1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Virus removal on KW computer

Discussion in 'Malware and Virus Removal Archive' started by rwirsig, 2013/09/03.

Page 1 of 2
  1. 2013/09/03
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    [Resolved] Virus removal on KW computer

    Please help with virus removal for KW computer (which was my former computer). Malware log are posted below:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.09.03.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Ralph :: KWPC [administrator]

    9/3/2013 8:26:20 AM
    MBAM-log-2013-09-03 (08-48-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 323463
    Time elapsed: 11 minute(s), 28 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\Software\AppDataLow\Software\PricePeep (PUP.Optional.PricePeep.A) -> No action taken.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Documents and Settings\Ralph\Application Data\PriceGong (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data (PUP.Optional.PriceGong.A) -> No action taken.

    Files Detected: 39
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\1.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\16944.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\17475.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\17513.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\19379.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\21224.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\2229.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\4489.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\450.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\5349.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\7038.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\a.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\b.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\c.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\d.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\e.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\f.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\g.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\h.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\i.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\j.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\k.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\l.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\m.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\mru.xml (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\n.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\o.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\p.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\q.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\r.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\s.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\t.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\u.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\v.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\w.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\wlu.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\x.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\y.txt (PUP.Optional.PriceGong.A) -> No action taken.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\z.txt (PUP.Optional.PriceGong.A) -> No action taken.

    (end)
     
    rwirsig,
    #1
  2. 2013/09/03
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Hi,

    Read this post as indicated at the top of this forum & follow the instructions.
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2013/09/03
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.09.03.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Ralph :: KWPC [administrator]

    9/3/2013 11:14:34 AM
    mbam-log-2013-09-03 (11-14-34).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 324710
    Time elapsed: 11 minute(s), 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Documents and Settings\Ralph\Application Data\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.

    Files Detected: 34
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\1.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\21356.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\2229.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\27472.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\4489.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\450.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\a.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\b.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\c.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\d.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\e.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\f.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\g.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\h.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\i.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\j.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\k.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\l.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\m.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\mru.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\n.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\o.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\p.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\q.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\r.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\s.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\t.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\u.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\v.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\w.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\wlu.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\x.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\y.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ralph\Application Data\PriceGong\Data\z.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.

    (end)
     
    rwirsig,
    #3
  5. 2013/09/03
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Run by Ralph at 11:38:04 on 2013-09-03
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.200 [GMT -4:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Internet Security 2013 *Enabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Browny02\Brother\BrStMonW.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\OtShot\otshot.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Browny02\BrYNSvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\DriverUpdate\DriverUpdate.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.tdwaterhouse.ca/products-services/investing/index.jsp
    uSearch Bar = hxxp://www.google.com
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    uURLSearchHooks: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - c:\program files\keybar_1.8\prxtbKeyB.dll
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
    BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - c:\program files\keybar_1.8\prxtbKeyB.dll
    BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: KeyBar 1.8 Toolbar: {9ED31F84-C8B3-4926-B950-DFF74047FF79} - c:\program files\keybar_1.8\prxtbKeyB.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - c:\program files\keybar_1.8\prxtbKeyB.dll
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE "
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [ConduitFloatingPlugin_bieggkdbhfmhhgllongmgdegafngmmne] "c:\windows\system32\rundll32.exe" "c:\program files\conduit\ct3311667\plugins\TBVerifier.dll ",RunConduitFloatingPlugin bieggkdbhfmhhgllongmgdegafngmmne
    uRun: [DriverUpdate] "c:\program files\driverupdate\DriverUpdate.exe" -boot
    mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
    mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [OtShot] c:\program files\otshot\otshot.exe -minimize
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: mcafee.com
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184190135625
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
    DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://www.driveragent.com/files/driveragent.cab
    TCP: NameServer = 192.168.175.2 142.166.86.18 142.166.86.19
    TCP: Interfaces\{5D0BA342-F8C6-4BE9-84DA-02DB837608B3} : DHCPNameServer = 192.168.175.2 142.166.86.18 142.166.86.19
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - <orphaned>
    Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - <orphaned>
    Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - <orphaned>
    Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - <orphaned>
    Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - c:\documents and settings\ralph\my documents\backup of d drive on old dell\qualcomm\eudora pro\EUSHLEXT.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.62\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\ralph\application data\mozilla\firefox\profiles\qwgywtfx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3286042&SearchSource=61&CUI=&UM=2
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\program files\nuance\pdf professional 6\bin\nppdf.dll
    FF - plugin: c:\program files\nuance\pdf professional 6\bin\nppdf.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.webcake.installId - f7d9fac4-c7f3-4d5f-bd6a-3992e697686d
    FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 60216]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 246072]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 96568]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 39224]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 208184]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22328]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 171320]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 182072]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-28 37664]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
    R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2013-2-1 245760]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-9-2 40776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9ef4e47b9dac;Google Update Service (gupdate1c9ef4e47b9dac);c:\program files\google\update\GoogleUpdate.exe [2009-6-17 133104]
    S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.3.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\15.3.0\ToolbarUpdater.exe [?]
    S3 cpuz132;cpuz132;\??\c:\docume~1\ralph\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\ralph\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-9-7 20032]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-11-12 36640]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-9-7 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-9-7 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-9-7 136808]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-8-17 13464]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
    .
    =============== File Associations ===============
    .
    ShellExec: sbewin32.exe: open= "c:\program files\sonic\backup mypc deluxe\backup mypc deluxe\sbewin32.exe "
    .
    =============== Created Last 30 ================
    .
    2013-09-03 15:33:27 -------- d-----w- c:\documents and settings\ralph\application data\PriceGong
    2013-09-03 14:45:04 -------- d-----w- c:\program files\DriverUpdate
    2013-09-02 11:14:58 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-08-29 14:33:28 -------- d-----w- C:\Microsoft
    2013-08-27 15:01:47 -------- d-----w- c:\documents and settings\ralph\application data\Optimizer Pro
    2013-08-27 14:59:34 -------- d-----w- c:\documents and settings\ralph\local settings\application data\KeyBar_1.8
    2013-08-27 14:59:33 -------- d-----w- c:\program files\KeyBar_1.8
    2013-08-27 14:59:08 -------- d-----w- c:\documents and settings\ralph\local settings\application data\CRE
    2013-08-27 14:59:08 -------- d-----w- c:\documents and settings\ralph\local settings\application data\Conduit
    2013-08-27 14:59:07 -------- d-----w- c:\program files\Conduit
    2013-08-27 14:57:10 -------- d-----w- c:\program files\FileOpenerPro
    2013-08-27 14:56:36 -------- d-----w- c:\program files\SearchProtect
    2013-08-27 14:55:08 -------- d-----w- c:\documents and settings\ralph\application data\SearchProtect
    2013-08-27 14:53:30 -------- d-----w- c:\program files\OtShot
    2013-08-14 12:07:52 -------- d-----w- c:\windows\system32\MRT
    .
    ==================== Find3M ====================
    .
    2013-09-03 14:46:18 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2013-08-21 09:10:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-08-21 09:10:58 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-08-03 18:18:38 1543680 ----a-w- c:\windows\system32\wmvdecod.dll
    2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-07-26 02:47:12 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
    2013-07-20 05:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2013-07-20 05:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-07-20 05:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-07-20 05:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
    2013-07-10 05:32:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-06-28 14:38:10 286720 ----a-w- c:\windows\iun506.exe
    2013-06-26 16:34:29 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2009-01-21 16:14:40 9780224 -c--a-w- c:\program files\openofficeorg30.msi
    2002-03-11 09:06:30 1822520 -c--a-w- c:\program files\instmsiw.exe
    2002-03-11 08:45:04 1708856 -c--a-w- c:\program files\instmsia.exe
    .
    ============= FINISH: 11:39:50.01 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/14/2012 6:24:08 PM
    System Uptime: 9/2/2013 3:19:07 PM (20 hours ago)
    .
    Motherboard: Dell Inc. | | 0J8885
    Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 44.54 GiB free.
    D: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: TI Technologies Inc.
    Description: RADEON X600 256MB HyperMemory Secondary
    Device ID: PCI\VEN_1002&DEV_5B72&SUBSYS_06031002&REV_00\4&1603E009&0&0108
    Manufacturer: ATI Technologies Inc.
    Name: RADEON X600 256MB HyperMemory Secondary
    PNP Device ID: PCI\VEN_1002&DEV_5B72&SUBSYS_06031002&REV_00\4&1603E009&0&0108
    Service: ati2mtag
    .
    ==== System Restore Points ===================
    .
    RP431: 6/5/2013 3:09:44 PM - System Checkpoint
    RP432: 6/6/2013 4:15:32 PM - System Checkpoint
    RP433: 6/7/2013 4:23:06 PM - System Checkpoint
    RP434: 6/8/2013 5:17:54 PM - System Checkpoint
    RP435: 6/9/2013 6:12:17 PM - System Checkpoint
    RP436: 6/10/2013 6:27:17 PM - System Checkpoint
    RP437: 6/11/2013 6:34:11 PM - System Checkpoint
    RP438: 6/12/2013 7:31:52 PM - System Checkpoint
    RP439: 6/13/2013 8:26:16 PM - System Checkpoint
    RP440: 6/14/2013 5:09:49 PM - Software Distribution Service 3.0
    RP441: 6/15/2013 5:50:01 PM - System Checkpoint
    RP442: 6/16/2013 6:34:42 PM - System Checkpoint
    RP443: 6/17/2013 7:27:09 PM - System Checkpoint
    RP444: 6/18/2013 8:31:32 PM - System Checkpoint
    RP445: 6/19/2013 9:15:31 PM - System Checkpoint
    RP446: 6/20/2013 10:09:06 PM - System Checkpoint
    RP447: 6/21/2013 10:38:29 PM - System Checkpoint
    RP448: 6/22/2013 10:55:55 PM - System Checkpoint
    RP449: 6/23/2013 11:50:05 PM - System Checkpoint
    RP450: 6/25/2013 12:43:58 AM - System Checkpoint
    RP451: 6/26/2013 12:58:14 AM - System Checkpoint
    RP452: 6/27/2013 1:01:56 AM - System Checkpoint
    RP453: 6/28/2013 1:28:24 AM - System Checkpoint
    RP454: 6/29/2013 2:22:52 AM - System Checkpoint
    RP455: 6/30/2013 3:16:02 AM - System Checkpoint
    RP456: 7/1/2013 4:09:34 AM - System Checkpoint
    RP457: 7/2/2013 5:22:22 AM - System Checkpoint
    RP458: 7/3/2013 5:58:52 AM - System Checkpoint
    RP459: 7/4/2013 6:53:24 AM - System Checkpoint
    RP460: 7/5/2013 7:47:49 AM - System Checkpoint
    RP461: 7/6/2013 8:42:14 AM - System Checkpoint
    RP462: 7/7/2013 10:00:28 AM - System Checkpoint
    RP463: 7/8/2013 10:15:44 AM - System Checkpoint
    RP464: 7/9/2013 10:56:21 AM - System Checkpoint
    RP465: 7/10/2013 2:07:14 PM - Removed E-Center
    RP466: 7/10/2013 2:09:30 PM - Configured Your Application Name
    RP467: 7/10/2013 2:11:02 PM - Configured Your Application Name
    RP468: 7/10/2013 2:16:41 PM - Removed Driver Manager.
    RP469: 7/10/2013 2:19:10 PM - Removed DriverUpdate
    RP470: 7/10/2013 2:20:44 PM - Removed Search-Results Toolbar.
    RP471: 7/10/2013 2:25:24 PM - Removed SupportSoft Assisted Service
    RP472: 7/10/2013 10:44:21 PM - Software Distribution Service 3.0
    RP473: 7/11/2013 10:53:08 PM - System Checkpoint
    RP474: 7/12/2013 11:10:56 PM - System Checkpoint
    RP475: 7/14/2013 12:03:49 AM - System Checkpoint
    RP476: 7/15/2013 12:56:12 AM - System Checkpoint
    RP477: 7/16/2013 1:51:39 AM - System Checkpoint
    RP478: 7/17/2013 2:44:55 AM - System Checkpoint
    RP479: 7/18/2013 4:27:57 AM - System Checkpoint
    RP480: 7/19/2013 4:36:28 AM - System Checkpoint
    RP481: 7/20/2013 8:41:01 AM - System Checkpoint
    RP482: 7/21/2013 8:53:54 AM - System Checkpoint
    RP483: 7/22/2013 8:56:04 AM - System Checkpoint
    RP484: 7/23/2013 9:50:21 AM - System Checkpoint
    RP485: 7/24/2013 10:55:05 AM - System Checkpoint
    RP486: 7/25/2013 11:11:45 AM - System Checkpoint
    RP487: 7/26/2013 12:05:55 PM - System Checkpoint
    RP488: 7/27/2013 12:57:15 PM - System Checkpoint
    RP489: 7/28/2013 1:52:41 PM - System Checkpoint
    RP490: 7/29/2013 2:59:49 PM - System Checkpoint
    RP491: 7/30/2013 3:30:14 PM - System Checkpoint
    RP492: 7/31/2013 3:44:39 PM - System Checkpoint
    RP493: 8/1/2013 3:59:18 PM - System Checkpoint
    RP494: 8/2/2013 4:27:09 PM - System Checkpoint
    RP495: 8/3/2013 4:34:23 PM - System Checkpoint
    RP496: 8/4/2013 4:35:29 PM - System Checkpoint
    RP497: 8/5/2013 5:34:23 PM - System Checkpoint
    RP498: 8/6/2013 6:17:04 PM - System Checkpoint
    RP499: 8/7/2013 8:15:23 PM - System Checkpoint
    RP500: 8/9/2013 8:00:59 AM - System Checkpoint
    RP501: 8/10/2013 8:44:43 AM - System Checkpoint
    RP502: 8/11/2013 9:39:06 AM - System Checkpoint
    RP503: 8/12/2013 10:32:37 AM - System Checkpoint
    RP504: 8/13/2013 11:22:27 AM - System Checkpoint
    RP505: 8/14/2013 7:47:30 AM - Software Distribution Service 3.0
    RP506: 8/15/2013 7:51:52 AM - System Checkpoint
    RP507: 8/16/2013 8:48:26 AM - System Checkpoint
    RP508: 8/17/2013 9:48:21 AM - System Checkpoint
    RP509: 8/18/2013 10:36:08 AM - System Checkpoint
    RP510: 8/19/2013 11:13:02 AM - System Checkpoint
    RP511: 8/20/2013 11:24:06 AM - System Checkpoint
    RP512: 8/21/2013 12:02:24 PM - System Checkpoint
    RP513: 8/22/2013 12:13:06 PM - System Checkpoint
    RP514: 8/23/2013 12:57:40 PM - System Checkpoint
    RP515: 8/24/2013 2:02:44 PM - System Checkpoint
    RP516: 8/25/2013 2:48:20 PM - System Checkpoint
    RP517: 8/26/2013 3:41:31 PM - System Checkpoint
    RP518: 8/27/2013 4:32:41 PM - System Checkpoint
    RP519: 8/28/2013 11:41:42 AM - Software Distribution Service 3.0
    RP520: 8/29/2013 12:10:28 PM - System Checkpoint
    RP521: 8/30/2013 1:16:37 PM - System Checkpoint
    RP522: 8/31/2013 1:43:26 PM - System Checkpoint
    RP523: 9/1/2013 2:40:14 PM - System Checkpoint
    RP524: 9/2/2013 4:41:40 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Digital Editions 2.0
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.7)
    Adobe Shockwave Player
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    ArcSoft Software Suite
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Control Panel
    ATI Display Driver
    Audacity 1.2.6
    AVG 2013
    Avidemux 2.5 (32-bit)
    Bonjour
    Bridge Baron 16
    Brother MFL-Pro Suite MFC-J435W
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Digital Camera Solution Disk 40-46 Software Starter Guide
    Canon DIGITAL CAMERA Solution Disk Software Guide
    Canon G.726 WMP-Decoder
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon Personal Printing Guide
    Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC 8
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities CameraWindow Launcher
    Canon Utilities EOS Utility
    Canon Utilities Movie Uploader for YouTube
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Compatibility Pack for the 2007 Office system
    Corel Photo Album 6
    Defraggler
    Dell Digital Jukebox Driver
    Dell ResourceCD
    DellConnect
    DesignCAD File Viewer
    DesignPro 5.4 Limited Edition
    Digital Voice Editor 3
    Disketch CD Label Software
    DriverUpdate
    DVD Photo Slideshow Pro 7.97
    EPSON Printer Software
    Express Burn
    Express Rip
    File Opener Pro
    GeoDesigner version 3
    Golden Records Vinyl to CD Converter
    Google Chrome
    Google Photos Screensaver
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Video Player
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB969084)
    Image Resizer Powertoy for Windows XP
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) PRO Network Connections Drivers
    iPhone Configuration Utility
    iTunes
    Jasc Paint Shop Photo Album
    Jasc Paint Shop Pro 8 Dell Edition
    Java Auto Updater
    Java(TM) 6 Update 22
    Just Grandma and Me
    KeePass Password Safe 2.21
    KeyBar 1.8 Toolbar
    Kodak EasyShare software
    Learn to Play Bridge 2
    Malwarebytes Anti-Malware version 1.75.0.1300
    McAfee Shredder
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft ActiveSync 3.7
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Easy Assist
    Microsoft Office 2003 Primary Interop Assemblies
    Microsoft Office Basic Edition 2003
    Microsoft Office File Validation Add-In
    Microsoft Silverlight
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2005 Tools for Office Runtime
    MobileMe Control Panel
    Mozilla Firefox (3.0.1)
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 6.0 Parser (KB933579)
    Musicmatch® Jukebox
    Nuance PDF Viewer Plus
    OpenOffice.org 3.2
    Paint.NET v3.5.8
    Picasa 3
    PowerDVD 5.5
    Prism Video File Converter
    QuickTime
    Safari
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Scansoft PDF Professional
    ScanToWeb
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows Internet Explorer 8 (KB2817183)
    Security Update for Windows Internet Explorer 8 (KB2829530)
    Security Update for Windows Internet Explorer 8 (KB2838727)
    Security Update for Windows Internet Explorer 8 (KB2846071)
    Security Update for Windows Internet Explorer 8 (KB2847204)
    Security Update for Windows Internet Explorer 8 (KB2862772)
    Security Update for Windows Media Player (KB2834904-v2)
    Security Update for Windows Media Player (KB2834904)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2483614)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2813347)
    Security Update for Windows XP (KB2820197)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2829361)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2839229)
    Security Update for Windows XP (KB2845187)
    Security Update for Windows XP (KB2849470)
    Security Update for Windows XP (KB2850851)
    Security Update for Windows XP (KB2850869)
    Security Update for Windows XP (KB2859537)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Skins
    Sonic Backup MyPC Deluxe
    Sonic MyDVD Plus
    Sonic Update Manager
    Sound Blaster Live! 24-bit
    SoundTap Streaming Audio Recorder
    SpeedFan (remove only)
    Switch Sound File Converter
    Total Commander (Remove or Repair)
    TurboTax 2010
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2863058)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB973815)
    VideoPad Video Editor
    Visual Studio 2005 Tools for Office Second Edition Runtime
    WavePad Sound Editor
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    Xilisoft Video Converter Ultimate 6
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/30/2013 9:17:10 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
    8/30/2013 10:37:52 AM, error: System Error [1003] - Error code 0000007a, parameter1 e20d1640, parameter2 c000009a, parameter3 bf8bf293, parameter4 26834860.
    8/28/2013 11:38:36 AM, error: Service Control Manager [7000] - The vToolbarUpdater15.3.0 service failed to start due to the following error: The system cannot find the file specified.
    .
    ==== End Of File ===========================
     
    rwirsig,
    #4
  6. 2013/09/03
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    I am confused. I get to Step 3 which says "Start a new topic in our Malware and virus removal forum and provide the following logs:" which I just did in my previous 2 posts. Am I still on track?
     
    rwirsig,
    #5
  7. 2013/09/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're fine.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
    broni,
    #6
  8. 2013/09/03
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    virus removal KW computer

    RogueKiller V8.6.9 [Sep 3 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Ralph [Admin rights]
    Mode : Remove -- Date : 09/03/2013 21:10:54
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 2 ¤¤¤
    [V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\WINDOWS\TEMP\{4BB3E5EA-AB86-40FC-BEC7-C0F7AC2F9492}.exe - --uninstall=1 [x] -> DELETED
    [V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job : C:\WINDOWS\TEMP\{DD9A6E73-23C3-4908-9137-2F027788E2E2}.exe - --uninstall=1 [x] -> DELETED

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Disk drive +++++
    --- User ---
    [MBR] d05031de66b84f1b57439ca6bba44ae9
    [BSP] 7b58051596c4a6d879da8ab7d736d7f0 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_09032013_211054.txt >>
    RKreport[0]_S_09032013_211021.txt

    RogueKiller V8.6.9 [Sep 3 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Ralph [Admin rights]
    Mode : Scan -- Date : 09/03/2013 21:10:21
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 2 ¤¤¤
    [V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\WINDOWS\TEMP\{4BB3E5EA-AB86-40FC-BEC7-C0F7AC2F9492}.exe - --uninstall=1 [x] -> FOUND
    [V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job : C:\WINDOWS\TEMP\{DD9A6E73-23C3-4908-9137-2F027788E2E2}.exe - --uninstall=1 [x] -> FOUND

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Disk drive +++++
    --- User ---
    [MBR] d05031de66b84f1b57439ca6bba44ae9
    [BSP] 7b58051596c4a6d879da8ab7d736d7f0 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_09032013_211021.txt >>
     
    rwirsig,
    #7
  9. 2013/09/04
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    Computer is still very slow. It stalled after signing in to BBS

    Malwarebytes Anti-Rootkit BETA 1.07.0.1005
    www.malwarebytes.org

    Database version: v2013.09.04.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Ralph :: KWPC [administrator]

    9/4/2013 2:23:36 PM
    mbar-log-2013-09-04 (14-23-36).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 327404
    Time elapsed: 21 minute(s), 28 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    Malwarebytes Anti-Rootkit BETA 1.07.0.1005
    www.malwarebytes.org

    Database version: v2013.09.03.08

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Ralph :: KWPC [administrator]

    9/3/2013 9:46:19 PM
    mbar-log-2013-09-03 (21-46-19).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 327614
    Time elapsed: 22 minute(s), 13 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B} (Adware.Agent) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Delete on reboot.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1005

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_22

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 3.192000 GHz
    Memory total: 1071722496, free: 412049408

    Downloaded database version: v2013.09.03.08
    Downloaded database version: v2013.08.06.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    09/03/2013 21:45:56
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    cercsr6.sys
    \WINDOWS\System32\Drivers\SCSIPORT.SYS
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    PxHelp20.sys
    KSecDD.sys
    WudfPf.sys
    Ntfs.sys
    NDIS.sys
    speedfan.sys
    Mup.sys
    giveio.sys
    avgrkx86.sys
    avglogx.sys
    avgmfx86.sys
    avgidshx.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ati2mtag.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\IntelC53.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\IntelC51.sys
    \SystemRoot\system32\DRIVERS\IntelC52.sys
    \SystemRoot\system32\DRIVERS\mohfilt.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\drivers\P17.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\ctoss2k.sys
    \SystemRoot\system32\DRIVERS\ctsfm2k.sys
    \SystemRoot\system32\DRIVERS\e100b325.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\serscan.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\MODEMCSA.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\avgtdix.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\ws2ifsl.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\avgldx86.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\avgidsshimx.sys
    \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ati2dvag.dll
    \SystemRoot\System32\ati2cqag.dll
    \SystemRoot\System32\atikvmag.dll
    \SystemRoot\System32\atiok3x2.dll
    \SystemRoot\System32\ati3duag.dll
    \SystemRoot\System32\ativvaxx.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\System32\Drivers\TDTCP.SYS
    \SystemRoot\System32\Drivers\RDPWD.SYS
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\DOCUME~1\Ralph\LOCALS~1\Temp\mbr.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86f68ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-17\
    Lower Device Object: 0xffffffff86f57b00
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86f68ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86f8bb70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86f68ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86f57b00, DeviceName: \Device\Ide\IdeDeviceP1T0L0-17\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ntmtlfax.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nv4_mini.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\recagent.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\Hdaudio.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\Hdaudio.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfcxts2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slnt7554.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slntamr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slnthal.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slwdmsup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinrvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cdralw2k.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\cdralw2k.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtxparhm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\s3gnbm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mdmxsdk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv07nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv08nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv09nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv11nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\watv06nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\watv10nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtlmnt5.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cdr4_xp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\cdr4_xp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinsnxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atintuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinxbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinxsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1btxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1mdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1pdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1raxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1rvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1snxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1ttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1tuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1xbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1xsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mtaa.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinbtxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinmdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinpdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinraxx.sys" is compressed (flags = 1)
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 7F79EBB7

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 312576642
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 160041885696 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
    Done!
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B} --> [Adware.Agent]
    Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} --> [Adware.Agent]
    Read File: File "c:\documents and settings\all users\application data\avg2013\chjw\22485021484ff1d9.dat:6c849c60-ca45-494e-90ac-593c18b30c45" is sparse (flags = 32768)
    Read File: File "C:\WINDOWS\$_hpcst$.hpc" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2013\log\avgcfg.log.1" is compressed (flags = 1)
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1005

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_22

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 3.192000 GHz
    Memory total: 1071722496, free: 550359040

    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1005

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_22

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 3.192000 GHz
    Memory total: 1071722496, free: 393953280

    Downloaded database version: v2013.09.04.07
    Downloaded database version: v2013.08.06.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    09/04/2013 14:23:21
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    cercsr6.sys
    \WINDOWS\System32\Drivers\SCSIPORT.SYS
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    PxHelp20.sys
    KSecDD.sys
    WudfPf.sys
    Ntfs.sys
    NDIS.sys
    speedfan.sys
    Mup.sys
    giveio.sys
    avgrkx86.sys
    avglogx.sys
    avgmfx86.sys
    avgidshx.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ati2mtag.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\IntelC53.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\IntelC51.sys
    \SystemRoot\system32\DRIVERS\IntelC52.sys
    \SystemRoot\system32\DRIVERS\mohfilt.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\drivers\P17.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\ctoss2k.sys
    \SystemRoot\system32\DRIVERS\ctsfm2k.sys
    \SystemRoot\system32\DRIVERS\e100b325.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\serscan.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\MODEMCSA.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\avgtdix.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\ws2ifsl.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\avgldx86.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\avgidsshimx.sys
    \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ati2dvag.dll
    \SystemRoot\System32\ati2cqag.dll
    \SystemRoot\System32\atikvmag.dll
    \SystemRoot\System32\atiok3x2.dll
    \SystemRoot\System32\ati3duag.dll
    \SystemRoot\System32\ativvaxx.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\System32\Drivers\TDTCP.SYS
    \SystemRoot\System32\Drivers\RDPWD.SYS
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86fd3ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-17\
    Lower Device Object: 0xffffffff86f6ab00
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86fd3ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86f8bb70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86fd3ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86f6ab00, DeviceName: \Device\Ide\IdeDeviceP1T0L0-17\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ntmtlfax.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nv4_mini.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\recagent.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\Hdaudio.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\Hdaudio.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfcxts2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slnt7554.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slntamr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slnthal.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slwdmsup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinrvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cdralw2k.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\cdralw2k.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtxparhm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\s3gnbm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mdmxsdk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv07nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv08nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv09nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv11nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\watv06nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\watv10nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtlmnt5.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cdr4_xp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\cdr4_xp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinsnxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atintuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinxbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinxsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1btxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1mdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1pdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1raxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1rvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1snxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1ttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1tuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1xbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1xsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mtaa.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinbtxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinmdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinpdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinraxx.sys" is compressed (flags = 1)
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 7F79EBB7

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 312576642
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 160041885696 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
    Done!
    Read File: File "c:\documents and settings\all users\application data\avg2013\chjw\22485021484ff1d9.dat:2127c620-3e0a-4435-90aa-1c1704896729" is sparse (flags = 32768)
    Read File: File "C:\WINDOWS\$_hpcst$.hpc" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
    Removal finished
     
    rwirsig,
    #8
  10. 2013/09/04
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    virus removal KW computer

    This computer (KWPC) is very slow and frequently hangs up during surfacing using Internet Explorer
     
    rwirsig,
    #9
  11. 2013/09/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
    broni,
    #10
  12. 2013/09/05
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    virus removal from KW cmputer

    I have downloaded ComboFix. I want to be sure I need to uninstall AVG 2013 before running it. The link for list of programs that should be disabled mentions AVG 2011 and earlier versions. It does not mention AVG 2013
     
    rwirsig,
    #11
  13. 2013/09/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, you must uninstall it.
     
    broni,
    #12
  14. 2013/09/06
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    virus removal from KW computer

    After uninstalling AVG and running Combofix I have had great difficulty navigating and deciding how to get anti virus protection back and so I may have done things that I should not have roughly in the following sequence:
    -when commencing to download AVG I unknowingly downloaded AVUS which may be OK as I believe (perhaps incorrectly) is a download manager.
    -I could not find the download for AVG 2013 so I downloaded and installed AVG 2014 which I then discovered was a trial version.
    -I decided to instead go with download of MS Essentials (which I preceeded with download of MS download manager) but repeatedly got the error message "There is a problem accessing the file you want to download ". I subsequently discovered that AVG may have been doing a scan at that time.
    -I decided to uinstall AVG 2014 and then try installing MS Essentials
    ---I uninstalled AVUS first and then in the process of uninstalling AVG I discovered how to downgrade AVG 2014 to the free version.
    So the net result is AVG 2014 free version is installed as is the MS download manager.
    ComboFix 13-09-06.01 - Ralph 09/06/2013 8:56.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.540 [GMT -4:00]
    Running from: c:\documents and settings\Ralph\Desktop\ComboFix.exe
    FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Keith\wrar390.exe
    c:\documents and settings\Ralph\Application Data\Mozilla\Firefox\Profiles\qwgywtfx.default\extensions\pricepeep@getpricepeep.com.xpi
    c:\documents and settings\Ralph\Application Data\PriceGong
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\1.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\17513.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\2229.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\2256.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\4489.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\450.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\5985.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\9514.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\979.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\a.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\b.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\c.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\d.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\e.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\f.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\g.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\h.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\i.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\j.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\k.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\l.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\m.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\n.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\o.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\p.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\q.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\r.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\s.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\t.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\u.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\v.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\w.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\wlu.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\x.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\y.txt
    c:\documents and settings\Ralph\Application Data\PriceGong\Data\z.txt
    c:\documents and settings\Ralph\GoToAssistDownloadHelper.exe
    c:\documents and settings\Ralph\My Documents\~WRL1188.tmp
    c:\documents and settings\Ralph\My Documents\~WRL2341.tmp
    c:\documents and settings\Ralph\My Documents\~WRL2623.tmp
    c:\documents and settings\Ralph\My Documents\~WRL3288.tmp
    c:\documents and settings\Ralph\My Documents\~WRL3294.tmp
    c:\documents and settings\Ralph\My Documents\~WRL3596.tmp
    c:\documents and settings\Ralph\My Documents\~WRL3613.tmp
    c:\documents and settings\Ralph\My Documents\~WRL3975.tmp
    c:\documents and settings\Ralph\WINDOWS
    c:\program files\TelevisionFanaticEI
    c:\program files\TelevisionFanaticEI\Installr\2.bin\64EZSETP.dll
    c:\windows\pkunzip.pif
    c:\windows\pkzip.pif
    c:\windows\system32\Cache
    c:\windows\system32\Cache\26c630d098e22dd5.fb
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\3598f1639a1bec17.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\857cdf1f489d8918.fb
    c:\windows\system32\Cache\95f567698be8a182.fb
    c:\windows\system32\Cache\a4815b4e28c578c0.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\a95d1f801c146e92.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\c1b22239946ff3d0.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c493082b38176239.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\PowerToyReadme.htm
    c:\windows\system32\SETE5.tmp
    c:\windows\system32\SETE7.tmp
    c:\windows\system32\SETF6.tmp
    c:\windows\system32\System32\MASetupCleaner.exe
    c:\windows\system32\System32\muzapp.exe
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-08-06 to 2013-09-06 )))))))))))))))))))))))))))))))
    .
    .
    2013-09-06 12:35 . 2013-09-06 12:35 -------- d-----w- c:\windows\LastGood
    2013-09-06 12:25 . 2013-09-06 12:33 -------- d-----w- c:\documents and settings\Ralph\Local Settings\Application Data\Avg2013
    2013-09-04 18:23 . 2013-09-04 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2013-09-03 14:45 . 2013-09-03 14:45 -------- d-----w- c:\program files\DriverUpdate
    2013-09-02 12:48 . 2013-09-02 12:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\KeyBar_1.8
    2013-08-29 14:33 . 2013-08-29 14:34 -------- d-----w- C:\Microsoft
    2013-08-27 15:01 . 2013-08-27 15:01 -------- d-----w- c:\documents and settings\Ralph\Application Data\Optimizer Pro
    2013-08-27 14:59 . 2013-09-03 15:00 -------- d-----w- c:\documents and settings\Ralph\Local Settings\Application Data\KeyBar_1.8
    2013-08-27 14:59 . 2013-08-27 14:59 -------- d-----w- c:\program files\KeyBar_1.8
    2013-08-27 14:59 . 2013-08-27 14:59 -------- d-----w- c:\documents and settings\Ralph\Local Settings\Application Data\Conduit
    2013-08-27 14:59 . 2013-08-27 14:59 -------- d-----w- c:\documents and settings\Ralph\Local Settings\Application Data\CRE
    2013-08-27 14:59 . 2013-08-27 14:59 -------- d-----w- c:\program files\Conduit
    2013-08-27 14:57 . 2013-08-27 14:57 -------- d-----w- c:\program files\FileOpenerPro
    2013-08-27 14:56 . 2013-08-30 19:29 -------- d-----w- c:\program files\SearchProtect
    2013-08-27 14:55 . 2013-08-30 19:42 -------- d-----w- c:\documents and settings\Ralph\Application Data\SearchProtect
    2013-08-27 14:53 . 2013-09-06 12:46 -------- d-----w- c:\program files\OtShot
    2013-08-14 12:07 . 2013-08-14 12:12 -------- d-----w- c:\windows\system32\MRT
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-09-06 12:35 . 2012-08-17 13:58 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2013-08-21 09:10 . 2012-04-18 00:04 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-08-21 09:10 . 2011-05-19 18:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-08-03 18:18 . 2006-10-19 02:47 1543680 ----a-w- c:\windows\system32\wmvdecod.dll
    2013-07-26 02:47 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-07-26 02:47 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-07-26 02:47 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-07-25 15:52 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2013-07-10 10:37 . 2004-08-04 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
    2013-07-04 03:03 . 2004-08-04 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-07-04 02:08 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-06-28 14:38 . 2009-11-06 20:16 286720 ----a-w- c:\windows\iun506.exe
    2013-06-26 16:34 . 2012-09-28 12:12 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2009-01-21 16:14 . 2009-01-21 16:14 9780224 -c--a-w- c:\program files\openofficeorg30.msi
    2002-03-11 09:06 . 2002-03-11 09:06 1822520 -c--a-w- c:\program files\instmsiw.exe
    2002-03-11 08:45 . 2002-03-11 08:45 1708856 -c--a-w- c:\program files\instmsia.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{9ed31f84-c8b3-4926-b950-dff74047ff79} "= "c:\program files\KeyBar_1.8\prxtbKeyB.dll" [2013-07-17 226592]
    .
    [HKEY_CLASSES_ROOT\clsid\{9ed31f84-c8b3-4926-b950-dff74047ff79}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9ed31f84-c8b3-4926-b950-dff74047ff79}]
    2013-07-17 08:53 226592 ----a-w- c:\program files\KeyBar_1.8\prxtbKeyB.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{9ed31f84-c8b3-4926-b950-dff74047ff79} "= "c:\program files\KeyBar_1.8\prxtbKeyB.dll" [2013-07-17 226592]
    .
    [HKEY_CLASSES_ROOT\clsid\{9ed31f84-c8b3-4926-b950-dff74047ff79}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{9ED31F84-C8B3-4926-B950-DFF74047FF79} "= "c:\program files\KeyBar_1.8\prxtbKeyB.dll" [2013-07-17 226592]
    .
    [HKEY_CLASSES_ROOT\clsid\{9ed31f84-c8b3-4926-b950-dff74047ff79}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-08 39408]
    "ConduitFloatingPlugin_bieggkdbhfmhhgllongmgdegafngmmne "= "c:\program files\Conduit\CT3311667\plugins\TBVerifier.dll" [1618-10-20 287008]
    "DriverUpdate "= "c:\program files\DriverUpdate\DriverUpdate.exe" [2013-06-22 34220352]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTSysVol "= "c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
    "StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
    "KeePass 2 PreLoad "= "c:\program files\KeePass Password Safe 2\KeePass.exe" [2013-02-03 1937920]
    "APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
    "ControlCenter4 "= "c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
    "BrStsMon00 "= "c:\program files\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
    "OtShot "= "c:\program files\OtShot\otshot.exe" [2012-10-18 4386816]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} "= "c:\documents and settings\Ralph\My Documents\Backup of D Drive on Old Dell\Qualcomm\Eudora Pro\EuShlExt.dll" [2005-06-07 86016]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0sprestrt
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Quick View.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Quick View.lnk
    backup=c:\windows\pss\WD Quick View.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
    backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2013-04-22 01:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
    2006-02-09 22:34 106496 -c--a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2005-02-23 21:19 53248 -c--a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    2004-02-03 05:42 401491 ----a-w- c:\program files\Microsoft ActiveSync\WCESCOMM.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-06-10 15:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2013-02-20 17:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
    2013-02-03 16:43 1937920 ----a-w- c:\program files\KeePass Password Safe 2\KeePass.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
    2011-08-01 03:32 958352 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
    2011-08-01 03:32 20880 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
    2011-08-01 03:32 3507088 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
    2005-05-03 15:38 64512 ----a-w- c:\windows\system32\P17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
    2010-03-06 00:11 62752 ----a-w- c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
    2010-03-06 01:11 636192 ----a-w- c:\program files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 06:00 90112 -c--a-w- c:\windows\Updreg.EXE
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE "=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\WINDOWS\\system32\\muzapp.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe "=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009
    "54925:UDP "= 54925:UDP:BrotherNetwork Scanner
    .
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/28/2012 8:12 AM 37664]
    R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2/1/2013 11:28 AM 245760]
    S2 gupdate1c9ef4e47b9dac;Google Update Service (gupdate1c9ef4e47b9dac);c:\program files\Google\Update\GoogleUpdate.exe [6/17/2009 9:17 AM 133104]
    S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [?]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [9/7/2011 7:59 PM 20032]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [11/12/2010 10:46 PM 36640]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [9/7/2011 8:49 PM 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [9/7/2011 8:49 PM 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [9/7/2011 8:49 PM 136808]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [8/17/2012 9:58 AM 13464]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - AVGTP
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-09-06 00:41 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 09:10]
    .
    2013-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2013-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 13:17]
    .
    2013-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 13:17]
    .
    2012-01-02 c:\windows\Tasks\prismShakeIcon.job
    - c:\program files\NCH Software\Prism\prism.exe [2011-12-30 21:03]
    .
    2013-09-06 c:\windows\Tasks\User_Feed_Synchronization-{10C0F504-0F1B-48EE-BB8D-A01C43DD7100}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    2011-11-20 c:\windows\Tasks\videopadShakeIcon.job
    - c:\program files\NCH Software\VideoPad\videopad.exe [2011-11-13 22:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.tdwaterhouse.ca/products-services/investing/index.jsp
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 192.168.175.2 142.166.86.18 142.166.86.19
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
    FF - ProfilePath - c:\documents and settings\Ralph\Application Data\Mozilla\Firefox\Profiles\qwgywtfx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3286042&SearchSource=61&CUI=&UM=2
    FF - user.js: extentions.webcake.installId - f7d9fac4-c7f3-4d5f-bd6a-3992e697686d
    FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-BrMfcWnd - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
    MSConfigStartUp-ControlCenter3 - c:\program files\Brother\ControlCenter3\brctrcen.exe
    MSConfigStartUp-EPSON Stylus Photo RX500 - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
    MSConfigStartUp-Garmin Lifetime Updater - c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
    MSConfigStartUp-IndexSearch - c:\program files\ScanSoft\PaperPort\IndexSearch.exe
    MSConfigStartUp-Intuit SyncManager - c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
    MSConfigStartUp-ISUSPM - c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
    MSConfigStartUp-MyGarminAgent - c:\program files\Garmin\MyGarminAgent\MyGarminAgent.exe
    MSConfigStartUp-Nuance PDF Professional 6-reminder - c:\program files\Nuance\PDF Professional 6\Ereg\Ereg.exe
    MSConfigStartUp-PaperPort PTD - c:\program files\ScanSoft\PaperPort\pptd40nt.exe
    MSConfigStartUp-PDF6 Registry Controller - c:\program files\Nuance\PDF Professional 6\RegistryController.exe
    MSConfigStartUp-SetDefPrt - c:\program files\Brother\Brmfl06a\BrStDvPt.exe
    MSConfigStartUp-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
    AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
    AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-09-06 09:13
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker5 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    Completion time: 2013-09-06 09:18:01
    ComboFix-quarantined-files.txt 2013-09-06 13:17
    .
    Pre-Run: 47,583,129,600 bytes free
    Post-Run: 48,379,682,816 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - C4880F5F472BAAC29C7D5C70C47A54CD
    8F558EB6672622401DA993E1E865C861
     
    rwirsig,
    #13
  15. 2013/09/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #14
  16. 2013/09/06
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    virus removal from KW computer

    # AdwCleaner v3.002 - Report created 06/09/2013 at 14:17:38
    # Updated 01/09/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Ralph - KWPC
    # Running from : C:\Documents and Settings\Ralph\Local Settings\Temporary Internet Files\Content.IE5\P81N3KMY\adwcleaner[1].exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : DefaultTabSearch
    Service Deleted : DefaultTabUpdate

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\DefaultTab
    Folder Deleted : C:\Program Files\SearchProtect
    Folder Deleted : C:\Program Files\KeyBar_1.8
    Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\KeyBar_1.8
    Folder Deleted : C:\Documents and Settings\Ralph\IECompatCache
    Folder Deleted : C:\Documents and Settings\Ralph\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\Ralph\Local Settings\Application Data\cre
    Folder Deleted : C:\Documents and Settings\Ralph\Local Settings\Application Data\iac
    Folder Deleted : C:\Documents and Settings\Ralph\Local Settings\Application Data\Smartbar
    Folder Deleted : C:\Documents and Settings\Ralph\Local Settings\Application Data\KeyBar_1.8
    Folder Deleted : C:\DOCUME~1\Ralph\LOCALS~1\Temp\Smartbar
    Folder Deleted : C:\Documents and Settings\Ralph\Application Data\DefaultTab
    Folder Deleted : C:\Documents and Settings\Ralph\Application Data\optimizer pro
    Folder Deleted : C:\Documents and Settings\Ralph\Application Data\PriceGong
    Folder Deleted : C:\Documents and Settings\Ralph\Application Data\SearchProtect
    Folder Deleted : C:\Documents and Settings\Ralph\Application Data\Mozilla\Firefox\Profiles\qwgywtfx.default\Extensions\plugin@getwebcake.com
    Folder Deleted : C:\Documents and Settings\Ralph\Application Data\Mozilla\Firefox\Profiles\qwgywtfx.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
    [!] Folder Deleted : C:\Documents and Settings\Ralph\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
    [!] Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    [!] Folder Deleted : C:\Documents and Settings\Ralph\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
    File Deleted : C:\END
    File Deleted : C:\Documents and Settings\Ralph\Desktop\Optimizer Pro.lnk
    File Deleted : C:\Documents and Settings\Ralph\Application Data\Mozilla\Firefox\Profiles\qwgywtfx.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
    Key Deleted : HKCU\Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
    Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
    Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
    Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
    Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
    Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
    Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
    Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311668
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_bieggkdbhfmhhgllongmgdegafngmmne]
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CDAEF41-CC90-43EE-B5E2-DF4A0ACB908E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6CDAEF41-CC90-43EE-B5E2-DF4A0ACB908E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CDAEF41-CC90-43EE-B5E2-DF4A0ACB908E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BF24CDF-EB63-4757-99F0-C83A186C1609}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1095DD04-D152-40DC-9AE7-B7B641D96051}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\Default Tab
    Key Deleted : HKCU\Software\DefaultTab
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\PriceGong
    Key Deleted : HKCU\Software\SearchProtect
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\SmartbarBackup
    Key Deleted : HKCU\Software\SmartbarLog
    Key Deleted : HKCU\Software\KeyBar_1.8
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Default Tab
    Key Deleted : HKLM\Software\DefaultTab
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\KeyBar_1.8
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.8 Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\KeyBar_1.8 Toolbar
    Product Deleted : Google Update Helper

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v3.0.1 (en-US)

    [ File : C:\Documents and Settings\Ralph\Application Data\Mozilla\Firefox\Profiles\qwgywtfx.default\prefs.js ]

    Line Deleted : user_pref( "CT3286042.FF19Solved ", "true ");
    Line Deleted : user_pref( "CT3286042.installDate ", "27/08/2013 10:55:03 ");
    Line Deleted : user_pref( "CT3286042.installSessionId ", "-1 ");
    Line Deleted : user_pref( "CT3286042.installSp ", "TRUE ");
    Line Deleted : user_pref( "CT3286042.installerVersion ", "1.6.1.2 ");
    Line Deleted : user_pref( "CT3286042.searchRevert ", "false ");
    Line Deleted : user_pref( "CT3286042.searchUserMode ", "2 ");
    Line Deleted : user_pref( "CT3286042.versionFromInstaller ", "3.19.0.1 ");
    Line Deleted : user_pref( "CT3286042.xpeMode ", "0 ");
    Line Deleted : user_pref( "browser.startup.homepage ", "hxxp://search.conduit.com/?ctid=CT3286042&SearchSource=61&CUI=&UM=2 ");
    Line Deleted : user_pref( "smartbar.machineId ", "JRL4DI47WBUIKPHEPXVTX3LBFI0RZN9ZYCNRGSVSQMX/JZJIG7F3DR0HIIPLPJ0TTNATRHJJTOQZIYQOMVAWRQ ");
    Line Deleted : user_pref( "smartbar.conduitHomepageList ", "hxxp://search.conduit.com/?ctid=CT3286042&SearchSource=61&CUI=&UM=2 ");
    Line Deleted : user_pref( "smartbar.originalHomepage ", "hxxp://www.google.ca/ ");

    -\\ Google Chrome v29.0.1547.66

    [ File : C:\Documents and Settings\Ralph\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage
    Deleted : urls_to_restore_on_startup
    Deleted : icon_url
    Deleted : search_url
    Deleted : keyword

    *************************

    AdwCleaner[R0].txt - [11498 octets] - [06/09/2013 14:16:26]
    AdwCleaner[S0].txt - [11616 octets] - [06/09/2013 14:17:38]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11677 octets] ##########
     
    rwirsig,
    #15
  17. 2013/09/06
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    virus removal from KW computer

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 5.5.8 (09.05.2013:1)
    OS: Microsoft Windows XP x86
    Ran by Ralph on Fri 09/06/2013 at 17:00:39.12
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdater
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{01B8A842-4834-415D-B941-6CC0A7E6D1BB}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{62CFC18A-A24D-4EC5-9D52-BB49F5A00EC4}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A44F631-F7A2-4E72-8623-DB0A11EFDB70}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Program Files\fileopenerpro "
    Successfully deleted: [Folder] "C:\Program Files\otshot "
    Successfully deleted: [Folder] "C:\Program Files\pc mightymax 2010 "



    ~~~ FireFox

    Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml "
    Successfully deleted: [Folder] C:\Documents and Settings\Ralph\Application Data\mozilla\firefox\profiles\qwgywtfx.default\extensions\staged





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 09/06/2013 at 17:14:59.17
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    rwirsig,
    #16
  18. 2013/09/06
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    OTL logfile created on: 9/6/2013 5:49:21 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ralph\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1022.07 Mb Total Physical Memory | 537.48 Mb Available Physical Memory | 52.59% Memory free
    2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.60% Paging File free
    Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 44.77 Gb Free Space | 30.04% Space Free | Partition Type: NTFS

    Computer Name: KWPC | User Name: Ralph | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/09/06 17:47:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ralph\Desktop\OTL.exe
    PRC - [2013/08/26 17:31:10 | 004,851,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
    PRC - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
    PRC - [2013/06/22 15:30:28 | 034,220,352 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\DriverUpdate\DriverUpdate.exe
    PRC - [2011/05/19 10:51:52 | 002,629,632 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
    PRC - [2009/09/08 18:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2003/09/17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/08/14 08:18:16 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll
    MOD - [2013/08/14 08:14:06 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\14d1a28674a9f78c5759e7dcf74a13fd\System.Configuration.ni.dll
    MOD - [2013/08/14 08:00:53 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
    MOD - [2013/08/14 08:00:36 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a12a09aaa2c560a808dea7eaba5040c1\System.Windows.Forms.ni.dll
    MOD - [2013/08/14 07:59:57 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
    MOD - [2013/08/14 07:55:40 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
    MOD - [2013/08/14 07:51:55 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2013/07/10 23:41:32 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll
    MOD - [2013/07/10 23:29:27 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/11/22 22:07:28 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3559.38418__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
    MOD - [2009/11/22 22:07:28 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3559.38424__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
    MOD - [2009/11/22 22:07:27 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3559.38265__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2009/11/22 22:07:27 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3559.38285__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2009/11/22 22:07:27 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3559.38418__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
    MOD - [2009/11/22 22:07:27 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3559.38418__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
    MOD - [2009/11/22 22:07:26 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3559.38290__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
    MOD - [2009/11/22 22:07:26 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3559.38378__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
    MOD - [2009/11/22 22:07:26 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3559.38292__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2009/11/22 22:07:26 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3559.38372__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MOD - [2009/11/22 22:07:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3559.38276__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2009/11/22 22:07:25 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3559.38359__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
    MOD - [2009/11/22 22:07:25 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3559.38397__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
    MOD - [2009/11/22 22:07:25 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3559.38344__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MOD - [2009/11/22 22:07:25 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3559.38325__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MOD - [2009/11/22 22:07:24 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3559.38275__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2009/11/22 22:07:23 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3559.38399__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
    MOD - [2009/11/22 22:07:23 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3559.38291__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
    MOD - [2009/11/22 22:07:23 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3559.38290__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
    MOD - [2009/11/22 22:07:21 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3559.38351__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
    MOD - [2009/11/22 22:07:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3559.38352__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
    MOD - [2009/11/22 22:07:21 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3559.38350__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
    MOD - [2009/11/22 22:07:16 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3559.38328__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
    MOD - [2009/11/22 22:07:16 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3559.38364__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
    MOD - [2009/11/22 22:07:15 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3559.38292__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MOD - [2009/11/22 22:07:15 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3559.38327__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
    MOD - [2009/11/22 22:07:14 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3559.38373__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
    MOD - [2009/11/22 22:07:14 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3559.38278__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
    MOD - [2009/11/22 22:07:14 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3559.38293__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
    MOD - [2009/11/22 22:07:14 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3559.38340__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
    MOD - [2009/11/22 22:07:14 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3559.38298__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
    MOD - [2009/11/22 22:07:14 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3559.38340__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
    MOD - [2009/11/22 22:07:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3559.38342__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
    MOD - [2009/11/22 22:07:12 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3559.38346__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
    MOD - [2009/11/22 22:07:12 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3559.38321__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
    MOD - [2009/11/22 22:07:12 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3559.38326__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
    MOD - [2009/11/22 22:07:12 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3559.38326__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
    MOD - [2009/11/22 22:07:11 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3559.38327__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
    MOD - [2009/11/22 22:07:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2009/11/22 22:07:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2009/11/22 22:07:10 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
    MOD - [2009/11/22 22:07:10 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
    MOD - [2009/11/22 22:07:09 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
    MOD - [2009/11/22 22:07:09 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2009/11/22 22:07:09 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2009/11/22 22:07:08 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
    MOD - [2009/11/22 22:07:06 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2009/11/22 22:07:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2009/11/22 22:07:06 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
    MOD - [2009/11/22 22:07:06 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2009/11/22 22:07:05 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2009/11/22 22:07:05 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
    MOD - [2009/11/22 22:07:05 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
    MOD - [2009/11/22 22:07:05 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2009/11/22 22:07:04 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2009/11/22 22:07:04 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2009/11/22 22:07:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2009/11/22 22:07:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2009/11/22 22:07:03 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2009/11/22 22:07:03 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2009/11/22 22:07:03 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2009/11/22 22:07:03 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
    MOD - [2009/11/22 22:07:03 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2009/11/22 22:07:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
    MOD - [2009/11/22 22:07:02 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2009/11/22 22:07:01 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MOD - [2009/11/22 22:07:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
    MOD - [2009/11/22 22:06:59 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
    MOD - [2009/11/22 22:06:58 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
    MOD - [2009/11/22 22:06:58 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
    MOD - [2009/11/22 22:06:58 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
    MOD - [2009/11/22 22:06:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2009/11/22 22:06:57 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
    MOD - [2009/11/22 22:06:57 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
    MOD - [2009/11/22 22:06:57 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MOD - [2009/11/22 22:06:57 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MOD - [2009/11/22 22:06:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
    MOD - [2009/11/22 22:06:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MOD - [2009/11/22 22:06:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2009/11/22 22:06:55 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3559.38437__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
    MOD - [2009/11/22 22:06:55 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3559.38409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2009/11/22 22:06:55 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
    MOD - [2009/11/22 22:06:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2009/11/22 22:06:54 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
    MOD - [2009/11/22 22:06:54 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
    MOD - [2009/11/22 22:06:54 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3559.38259__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
    MOD - [2009/11/22 22:06:53 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3559.38390__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2009/11/22 22:06:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
    MOD - [2009/11/22 22:06:52 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3559.38388__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2009/11/22 22:06:52 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2009/11/22 22:06:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2009/11/22 22:06:51 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3559.38383__90ba9c70f846762e\CLI.Component.Systemtray.dll
    MOD - [2009/11/22 22:06:51 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3559.38284__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2009/11/22 22:06:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2009/11/22 22:06:51 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2009/11/22 22:06:50 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3559.38262__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2009/11/22 22:06:50 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3559.38264__90ba9c70f846762e\CLI.Component.SkinFactory.dll
    MOD - [2009/11/22 22:06:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2009/11/22 22:06:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2009/11/22 22:06:47 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3559.38271__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2009/11/22 22:06:47 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2009/11/22 22:06:46 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3559.38262__90ba9c70f846762e\ATIDEMOS.dll
    MOD - [2009/11/22 22:06:46 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2009/11/22 22:06:46 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3559.38390__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2009/11/22 22:06:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MOD - [2009/11/22 22:06:45 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3559.38261__90ba9c70f846762e\APM.Server.dll
    MOD - [2009/11/22 22:06:45 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3559.38260__90ba9c70f846762e\AEM.Server.dll
    MOD - [2009/10/01 17:45:50 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
    MOD - [2002/07/04 10:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\Share\PIHook.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
    SRV - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2013/08/21 05:10:59 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2009/10/14 20:59:54 | 000,099,688 | R--- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)
    SRV - [2009/09/08 18:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ivusb.sys -- (ivusb)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Ralph\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Ralph\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2013/09/06 14:24:43 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
    DRV - [2013/08/22 23:37:18 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2013/08/22 22:56:56 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2013/08/22 22:56:16 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
    DRV - [2013/08/22 22:56:16 | 000,146,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2013/08/20 22:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2013/08/01 16:06:40 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2013/08/01 16:06:14 | 000,120,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
    DRV - [2013/08/01 16:05:58 | 000,026,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2013/06/26 12:34:29 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2011/07/20 03:46:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2011/07/20 03:46:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus)
    DRV - [2011/07/20 03:46:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2011/07/20 03:45:52 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
    DRV - [2011/07/20 03:45:52 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
    DRV - [2011/07/20 03:45:52 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV - [2011/06/07 11:13:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
    DRV - [2010/10/25 05:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2007/06/15 02:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
    DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
    DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
    DRV - [2006/03/01 20:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
    DRV - [2006/02/09 21:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/05/06 14:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
    DRV - [2005/05/06 14:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
    DRV - [2005/05/06 14:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
    DRV - [2005/01/10 10:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005/01/10 10:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2004/03/24 11:12:44 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
    DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
    DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tdwaterhouse.ca/products-services/investing/index.jsp
    IE - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\..\SearchScopes\{7056F18E-131E-470B-BF71-FFEF11CB8942}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
    IE - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\..\SearchScopes\{D1667950-9128-4DD9-8EF3-73765F67BF11}: "URL" = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLA_en
    IE - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {e03b8a97-4253-e530-84d0-4cdc7ae40c47}:1.0
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
    FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: nuance@pdf6:1.0
    FF - prefs.js..network.proxy.no_proxies_on: "*.local "
    FF - user.js - File not found

    >
     
    rwirsig,
    #17
  19. 2013/09/06
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013/09/06 17:00:06 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/22 17:42:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/22 17:42:40 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{57E72829-C158-4341-BBED-58F0AD1740FD}: C:\Program Files\Google\Google Photos Screensaver\FF_ext [2008/01/08 11:34:34 | 000,000,000 | ---D | M]

    [2009/10/09 16:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ralph\Application Data\Mozilla\Extensions
    [2009/10/09 16:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ralph\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
    [2013/09/06 17:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ralph\Application Data\Mozilla\Firefox\Profiles\qwgywtfx.default\extensions
    [2010/11/26 15:39:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ralph\Application Data\Mozilla\Firefox\Profiles\qwgywtfx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2013/09/06 09:49:21 | 000,000,000 | ---D | M] ( "QuickShare Widget ") -- C:\Documents and Settings\Ralph\Application Data\Mozilla\Firefox\Profiles\qwgywtfx.default\extensions\{e03b8a97-4253-e530-84d0-4cdc7ae40c47}
    [2010/11/26 16:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/27 07:30:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/10/04 16:45:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/28 09:55:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2008/01/08 11:36:29 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
    [2008/03/26 18:49:14 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-ggic@partners.mozilla.com
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: AVG Secure Search (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com
    CHR - default_search_provider: suggest_url = http://toolbar.avg.com/acp?q={searchTerms}&o=1
    CHR - homepage: http://www.google.com

    O1 HOSTS File: ([2013/09/06 09:13:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
    O3 - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003..\Run: [AVUS] C:\Program Files\AVUS\AVUS.exe File not found
    O4 - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003..\Run: [DriverUpdate] C:\Program Files\DriverUpdate\DriverUpdate.exe (SlimWare Utilities, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab (Reg Error: Key error.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1184190135625 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} ftp://ftp.autodesk.com/pub/whip/english/whip.cab (Reg Error: Key error.)
    O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downl...584-842756A66467/MicrosoftDownloadManager.cab (Microsoft Download Manager ActiveX control)
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://www.driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.175.2 142.166.86.18 142.166.86.19
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D0BA342-F8C6-4BE9-84DA-02DB837608B3}: DhcpNameServer = 192.168.175.2 142.166.86.18 142.166.86.19
    O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
    O18 - Protocol\Handler\intu-qt2007 - No CLSID value found
    O18 - Protocol\Handler\intu-qt2008 - No CLSID value found
    O18 - Protocol\Handler\intu-qt2009 - No CLSID value found
    O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Documents and Settings\Ralph\My Documents\Backup of D Drive on Old Dell\Qualcomm\Eudora Pro\EUSHLEXT.DLL (Qualcomm Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/01/11 14:19:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (sprestrt)
    O34 - HKLM BootExecute: (sprestrt)
    O34 - HKLM BootExecute: (sprestrt)
    O34 - HKLM BootExecute: (sprestrt)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/09/06 17:47:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ralph\Desktop\OTL.exe
    [2013/09/06 17:00:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2013/09/06 16:56:04 | 001,028,823 | ---- | C] (Thisisu) -- C:\Documents and Settings\Ralph\Desktop\JRT.exe
    [2013/09/06 14:25:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ralph\IECompatCache
    [2013/09/06 14:25:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2013/09/06 14:15:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/09/06 11:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
    [2013/09/06 11:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
    [2013/09/06 10:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph\Application Data\AVG2014
    [2013/09/06 10:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    [2013/09/06 10:13:41 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2013/09/06 10:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
    [2013/09/06 09:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph\Local Settings\Application Data\Avg2014
    [2013/09/06 08:50:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2013/09/06 08:47:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/09/06 08:47:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/09/06 08:47:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/09/06 08:47:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/09/06 08:46:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/09/06 08:46:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2013/09/06 08:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph\Local Settings\Application Data\Avg2013
    [2013/09/05 06:45:49 | 005,120,615 | R--- | C] (Swearware) -- C:\Documents and Settings\Ralph\Desktop\ComboFix.exe
    [2013/09/04 14:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    [2013/09/03 21:41:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph\Desktop\mbar
    [2013/09/03 21:40:30 | 012,907,592 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Ralph\Desktop\mbar-1.07.0.1005.exe
    [2013/09/03 21:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph\Desktop\RK_Quarantine
    [2013/09/03 10:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverUpdate
    [2013/09/03 10:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\DriverUpdate
    [2013/08/29 11:00:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ralph\Recent
    [2013/08/29 10:33:28 | 000,000,000 | ---D | C] -- C:\Microsoft
    [2013/08/22 23:37:18 | 000,176,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2013/08/22 22:56:56 | 000,209,208 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
    [2013/08/22 22:56:16 | 000,223,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
    [2013/08/22 22:56:16 | 000,146,232 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidshx.sys
    [2013/08/20 22:54:04 | 000,102,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2013/08/14 08:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
    [2002/03/11 05:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
    [2002/03/11 04:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
    [23 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/09/06 17:47:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ralph\Desktop\OTL.exe
    [2013/09/06 17:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/09/06 17:10:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/09/06 16:56:05 | 001,028,823 | ---- | M] (Thisisu) -- C:\Documents and Settings\Ralph\Desktop\JRT.exe
    [2013/09/06 16:44:54 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{10C0F504-0F1B-48EE-BB8D-A01C43DD7100}.job
    [2013/09/06 14:24:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/09/06 14:24:43 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
    [2013/09/06 14:23:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/09/06 14:23:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/09/06 11:23:15 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
    [2013/09/06 10:14:26 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
    [2013/09/06 09:40:55 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\Ralph\ntuser.pol
    [2013/09/06 09:13:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/09/06 08:50:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2013/09/06 08:46:22 | 005,120,615 | R--- | M] (Swearware) -- C:\Documents and Settings\Ralph\Desktop\ComboFix.exe
    [2013/09/05 21:27:33 | 000,001,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2013/09/05 07:03:02 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Ralph\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
    [2013/09/03 21:40:30 | 012,907,592 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Ralph\Desktop\mbar-1.07.0.1005.exe
    [2013/09/03 21:05:13 | 000,918,016 | ---- | M] () -- C:\Documents and Settings\Ralph\Desktop\RogueKiller.exe
    [2013/09/03 10:45:05 | 000,001,856 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverUpdate.lnk
    [2013/09/02 08:48:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/08/30 10:35:34 | 1071,824,896 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2013/08/27 10:57:19 | 020,480,000 | ---- | M] () -- C:\Documents and Settings\Ralph\Local Settings\Application Data\store-pp.jbs
    [2013/08/22 23:37:18 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2013/08/22 22:56:56 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
    [2013/08/22 22:56:16 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
    [2013/08/22 22:56:16 | 000,146,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidshx.sys
    [2013/08/20 22:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2013/08/14 08:02:23 | 000,478,952 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/08/14 08:02:23 | 000,077,926 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [23 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/09/06 11:23:15 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
    [2013/09/06 10:14:26 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
    [2013/09/06 09:40:55 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Ralph\ntuser.pol
    [2013/09/06 08:50:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2013/09/06 08:50:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2013/09/06 08:47:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/09/06 08:47:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/09/06 08:47:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/09/06 08:47:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/09/06 08:47:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/09/03 21:04:59 | 000,918,016 | ---- | C] () -- C:\Documents and Settings\Ralph\Desktop\RogueKiller.exe
    [2013/09/03 10:45:05 | 000,001,856 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverUpdate.lnk
    [2013/08/27 10:57:18 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Ralph\Local Settings\Application Data\store-pp.jbs
    [2013/02/01 11:30:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI
    [2013/02/01 11:27:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
    [2013/02/01 11:27:16 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
    [2012/08/17 09:58:21 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
    [2012/08/10 14:41:18 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Ralph\Local Settings\Application Data\dt.dat
    [2012/07/15 12:33:20 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
    [2012/02/15 02:23:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/31 15:49:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
    [2012/01/31 15:27:32 | 000,010,600 | R--- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
    [2012/01/31 15:27:31 | 000,124,264 | R--- | C] () -- C:\WINDOWS\System32\mp3dec.dll
    [2012/01/31 15:27:31 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
    [2011/11/20 08:33:29 | 000,850,402 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2000478354-1454471165-1417001333-1003-0.dat
    [2011/11/20 08:33:26 | 000,286,194 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2010/11/14 20:28:20 | 000,038,476 | ---- | C] () -- C:\Documents and Settings\Ralph\Application Data\Microsoft Excel.ADR
    [2010/11/12 22:45:45 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Ralph\Application Data\$_hpcst$.hpc
    [2010/09/10 21:16:39 | 000,005,102 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojobkspa.ako
    [2010/03/10 13:34:26 | 000,000,358 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2009/10/09 16:48:13 | 000,186,706 | ---- | C] () -- C:\Documents and Settings\Ralph\Local Settings\Application Data\Excal32.dat
    [2009/03/24 19:02:22 | 000,004,430 | ---- | C] () -- C:\Documents and Settings\Ralph\Application Data\Comma Separated Values (Windows).NOT
    [2009/03/24 17:41:50 | 000,011,480 | ---- | C] () -- C:\Documents and Settings\Ralph\Application Data\Comma Separated Values (Windows).TSK
    [2009/01/21 12:21:30 | 128,611,035 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
    [2009/01/21 12:14:42 | 000,000,336 | ---- | C] () -- C:\Program Files\setup.ini
    [2009/01/21 12:14:40 | 009,780,224 | ---- | C] () -- C:\Program Files\openofficeorg30.msi
    [2009/01/16 18:33:10 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Ralph\usb
    [2008/10/04 08:37:47 | 000,013,032 | ---- | C] () -- C:\Documents and Settings\Ralph\Application Data\Comma Separated Values (Windows).CAL
    [2008/07/29 18:16:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ralph\REG00000
    [2007/01/14 08:21:30 | 509,253,756 | RH-- | C] () -- C:\Documents and Settings\Ralph\Backup Status
    [2007/01/03 21:46:34 | 000,009,369 | ---- | C] () -- C:\Documents and Settings\Ralph\Application Data\Comma Separated Values (Windows).EML
    [2007/01/03 20:15:45 | 000,038,483 | ---- | C] () -- C:\Documents and Settings\Ralph\Application Data\Microsoft Access.ADR
    [2007/01/03 17:51:43 | 000,038,317 | ---- | C] () -- C:\Documents and Settings\Ralph\Application Data\Comma Separated Values (Windows).ADR
    [2005/11/28 14:07:51 | 000,168,448 | ---- | C] () -- C:\Documents and Settings\Ralph\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2005/10/03 21:55:18 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Ralph\Eudora.lnk

    ========== ZeroAccess Check ==========

    [2007/12/29 21:35:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    " " = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    " " = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    " " = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/02/25 10:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2010/12/23 11:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
    [2013/09/06 08:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
    [2013/09/06 10:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
    [2010/10/17 07:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2006/01/23 14:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2007/07/11 17:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2011/01/14 22:29:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2013/02/01 11:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4
    [2012/01/24 12:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
    [2008/07/03 13:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
    [2006/01/20 10:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA41.tmp
    [2013/09/06 11:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2009/03/26 16:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2009/01/16 20:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2013/05/29 22:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
    [2009/01/16 15:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
    [2011/09/07 19:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
    [2013/05/29 22:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2009/01/16 10:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
    [2011/01/30 11:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
    [2009/03/26 16:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    [2012/03/09 08:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
    [2011/05/03 09:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xilisoft
    [2010/03/10 13:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
    [2009/03/20 20:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/03/31 08:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/12 08:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/17 23:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2012/10/13 09:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
    [2010/03/22 17:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Nuance
    [2008/12/16 10:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2008/10/08 13:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SACore
    [2009/10/09 16:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\Auslogics
    [2013/09/06 10:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\AVG2014
    [2011/10/16 21:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\avidemux
    [2005/12/31 22:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\Backup MyPC Deluxe
    [2011/11/13 17:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2008/07/20 06:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2013/02/01 11:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\ControlCenter4
    [2010/11/26 15:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\Dropbox
    [2013/05/29 21:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\GARMIN
    [2008/12/26 18:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\KEDDS
    [2013/08/27 10:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\KeePass
    [2005/10/11 20:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\Leadertech
    [2010/02/19 21:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\licenses
    [2010/09/10 21:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\MOVAVI
    [2008/05/02 08:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\MSNInstaller
    [2006/12/28 19:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\Musicmatch
    [2009/01/16 20:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\NCH Swift Sound
    [2010/03/16 08:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\Nuance
    [2009/03/22 08:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\OpenOffice.org
    [2012/01/12 20:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\PC-FAX TX
    [2010/02/19 21:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\PCMM2009
    [2010/02/19 21:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\PCMM2010
    [2006/01/13 10:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\Qualcomm
    [2010/04/27 15:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\RETScreen
    [2011/09/07 19:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\Samsung
    [2008/12/26 13:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\Skinux
    [2009/10/09 16:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\Songbird2
    [2012/09/28 08:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\TuneUp Software
    [2008/01/29 22:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\Uniblue
    [2010/08/14 07:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\VirtualStore
    [2010/05/07 21:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\Western DigitalTemp
    [2011/05/03 09:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\Xilisoft
    [2010/03/10 13:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph\Application Data\Zeon

    ========== Purity Check ==========



    < End of report
     
    rwirsig,
    #18
  20. 2013/09/06
    rwirsig Lifetime Subscription

    rwirsig Well-Known Member Thread Starter

    Joined:
    2013/08/09
    Messages:
    174
    Likes Received:
    0
    OTL Extras logfile created on: 9/6/2013 5:49:21 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ralph\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1022.07 Mb Total Physical Memory | 537.48 Mb Available Physical Memory | 52.59% Memory free
    2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.60% Paging File free
    Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 44.77 Gb Free Space | 30.04% Space Free | Partition Type: NTFS

    Computer Name: KWPC | User Name: Ralph | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-2000478354-1454471165-1417001333-1003\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE" = C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\AVG\AVG2014\avgnsx.exe" = C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2014\avgdiagex.exe" = C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostics 2014 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2014\avgemcx.exe" = C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabled:personal Email Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{06053AB3-B607-B752-3252-4A2EA9E9761E}" = CCC Help Dutch
    "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
    "{0B4A8658-43F1-50CA-AF30-C67E3AE2C9ED}" = CCC Help Greek
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0CC61470-D776-2353-D5CB-C7BC20204863}" = CCC Help Finnish
    "{12655AB3-9285-A2F0-5BBC-C5C45E4D718C}" = CCC Help Czech
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1B325F70-A984-421E-8407-06683E6EF03B}" = QuickShare
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{24700C01-3A72-29D4-001B-6EE6BF71EB5E}" = CCC Help Korean
    "{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
    "{26262388-95BF-58B0-CD46-A8F957BB67BF}" = Catalyst Control Center Graphics Full Existing
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 22
    "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2AB19D49-EADA-4CDC-8656-FB5B3842B553}" = GeoDesigner version 3
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{329376FB-FB6C-C587-F483-07E3418456F5}" = ccc-utility
    "{33A38A8B-9E1E-BCBB-EA87-CE797EC75080}" = CCC Help Chinese Traditional
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{369EEB32-64D1-F22A-1B2C-A3E81582E767}" = CCC Help Japanese
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3FCD8F30-057D-C96F-AEF4-B0D77DE9730C}" = CCC Help Portuguese
    "{41F7E490-9500-4EFE-A0E3-9960EDDD7088}" = DesignCAD File Viewer
    "{46605BDE-7F82-DB0F-7906-3279A7E639BE}" = Catalyst Control Center Localization All
    "{480A8E00-D808-7D79-977B-CEBBB3BEB409}" = CCC Help French
    "{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
    "{48C7FD10-D6AD-8EE0-2E8E-0480C4EEB1BD}" = Catalyst Control Center HydraVision Full
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4FC19392-E4A5-4CCB-B45A-AB7E8126D3C9}" = Microsoft Easy Assist
    "{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
    "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
    "{5CA7ABC3-5F89-3A1D-A113-046EA4C7FCEB}" = ccc-core-static
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
    "{637099FB-45FD-4BC7-9651-6FB540DBB749}" = Sonic Backup MyPC Deluxe
    "{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
    "{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
    "{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
    "{6F77AD48-BA04-F868-2D04-FC1BFF5E00BA}" = Catalyst Control Center Graphics Light
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{788907C5-C83B-9785-A1F0-67050017324E}" = CCC Help Spanish
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7F5F1767-88C6-CBFC-5DD3-D853343FD5AE}" = CCC Help German
    "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
    "{84DE3702-3262-BE38-27E8-5ED423D803C6}" = CCC Help Chinese Standard
    "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
    "{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
    "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
    "{95053B5A-42E0-830E-85BD-733FAFC28BA7}" = ccc-core-preinstall
    "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
    "{98CB5CA0-88D8-47E2-ABEC-A2547986B97F}" = Bridge Baron 16
    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
    "{9B40D533-4F38-893D-EE5A-17226104BBC2}" = Skins
    "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
    "{A08CB73B-5DEA-185D-5D98-2230004D75ED}" = CCC Help Danish
    "{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J435W
    "{A22D91C3-E7BD-CBEE-7CDC-DE4C42FA27B7}" = CCC Help Hungarian
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{ABD40D9A-6865-4C2E-B525-05A7020F1494}" = AVG 2014
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
    "{AD0DD974-ADC2-8C10-DFA6-C1203A6E5106}" = CCC Help Polish
    "{B014F739-B305-5319-D996-6612BD60ED74}" = CCC Help Swedish
    "{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
    "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C570CAF4-D734-5412-C842-9AB150803074}" = Catalyst Control Center Core Implementation
    "{C67F5282-3EB4-4FE2-A5C7-ABEE4BE42F6D}" = DriverUpdate
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
    "{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
    "{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
    "{D01F5B2C-2776-6C46-441C-E819C08DF4FF}" = CCC Help Turkish
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D2FCA53F-F568-D08A-458F-F7C9769A30ED}" = CCC Help Norwegian
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{D89B70AB-CF91-36A4-8658-FACA3AF6A654}" = Catalyst Control Center Graphics Previews Common
    "{DF1274DC-02D4-B2D7-6197-5D24E1EF84B1}" = CCC Help Thai
    "{E000D42E-5842-20A6-EEB1-6DED8C2746C5}" = CCC Help Italian
    "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
    "{E1F85CCE-735F-4CD2-B5AA-1F471AA6AF11}" = AVG 2014
    "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
    "{E7679B31-21F5-4AAE-1620-0DFACF702325}" = Catalyst Control Center Graphics Full New
    "{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
    "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
    "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F83491F9-7CDF-46A7-9994-9E002CE5CE75}" = CCC Help Russian
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{FDE409B1-1FF3-DC39-083E-C0F4ED496D5E}" = CCC Help English
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "Audacity_is1" = Audacity 1.2.6
    "AVG" = AVG 2014
    "Avidemux 2.5" = Avidemux 2.5 (32-bit)
    "CAL" = Canon Camera Access Library
    "CameraUserGuide-PSELPH300HS_IXUS220HS" = Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide
    "CameraWindowDC" = Canon Utilities CameraWindow DC
    "CameraWindowDC8" = Canon Utilities CameraWindow DC 8
    "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "CCleaner" = CCleaner
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CSCLIB" = Canon Camera Support Core Library
    "Defraggler" = Defraggler
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Disketch" = Disketch CD Label Software
    "DVD Photo Slideshow Professional" = DVD Photo Slideshow Pro 7.97
    "EOS Utility" = Canon Utilities EOS Utility
    "EPSON Printer and Utilities" = EPSON Printer Software
    "ExpressBurn" = Express Burn
    "ExpressRip" = Express Rip
    "fileopenerpro" = File Opener Pro
    "Golden" = Golden Records Vinyl to CD Converter
    "Google Chrome" = Google Chrome
    "GoogleVideoPlayer" = Google Video Player
    "HijackThis" = HijackThis 2.0.2
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
    "Just Grandma and Me" = Just Grandma and Me
    "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.21
    "Learn_to_Play_Bridge_2" = Learn to Play Bridge 2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
    "Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "MyCamera" = Canon Utilities MyCamera
    "MyCameraDC" = Canon Utilities MyCamera DC
    "Personal Printing Guide" = Canon Personal Printing Guide
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picasa 3" = Picasa 3
    "Prism" = Prism Video File Converter
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
    "SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
    "SoundTap" = SoundTap Streaming Audio Recorder
    "SpeedFan" = SpeedFan (remove only)
    "Switch" = Switch Sound File Converter
    "Totalcmd" = Total Commander (Remove or Repair)
    "VideoPad" = VideoPad Video Editor
    "WavePad" = WavePad Sound Editor
    "Windows CE Services" = Microsoft ActiveSync 3.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/6/2013 7:10:36 AM | Computer Name = KWPC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2013/09/06 07:10:36.375]: [00000128]: SendSKeySettingToDevice::
    Snmp Load Error[0] To[192.168.1.106]

    Error - 9/6/2013 7:32:47 AM | Computer Name = KWPC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2013/09/06 07:32:47.484]: [00000128]: SendSKeySettingToDevice::
    Snmp Load Error[0] To[192.168.1.106]

    Error - 9/6/2013 9:32:10 AM | Computer Name = KWPC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2013/09/06 09:32:10.484]: [00001424]: SendSKeySettingToDevice::
    Snmp Load Error[0] To[192.168.1.106]

    Error - 9/6/2013 9:55:21 AM | Computer Name = KWPC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2013/09/06 09:55:21.531]: [00001424]: SendSKeySettingToDevice::
    Snmp Load Error[0] To[192.168.1.106]

    Error - 9/6/2013 10:49:15 AM | Computer Name = KWPC | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
    faulting module pricegongie.dll, version 3.6.12.0, stamp 516e945c, debug? 0, fault
    address 0x00007d20.

    Error - 9/6/2013 10:50:24 AM | Computer Name = KWPC | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
    faulting module pricegongie.dll, version 3.6.12.0, stamp 516e945c, debug? 0, fault
    address 0x00007d20.

    Error - 9/6/2013 11:48:06 AM | Computer Name = KWPC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2013/09/06 11:48:06.375]: [00001424]: SendSKeySettingToDevice::
    Snmp Load Error[0] To[192.168.1.106]

    Error - 9/6/2013 12:13:16 PM | Computer Name = KWPC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2013/09/06 12:13:16.296]: [00001424]: SendSKeySettingToDevice::
    Snmp Load Error[0] To[192.168.1.106]

    Error - 9/6/2013 12:54:26 PM | Computer Name = KWPC | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2013/09/06 12:54:26.859]: [00001424]: SendSKeySettingToDevice::
    Snmp Load Error[0] To[192.168.1.106]

    Error - 9/6/2013 5:01:28 PM | Computer Name = KWPC | Source = Application Error | ID = 1000
    Description = Faulting application tasklist.exe, version 5.1.2600.5512, faulting
    module tasklist.exe, version 5.1.2600.5512, fault address 0x0000d979.

    [ System Events ]
    Error - 8/30/2013 10:37:14 AM | Computer Name = KWPC | Source = Service Control Manager | ID = 7000
    Description = The vToolbarUpdater15.3.0 service failed to start due to the following
    error: %%2

    Error - 8/30/2013 10:37:52 AM | Computer Name = KWPC | Source = System Error | ID = 1003
    Description = Error code 0000007a, parameter1 e20d1640, parameter2 c000009a, parameter3
    bf8bf293, parameter4 26834860.

    Error - 8/30/2013 3:30:14 PM | Computer Name = KWPC | Source = Service Control Manager | ID = 7000
    Description = The vToolbarUpdater15.3.0 service failed to start due to the following
    error: %%2

    Error - 8/30/2013 3:44:24 PM | Computer Name = KWPC | Source = Service Control Manager | ID = 7000
    Description = The vToolbarUpdater15.3.0 service failed to start due to the following
    error: %%2

    Error - 9/2/2013 3:25:50 PM | Computer Name = KWPC | Source = Service Control Manager | ID = 7000
    Description = The vToolbarUpdater15.3.0 service failed to start due to the following
    error: %%2

    Error - 9/3/2013 10:10:43 PM | Computer Name = KWPC | Source = Service Control Manager | ID = 7000
    Description = The vToolbarUpdater15.3.0 service failed to start due to the following
    error: %%2

    Error - 9/4/2013 2:19:30 PM | Computer Name = KWPC | Source = Service Control Manager | ID = 7000
    Description = The vToolbarUpdater15.3.0 service failed to start due to the following
    error: %%2

    Error - 9/5/2013 10:39:34 AM | Computer Name = KWPC | Source = Service Control Manager | ID = 7000
    Description = The vToolbarUpdater15.3.0 service failed to start due to the following
    error: %%2

    Error - 9/6/2013 8:34:56 AM | Computer Name = KWPC | Source = Service Control Manager | ID = 7000
    Description = The vToolbarUpdater15.3.0 service failed to start due to the following
    error: %%2

    Error - 9/6/2013 2:24:40 PM | Computer Name = KWPC | Source = Service Control Manager | ID = 7000
    Description = The vToolbarUpdater15.3.0 service failed to start due to the following
    error: %%2


    < End of report >
     
    rwirsig,
    #19
  21. 2013/09/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    [​IMG] Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
    Code:
    :OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ivusb.sys -- (ivusb)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Ralph\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Ralph\LOCALS~1\Temp\catchme.sys -- (catchme)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
FF - user.js - File not found
FF - FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
O3 - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003..\Run: [AVUS] C:\Program Files\AVUS\AVUS.exe File not found
O15 - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-1454471165-1417001333-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/sh...0/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} ftp://ftp.autodesk.com/pub/whip/english/whip.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18 - Protocol\Handler\intu-qt2007 - No CLSID value found
O18 - Protocol\Handler\intu-qt2008 - No CLSID value found
O18 - Protocol\Handler\intu-qt2009 - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans....

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...