2014-04-02 21:04 -------- d-----w- C:\$AVG
2014-04-02 20:57 . 2014-04-02 23:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Avg2014
2014-04-02 20:57 . 2014-04-02 20:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\MFAData
2014-04-02 16:39 . 2005-06-21 23:56 53248 ----a-w- c:\windows\UpdtNv28.exe
2014-04-02 15:32 . 2014-04-16 17:00 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2014-04-02 15:25 . 2012-06-02 20:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-04-02 15:23 . 2014-04-05 21:50 -------- d-----w- c:\windows\ServicePackFiles
2014-04-02 15:19 . 2009-01-08 00:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2014-04-02 15:17 . 2014-04-07 17:10 -------- d-----w- c:\windows\EHome
2014-03-26 18:48 . 2014-03-26 18:48 -------- d-----w- c:\windows\wt
2014-03-26 16:46 . 2014-03-26 16:46 827392 ----a-w- c:\windows\system32\FLASH.OCX
2014-03-26 16:46 . 2014-03-26 16:46 -------- d-sh--w- c:\windows\ftpcache
2014-03-26 01:45 . 2014-03-26 01:45 -------- d-sh--w- c:\documents and settings\Owner\UserData
2014-03-26 01:39 . 2008-04-14 06:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2014-03-26 01:39 . 2008-04-14 06:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2014-03-26 01:39 . 2008-04-14 06:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2014-03-26 01:39 . 2008-04-14 06:15 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2014-03-26 01:39 . 2008-04-14 04:09 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2014-03-26 01:39 . 2008-04-14 06:15 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2014-03-26 01:39 . 2008-04-14 06:15 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2014-03-26 01:39 . 2008-04-14 06:45 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2014-03-26 01:39 . 2008-04-14 05:49 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-03-26 01:39 . 2008-04-14 05:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-03-26 01:39 . 2001-08-17 21:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2014-03-26 01:39 . 2008-04-14 06:16 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2014-03-26 01:24 . 2014-04-16 16:37 -------- dcsh--r- c:\windows\system32\dllcache
2014-03-26 00:43 . 2008-04-14 06:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2014-03-26 00:43 . 2008-04-14 06:09 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2014-03-26 00:07 . 2008-04-14 11:42 36864 ----a-w- c:\windows\system32\netstat.exe
2014-03-26 00:06 . 2008-04-14 11:42 338432 ----a-w- c:\windows\system32\zipfldr.dll
2014-03-26 00:05 . 2002-08-29 10:00 9728 ----a-w- c:\windows\system32\label.exe
2014-03-26 00:04 . 2010-08-23 16:12 617472 ----a-w- c:\windows\system32\comctl32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-05 21:53 . 2014-04-05 21:53 36864 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\gnu.dll
2014-04-05 21:53 . 2014-04-05 21:53 114688 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\ZipLib.dll
2014-04-05 21:53 . 2014-04-05 21:53 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\WinVerifyTrust.dll
2014-04-05 21:53 . 2014-04-05 21:53 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\hwinv.dll
2014-04-05 21:53 . 2014-04-05 21:53 69632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\msxmlwrapper.dll
2014-04-05 21:53 . 2014-04-05 21:53 32768 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchapi.dll
2014-04-05 21:53 . 2014-04-05 21:53 98304 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PluginCtrl.dll
2014-04-05 21:53 . 2014-04-05 21:53 315392 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\pchmsxml.dll
2014-04-05 21:52 . 2014-04-05 21:52 307200 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\pchealthplugin.dll
2014-04-05 21:52 . 2014-04-05 21:52 3072 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchealthde.exe
2014-04-05 21:52 . 2014-04-05 21:52 24576 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pcdapi.dll
2014-04-05 21:52 . 2014-04-05 21:52 45056 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\util.dll
2014-04-05 21:52 . 2014-04-05 21:52 434176 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\motivede.dll
2014-04-05 21:52 . 2014-04-05 21:52 26572 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\INV16.dll
2014-04-05 21:52 . 2014-04-05 21:52 356352 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\client_motkt.dll
2014-04-05 21:52 . 2014-04-05 21:52 282624 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\clientutil52.dll
2014-04-05 21:52 . 2014-04-05 21:52 139264 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\ContentUpdater.exe
2014-04-05 21:52 . 2014-04-05 21:52 307200 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\pchnotify.exe
2014-04-05 21:52 . 2014-04-05 21:52 122880 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\SearchCtrl.dll
2014-04-05 21:52 . 2014-04-05 21:52 69632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\msxmlwrapper.dll
2014-04-05 21:52 . 2014-04-05 21:52 5632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\GUI.dll
2014-04-05 21:52 . 2014-04-05 21:52 4096 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\winverifytrustwrapper.dll
2014-04-05 21:52 . 2014-04-05 21:52 159744 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHButton.exe
2014-04-05 21:52 . 2014-04-05 21:52 344064 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\api.dll
2014-04-05 21:52 . 2014-04-05 21:52 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\FDIWrapper.dll
2014-04-05 21:52 . 2014-04-05 21:52 315392 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchmsxml.dll
2014-04-05 21:52 . 2014-04-05 21:52 212992 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\jsharpinterp.dll
2014-04-05 21:52 . 2014-04-05 21:52 114688 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\asst_ui.dll
2014-04-05 21:52 . 2014-04-05 21:52 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHI18N.dll
2014-02-07 02:01 . 2003-10-11 10:06 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2002-12-12 14:14 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-20 03:46 . 2014-01-20 03:46 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-08-19 852038]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 53248]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-03-20 4971024]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2013-05-03 1282120]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe -q [2003-10-14 557056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe -startup [2003-10-11 16384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [11/25/2013 10:56 PM 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [10/31/2013 11:30 PM 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/10/2013 1:43 AM 27448]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [8/1/2013 5:08 PM 193848]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [11/25/2013 10:49 PM 120600]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [11/25/2013 10:56 PM 210712]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [1/19/2014 10:46 PM 22808]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11/1/2013 12:00 AM 176952]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2/23/2014 10:22 PM 3782672]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/24/2013 2:33 AM 348008]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [4/17/2014 3:46 PM 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [4/17/2014 3:46 PM 857912]
S2 mrtRate;mrtRate; [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [4/8/2014 6:05 PM 3921880]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4/8/2014 6:05 PM 1042272]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [4/8/2014 6:05 PM 171416]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [3/31/2014 6:21 AM 1805624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/17/2014 3:46 PM 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [4/3/2014 5:32 PM 107736]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [2/10/2014 1:06 PM 12320]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-08 23:13 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-06 22:12]
.
2014-04-18 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-08 15:57]
.
2014-03-26 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-08-16 05:37]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-08 23:08]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-08 23:08]
.
2014-04-18 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-04-06 01:59]
.
2014-04-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-04-06 01:59]
.
2014-04-08 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-08 15:49]
.
2014-04-08 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-04-08 15:51]
.
2003-10-14 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-10-14 07:17]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://srch-qus10.hpwis.com/
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oj99jesp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-RecordNow! - (no file)
HKCU-Run-PC Clean Maestro Startup - c:\program files\CompuClever\PC Clean Maestro\pccum.exe
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-18 11:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1328348360-3828850535-3708530146-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,d1,e1,ac,a2,26,45,47,b3,7c,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,d1,e1,ac,a2,26,45,47,b3,7c,3e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-04-18 11:30:40
ComboFix-quarantined-files.txt 2014-04-18 16:30
.
Pre-Run: 54,933,184,512 bytes free
Post-Run: 55,224,369,152 bytes free
.
- - End Of File - - 96E6309D94616905B41BFC75B5654A24
8CC68602644010DFDB2A22CB60DDF258
Uninstalled 5 items,but not in safe mode.It worked in reg mode.
2 modules in the avg couldn't be unregistered-DSeShExt-x86 and sdshelex-win32
www.java.com and http://getadobe.comreader both loaded OK but when run got this
message-wndow installer service is not accessable in safe mode so I have only the setup
icon.I set the internet options in ctr panel ok.
Internet explorer don't work yet.Safe mode works pretty good.
2 modules in the avg couldn't be unregistered-DSeShExt-x86 and sdshelex-win32
www.java.com and http://getadobe.comreader both loaded OK but when run got this
message-wndow installer service is not accessable in safe mode so I have only the setup
icon.I set the internet options in ctr panel ok.
Internet explorer don't work yet.Safe mode works pretty good.
Hi, Thanks for your time,it sure has helped me get this far.
Back again.I downloaded both Java updates 51 & adobe reader K1,Hope they were the right ones.
I lost the IE in safe mode and don't know what caused that .I got IE in regular mode but really slow.
I get an IE script error(An error occurred in the script on the page.Do you want to contiue with script on this
page) Yes or NO. Also before that I got an error Char-8508 & Char 4111.
It takes along time to boot up maybe 10 minutes. It says microsoft updates are ready to download ant it says it was successful.
I look inmy updates and nothing there after rebooting.There waqs one on the 4-18 2014 otherwise all were done on the4-6-14
Last update 4-18-14 was Windows power shell(tm)1.0
I enabled active scripting,but something has to be done on scripting to get rid of the errors.
Back again.I downloaded both Java updates 51 & adobe reader K1,Hope they were the right ones.
I lost the IE in safe mode and don't know what caused that .I got IE in regular mode but really slow.
I get an IE script error(An error occurred in the script on the page.Do you want to contiue with script on this
page) Yes or NO. Also before that I got an error Char-8508 & Char 4111.
It takes along time to boot up maybe 10 minutes. It says microsoft updates are ready to download ant it says it was successful.
I look inmy updates and nothing there after rebooting.There waqs one on the 4-18 2014 otherwise all were done on the4-6-14
Last update 4-18-14 was Windows power shell(tm)1.0
I enabled active scripting,but something has to be done on scripting to get rid of the errors.
Ok, try one more scan and if nothing shows up then you either have a failing hard drive or windows is just so corrupt that you need to reinstall it.
You may have a rootkit/bootkit that is causing the slow bootup. Do the following.
Please download and run TDSSkiller
When the program opens, click on the start scan button.
TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.
To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.
After trying to clean them it will pop up with the results of the scan and its actions.
Please reboot the system if asked to do so.
After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
Please open the log and copy and paste it back here.
You may have a rootkit/bootkit that is causing the slow bootup. Do the following.
Please download and run TDSSkiller
When the program opens, click on the start scan button.
TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.
To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.
After trying to clean them it will pop up with the results of the scan and its actions.
Please reboot the system if asked to do so.
After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
Please open the log and copy and paste it back here.